mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
52 lines
1.2 KiB
Plaintext
52 lines
1.2 KiB
Plaintext
{
|
|
"processors": [
|
|
{
|
|
"rename": {
|
|
"field": "_ingest._value.kismet_common_seenby_num_packets",
|
|
"target_field": "_ingest._value.packets_seen",
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "_ingest._value.kismet_common_seenby_uuid",
|
|
"target_field": "_ingest._value.serial_number",
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "_ingest._value.kismet_common_seenby_first_time",
|
|
"target_field": "_ingest._value.first_seen",
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "_ingest._value.kismet_common_seenby_last_time",
|
|
"target_field": "_ingest._value.last_seen",
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"date": {
|
|
"field": "_ingest._value.first_seen",
|
|
"formats": [
|
|
"epoch_second"
|
|
],
|
|
"target_field": "_ingest._value.first_seen",
|
|
"ignore_failure": true
|
|
}
|
|
},
|
|
{
|
|
"date": {
|
|
"field": "_ingest._value.last_seen",
|
|
"formats": [
|
|
"epoch_second"
|
|
],
|
|
"target_field": "_ingest._value.last_seen",
|
|
"ignore_failure": true
|
|
}
|
|
}
|
|
]
|
|
} |