CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a2fbdf644cac3e5954ce5a7a5b09072f6540b2e5
securityonion/salt/elasticsearch/files/ingest/bro_rdp
William Wernert 3bfaa6f8de [merge] Merge master into feature/setup-refactor
2020-04-28 01:35:09 -04:00

32 lines
3.0 KiB
Plaintext
Raw Blame History

{
"description" : "bro_rdp",
"processors" : [
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.uid", "target_field": "uid", "ignore_missing": true } },
{ "dot_expander": { "field": "id.orig_h", "path": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id.orig_h", "target_field": "source_ip", "ignore_missing": true } },
{ "dot_expander": { "field": "id.orig_p", "path": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id.orig_p", "target_field": "source_port", "ignore_missing": true } },
{ "dot_expander": { "field": "id.resp_h", "path": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id.resp_h", "target_field": "destination_ip", "ignore_missing": true } },
{ "dot_expander": { "field": "id.resp_p", "path": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.id.resp_p", "target_field": "destination_port", "ignore_missing": true } },
{ "rename": { "field": "message2.cookie", "target_field": "cookie", "ignore_missing": true } },
{ "rename": { "field": "message2.result", "target_field": "result", "ignore_missing": true } },
{ "rename": { "field": "message2.security_protocol","target_field": "security_protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.keyboard_layout", "target_field": "keyboard_layout", "ignore_missing": true } },
{ "rename": { "field": "message2.client_build", "target_field": "client_build", "ignore_missing": true } },
{ "rename": { "field": "message2.client_name", "target_field": "client_name", "ignore_missing": true } },
{ "rename": { "field": "message2.client_dig_product_id", "target_field": "client_digital_product_id", "ignore_missing": true } },
{ "rename": { "field": "message2.desktop_width", "target_field": "desktop_width", "ignore_missing": true } },
{ "rename": { "field": "message2.desktop_height", "target_field": "desktop_height", "ignore_missing": true } },
{ "rename": { "field": "message2.requested_color_depth", "target_field": "requested_color_depth", "ignore_missing": true } },
{ "rename": { "field": "message2.cert_type", "target_field": "certificate_type", "ignore_missing": true } },
{ "rename": { "field": "message2.cert_count", "target_field": "certificate_count", "ignore_missing": true } },
{ "rename": { "field": "message2.cert_permanent", "target_field": "certificate_permanent","ignore_missing": true } },
{ "rename": { "field": "message2.encryption_level", "target_field": "encryption_level", "ignore_missing": true } },
{ "rename": { "field": "message2.encryption_method","target_field": "encryption_method", "ignore_missing": true } },
{ "pipeline": { "name": "bro_common" } }
]
}
Reference in New Issue View Git Blame Copy Permalink