CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8cbafb52d88eb01c09bb7ec63aaaca7fa192041a
securityonion/salt/elasticsearch/files/ingest/rita.connection
Wes 4b9c92c53d Set RITA event.dataset value explicitly
2023-01-24 18:00:34 +00:00

37 lines
718 B
Plaintext
Raw Blame History

{
"description": "RITA Connections",
"processors": [
{
"set": {
"field": "event.dataset",
"value": "connection",
"override": true
}
},
{
"dissect": {
"field": "message",
"pattern": "%{source.ip},%{destination.ip},%{network.port}:%{network.protocol}:%{network.service},%{connection.duration},%{connection.state}"
}
},
{
"convert": {
"field": "connection.duration",
"type": "float"
}
},
{
"set": {
"field": "event.duration",
"value": "{{ connection.duration }}",
"override": true
}
},
{
"pipeline": {
"name": "common"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink