mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-10-13 11:59:14 +00:00
Merge branch 'telekom-security:master' into master
This commit is contained in:
commit
20b0a7ad63
5 changed files with 26 additions and 16 deletions
|
@ -10,10 +10,10 @@ assignees: ''
|
||||||
# Successfully raise an issue
|
# Successfully raise an issue
|
||||||
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
|
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
|
||||||
|
|
||||||
- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
|
- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
|
||||||
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
|
- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
|
||||||
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
|
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
|
||||||
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
|
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
|
||||||
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
|
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
|
||||||
|
|
||||||
# ⚠️ Basic support information (commands are expected to run as `root`)
|
# ⚠️ Basic support information (commands are expected to run as `root`)
|
||||||
|
|
|
@ -10,10 +10,10 @@ assignees: ''
|
||||||
# Successfully raise an issue
|
# Successfully raise an issue
|
||||||
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
|
Before you post your issue make sure it has not been answered yet and provide **⚠️ BASIC SUPPORT INFORMATION** (as requested below) if you come to the conclusion it is a new issue.
|
||||||
|
|
||||||
- 🔍 Use the [search function](https://github.com/dtag-dev-sec/tpotce/issues?utf8=%E2%9C%93&q=) first
|
- 🔍 Use the [search function](https://github.com/telekom-security/tpotce/issues?utf8=%E2%9C%93&q=) first
|
||||||
- 🧐 Check our [Wiki](https://github.com/dtag-dev-sec/tpotce/wiki) and the [discussions](https://github.com/telekom-security/tpotce/discussions)
|
- 🧐 Check our [Config Examples & Tutorials](https://github.com/telekom-security/tpotce/discussions/categories/config-examples-tutorials) and the [discussions](https://github.com/telekom-security/tpotce/discussions) in general.
|
||||||
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md).
|
- 📚 Consult the documentation of 💻 your Linux OS, 🐳 [Docker](https://docs.docker.com/), the 🦌 [Elastic stack](https://www.elastic.co/guide/index.html) and the 🍯 [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md).
|
||||||
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/dtag-dev-sec/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
|
- ⚙️ The [Troubleshoot Section](https://github.com/telekom-security/tpotce?tab=readme-ov-file#troubleshooting) of the [T-Pot Readme](https://github.com/telekom-security/tpotce/blob/master/README.md) is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
|
||||||
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
|
- **⚠️ Provide [BASIC SUPPORT INFORMATION](#-basic-support-information-commands-are-expected-to-run-as-root) or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers**.<br>
|
||||||
|
|
||||||
# ⚠️ Basic support information (commands are expected to run as `root`)
|
# ⚠️ Basic support information (commands are expected to run as `root`)
|
||||||
|
|
11
docker/elk/logstash/dist/http_output.conf
vendored
11
docker/elk/logstash/dist/http_output.conf
vendored
|
@ -698,12 +698,15 @@ filter {
|
||||||
remove_field => ["event_timestamp"]
|
remove_field => ["event_timestamp"]
|
||||||
}
|
}
|
||||||
mutate {
|
mutate {
|
||||||
rename => {
|
split => ["source_ip", ":"]
|
||||||
"source_ip" => "src_ip"
|
rename => { "destination_ip" => "dest_ip" }
|
||||||
"destination_ip" => "dest_ip"
|
|
||||||
}
|
|
||||||
add_field => { "dest_port" => "5060" }
|
add_field => { "dest_port" => "5060" }
|
||||||
}
|
}
|
||||||
|
mutate {
|
||||||
|
add_field => { "src_ip" => "%{[source_ip][0]}" }
|
||||||
|
add_field => { "src_port" => "%{[source_ip][1]}" }
|
||||||
|
remove_field => ["source_ip"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Tanner
|
# Tanner
|
||||||
|
|
11
docker/elk/logstash/dist/logstash.conf
vendored
11
docker/elk/logstash/dist/logstash.conf
vendored
|
@ -698,12 +698,15 @@ filter {
|
||||||
remove_field => ["event_timestamp"]
|
remove_field => ["event_timestamp"]
|
||||||
}
|
}
|
||||||
mutate {
|
mutate {
|
||||||
rename => {
|
split => ["source_ip", ":"]
|
||||||
"source_ip" => "src_ip"
|
rename => { "destination_ip" => "dest_ip" }
|
||||||
"destination_ip" => "dest_ip"
|
|
||||||
}
|
|
||||||
add_field => { "dest_port" => "5060" }
|
add_field => { "dest_port" => "5060" }
|
||||||
}
|
}
|
||||||
|
mutate {
|
||||||
|
add_field => { "src_ip" => "%{[source_ip][0]}" }
|
||||||
|
add_field => { "src_port" => "%{[source_ip][1]}" }
|
||||||
|
remove_field => ["source_ip"]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Tanner
|
# Tanner
|
||||||
|
|
|
@ -188,6 +188,10 @@ function fuRESTORE () {
|
||||||
fi
|
fi
|
||||||
echo "### Restoring T-Pot config file .env"
|
echo "### Restoring T-Pot config file .env"
|
||||||
tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1
|
tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1
|
||||||
|
# Backup file (.env) contains a record of the TPOT_VERSION that is used in docker-compose commmands.
|
||||||
|
# We should upgrade the version in this file after restoring the backup.
|
||||||
|
newVERSION=$(cat version)
|
||||||
|
sed -i "s/^TPOT_VERSION=.*/TPOT_VERSION=${newVERSION}/" $HOME/tpotce/.env
|
||||||
}
|
}
|
||||||
|
|
||||||
################
|
################
|
||||||
|
|
Loading…
Reference in a new issue