CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d2701e1436fa7da0f54223f5a3da753dbbe49ab
securityonion/salt/elasticsearch/files/ingest/suricata.rdp
Mike Reeves b4b449aa14 Pull in Suricata changes
2021-02-19 11:01:15 -05:00

28 lines
2.6 KiB
Plaintext
Raw Blame History

{
"description" : "suricata.rdp",
"processors" : [
{ "rename": { "field": "message2.proto", "target_field": "network.transport", "ignore_missing": true } },
{ "rename": { "field": "message2.app_proto", "target_field": "network.protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.tx_id", "target_field": "rdp.tx_id", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.event_type", "target_field": "rdp.event_type", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.cookie", "target_field": "rdp.cookie", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.version", "target_field": "rdp.client_version", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.desktop_width", "target_field": "rdp.desktop__width", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.desktop__height", "target_field": "rdp.desktop__height", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.color_depth", "target_field": "rdp.requested_color_depth", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.keyboard_layout", "target_field": "rdp.keyboard_layout", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.build", "target_field": "rdp.client_build", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.client_name", "target_field": "client.name", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.keyboard_type", "target_field": "rdp.keyboard_type", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.function_keys", "target_field": "rdp.function_keys", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.product_id", "target_field": "rdp.product_id", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.capabilities", "target_field": "rdp.client_capabilities", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.client.id", "target_field": "rdp.client_id", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.channels", "target_field": "rdp.channels", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.server_supports", "target_field": "rdp.server_supports", "ignore_missing": true } },
{ "rename": { "field": "message2.rdp.x509_serials", "target_field": "rdp.x509_serials", "ignore_missing": true } },
{ "pipeline": { "name": "common" } }
]
}
Reference in New Issue View Git Blame Copy Permalink