Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-01 20:42:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tweaking

Browse source 
cleanup index-pattern
add dicompot log to logstash
This commit is contained in:
t3chn0m4g3 2020-06-24 13:21:29 +00:00
parent 99d8cf9b32
commit 238a08b055
3 changed files with 35 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
docker/elk/logstash/dist/logstash.conf vendored
View file

@ -64,6 +64,13 @@ input {
type => "Dionaea" type => "Dionaea"
} }
# Dicompot
file {
path => ["/data/dicompot/log/dicompot.log"]
codec => json
type => "Dicompot"
}
# ElasticPot # ElasticPot
file { file {
path => ["/data/elasticpot/log/elasticpot.json"] path => ["/data/elasticpot/log/elasticpot.json"]
@ -298,6 +305,34 @@ filter {
} }
} }
# Dicompot
if [type] == "Dicompot" {
date {
match => [ "time", "yyyy-MM-dd HH:mm:ss" ]
remove_field => ["time"]
remove_field => ["timestamp"]
}
mutate {
rename => {
"[Address][IP]" => "src_ip"
"[Address][Port]" => "src_port"
"[Address][Zone]" => "zone"
"AETitle" => "aetitle"
"Command" => "input"
"Files" => "files"
"Identifier" => "identifier"
"Matches" => "matches"
"Status" => "session"
"Version" => "version"
}
}
if [Address] {
mutate {
remove_field => "[Address]"
}
}
}
# ElasticPot # ElasticPot
if [type] == "ElasticPot" { if [type] == "ElasticPot" {
date { date {

BIN
etc/objects/elkbase.tgz
View file

Binary file not shown.

BIN
etc/objects/kibana-objects.tgz
View file

Binary file not shown.