mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-07 17:52:46 +01:00
45 lines
4.7 KiB
Plaintext
45 lines
4.7 KiB
Plaintext
{
|
|
"description" : "bro_x509",
|
|
"processors" : [
|
|
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.id", "target_field": "id", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.version", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.version", "target_field": "certificate_version", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.serial", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.serial", "target_field": "certificate_serial", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.subject", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.subject", "target_field": "certificate_subject", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.issuer", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.issuer", "target_field": "certificate_issuer", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.not_valid_before", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.not_valid_before", "target_field": "certificate_not_valid_before", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.not_valid_after", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.not_valid_after", "target_field": "certificate_not_valid_after", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.key_alg", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.key_alg", "target_field": "certificate_key_algorithm", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.sig_alg", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.sig_alg", "target_field": "certificate_signing_algorithm", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.key_type", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.key_type", "target_field": "certificate_key_type", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.key_length", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.key_length", "target_field": "certificate_key_length", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.exponent", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.exponent", "target_field": "certificate_exponent", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "certificate.curve", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.certificate.curve", "target_field": "certificate_curve", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "san.dns", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.san.dns", "target_field": "san_dns", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "san.uri", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.san.uri", "target_field": "san_uri", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "san.email", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.san.email", "target_field": "san_email", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "san.ip", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.san.ip", "target_field": "san_ip", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "basic_constraints.ca", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.basic_constraints.ca", "target_field": "basic_constraints_ca", "ignore_missing": true } },
|
|
{ "dot_expander": { "field": "basic_constraints.path_length", "path": "message2", "ignore_failure": true } },
|
|
{ "rename": { "field": "message2.basic_constraints.path_length", "target_field": "basic_constraints_path_length", "ignore_missing": true } },
|
|
{ "pipeline": { "name": "bro_common_ssl" } }
|
|
]
|
|
}
|