mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-22 06:55:27 +01:00
90 lines
2.4 KiB
Plaintext
90 lines
2.4 KiB
Plaintext
{
|
|
"description": "kratos",
|
|
"processors": [
|
|
{
|
|
"set": {
|
|
"field": "audience",
|
|
"value": "access",
|
|
"override": false,
|
|
"ignore_failure": true
|
|
}
|
|
},
|
|
{
|
|
"set": {
|
|
"field": "event.dataset",
|
|
"ignore_empty_value": true,
|
|
"ignore_failure": true,
|
|
"value": "kratos.{{{audience}}}",
|
|
"media_type": "text/plain"
|
|
}
|
|
},
|
|
{
|
|
"set": {
|
|
"field": "event.action",
|
|
"ignore_failure": true,
|
|
"copy_from": "msg"
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http_request",
|
|
"target_field": "http.request",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http_response",
|
|
"target_field": "http.response",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http.request.path",
|
|
"target_field": "http.uri",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http.request.method",
|
|
"target_field": "http.method",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http.request.method",
|
|
"target_field": "http.method",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http.request.query",
|
|
"target_field": "http.query",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"rename": {
|
|
"field": "http.request.headers.user-agent",
|
|
"target_field": "http.useragent",
|
|
"ignore_failure": true,
|
|
"ignore_missing": true
|
|
}
|
|
},
|
|
{
|
|
"pipeline": {
|
|
"name": "common"
|
|
}
|
|
}
|
|
]
|
|
} |