CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fdffac83e145b968f55e6592419c6fa72fc265f1
securityonion/salt/elasticsearch/files/ingest/rita.connection
Wes Lambert 2487d468ab Add RITA Elasticsearch ingest pipeline config
2022-03-22 17:38:22 +00:00

37 lines
708 B
Plaintext
Raw Blame History

{
"description": "RITA Connections",
"processors": [
{
"set": {
"field": "_index",
"value": "so-rita",
"override": true
}
},
{
"dissect": {
"field": "message",
"pattern": "%{source.ip},%{destination.ip},%{network.port}:%{network.protocol}:%{network.service},%{connection.duration},%{connection.state}"
}
},
{
"convert": {
"field": "connection.duration",
"type": "float"
}
},
{
"set": {
"field": "event.duration",
"value": "{{ connection.duration }}",
"override": true
}
},
{
"pipeline": {
"name": "common"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink