Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cherry pick #0227636

Browse Source
This commit is contained in:
pemontto
2019-04-12 17:54:17 +10:00
parent 71c090d0f3
commit 603050e7b3
10 changed files with 133 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
resources/elk6/pipeline/1000_nessus_process_file.conf
View File

@ -26,11 +26,13 @@ filter {
if "nessus" in [tags] or "tenable" in [tags] {
#If using filebeats as your source, you will need to replace the "path" field to "source"
# Remove when scan name is included in event (current method is error prone)
grok {
match => { "path" => "(?<scan_name>[a-zA-Z0-9_.\-]+)_%{INT:scan_id}_%{INT:history_id}_%{INT:last_updated}.(csv|json)$" }
tag_on_failure => []
}
# TODO remove when @timestamp is included in event
date {
match => [ "last_updated", "UNIX" ]
target => "@timestamp"
@ -142,6 +144,9 @@ filter {
output {
if "nessus" in [tags] or "tenable" in [tags]{
stdout {
codec => dots
}
elasticsearch {
hosts => [ "elasticsearch:9200" ]
index => "logstash-vulnwhisperer-%{+YYYY.MM}"