From a7e553efe931b1560a1e819ad35dc18a6abb894f Mon Sep 17 00:00:00 2001 From: t3chn0m4g3 Date: Mon, 3 Jun 2019 16:13:58 +0000 Subject: [PATCH] still working on fatt --- docker/elk/logstash/dist/logstash.conf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker/elk/logstash/dist/logstash.conf b/docker/elk/logstash/dist/logstash.conf index b0cf4003..280540e5 100644 --- a/docker/elk/logstash/dist/logstash.conf +++ b/docker/elk/logstash/dist/logstash.conf @@ -147,6 +147,11 @@ filter { "destinationIp" => "dest_ip" "sourcePort" => "src_port" "destinationPort" => "dest_port" + "gquic" => "fatt_gquic" + "http" => "fatt_http" + "rdp" => "fatt_rdp" + "ssh" => "fatt_ssh" + "tls" => "fatt_tls" } } } @@ -429,7 +434,7 @@ if "_grokparsefailure" in [tags] { drop {} } } # Add T-Pot hostname and external IP - if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Glastopf" or [type] == "Glutton" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" { + if [type] == "Adbhoney" or [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "Fatt" or [type] == "Glastopf" or [type] == "Glutton" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Honeypy" or [type] == "Mailoney" or [type] == "Medpot" or [type] == "P0f" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" { mutate { add_field => { "t-pot_ip_ext" => "${MY_EXTIP}"