mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-04 15:23:11 +01:00
22 lines
543 B
Plaintext
22 lines
543 B
Plaintext
# Author: Wes Lambert
|
|
# wlambertts@gmail.com
|
|
#
|
|
# Adapted from existing filters provided by Justin Henderson
|
|
#
|
|
# Last Update: 12/14/2017
|
|
#
|
|
# This conf file is based on accepting logs for ntlm.log from Bro systems
|
|
#
|
|
# Parse using csv filter
|
|
filter {
|
|
if [type] == "bro_ntlm" {
|
|
mutate {
|
|
gsub => [ "message", "[\"']", "" ]
|
|
}
|
|
csv {
|
|
columns => ["timestamp","uid","source_ip","source_port","destination_ip","destination_port","ntlm_username","hostname","domain_name","ntlm_success","status"]
|
|
separator => " "
|
|
}
|
|
}
|
|
}
|