CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ab2cdd18ed67decdf5150bcacb64a1f9eaf3fed9
securityonion/salt/elasticsearch/files/ingest/zeek.ssh

34 lines
3.4 KiB
Plaintext
Raw Blame History

{
"description" : "zeek.ssh",
"processors" : [
{ "set": { "field": "event.dataset", "value": "ssh" } },
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.version", "target_field": "ssh.version", "ignore_missing": true } },
{ "rename": { "field": "message2.hassh", "target_field": "hash.hassh", "ignore_missing": true } },
{ "rename": { "field": "message2.auth_success", "target_field": "ssh.authentication.success", "ignore_missing": true } },
{ "rename": { "field": "message2.auth_attempts", "target_field": "ssh.authentication.attempts", "ignore_missing": true } },
{ "rename": { "field": "message2.direction", "target_field": "ssh.direction", "ignore_missing": true } },
{ "rename": { "field": "message2.client", "target_field": "ssh.client", "ignore_missing": true } },
{ "rename": { "field": "message2.server", "target_field": "ssh.server", "ignore_missing": true } },
{ "rename": { "field": "message2.cipher_alg", "target_field": "ssh.cipher_algorithm", "ignore_missing": true } },
{ "rename": { "field": "message2.compression_alg", "target_field": "ssh.compression_algorithm", "ignore_missing": true } },
{ "rename": { "field": "message2.cshka", "target_field": "ssh.client_host_key_algorithms", "ignore_missing": true } },
{ "rename": { "field": "message2.host_key_alg", "target_field": "ssh.host_key_algorithm", "ignore_missing": true } },
{ "rename": { "field": "message2.hasshAlgorithms", "target_field": "ssh.hassh_algorithms", "ignore_missing": true } },
{ "rename": { "field": "message2.hasshServer", "target_field": "ssh.hassh_server", "ignore_missing": true } },
{ "rename": { "field": "message2.hasshVersion", "target_field": "ssh.hassh_version", "ignore_missing": true } },
{ "rename": { "field": "message2.kex_alg", "target_field": "ssh.kex_algorithm", "ignore_missing": true } },
{ "rename": { "field": "message2.mac_alg", "target_field": "ssh.mac_algorithm", "ignore_missing": true } },
{ "rename": { "field": "message2.sshka", "target_field": "ssh.server_host_key_algorithms", "ignore_missing": true } },
{ "rename": { "field": "message2.host_key", "target_field": "ssh.host_key", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_region", "target_field": "destination.region", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_city", "target_field": "destination.city", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_latitude", "target_field": "destination.latitude", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_longitude", "target_field": "destination.longitude", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_country_code", "target_field": "destination.country_code", "ignore_missing": true } },
{ "rename": { "field": "message2.hasshServerAlgorithms", "target_field": "ssh.hassh_server_algorithms", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}
Reference in New Issue View Git Blame Copy Permalink