Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Addition of logstash configs

Browse Source
This commit is contained in:
Austin Taylor
2017-07-25 12:23:47 -04:00
parent dab91faff8
commit 6a29cb7b84
7 changed files with 864 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
logstash/1000_nessus_preprocess_nessus.conf
View File

@ -4,6 +4,22 @@
# Version 0.2
# Description: Take in nessus reports from vulnWhisperer and pumps into logstash
input {
beats {
port => 5044
tags => "beats"
}
}
filter {
if [beat][hostname] == "filebeathost" {
mutate {
add_tag => ["nessus"]
}
}
}
filter {
if "nessus" in [tags]{
mutate {
@ -85,7 +101,7 @@ filter {
}
# Add tags for reporting based on assets or criticality
if [host] == "192.168.0.1" or [host] == "192.168.0.50" or [host] =~ "^192\.168\.10\." or [host] =~ "^192\.168\.5\." {
if [host] == "192.168.0.1" or [host] == "192.168.0.50" or [host] =~ "^192\.168\.10\." or [host] =~ "^42.42.42." {
mutate {
add_tag => [ "critical_asset" ]
}
@ -111,3 +127,14 @@ filter {
}
}
}
}
output {
if "nessus" in [tags] or [type] == "nessus" {
#stdout { codec => rubydebug }
elasticsearch {
hosts => [ "localhost" ]
index => "logstash-nessus-%{+YYYY.MM}"
}
}
}