CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-06 16:23:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
a9f2073d049da4e6942ad72f806c07e5610e4479
securityonion/salt/logstash/files/conf.d/1108_preprocess_bro_kerberos.conf
Mike Reeves 5a6c66bde5 Initial Commit
2018-02-05 12:36:27 -05:00

21 lines
781 B
Plaintext
Raw Blame History

# Original Author: Justin Henderson
# SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Updated by: Wes Lambert
# Last Update: 12/14/2017
#
# This conf file is based on accepting logs for kerberos.log from Bro systems
filter {
if [type] == "bro_kerberos" {
mutate {
gsub => [ "message", "[\"']", "" ]
}
csv {
columns => ["timestamp","uid","source_ip","source_port","destination_ip","destination_port","request_type","client","service","kerberos_success","error_message","valid_from","valid_till","cipher","forwardable","renewable","client_certificate_subject","client_certificate_fuid","server_certificate_subject","server_certificate_fuid"]
separator => " "
}
mutate {
#add_tag => [ "conf_file_1108"]
}
}
}
Reference in New Issue View Git Blame Copy Permalink