72 lines
1.7 KiB
Plaintext
72 lines
1.7 KiB
Plaintext
# Author: Austin Taylor and Justin Henderson
|
|
# Email: email@austintaylor.io
|
|
# Last Update: 12/20/2017
|
|
# Version 0.3
|
|
# Description: Take in nessus reports from vulnWhisperer and pumps into logstash
|
|
|
|
|
|
input {
|
|
file {
|
|
path => "/opt/VulnWhisperer/data/nessus/**/*.json"
|
|
mode => "read"
|
|
start_position => "beginning"
|
|
file_completed_action => "delete"
|
|
tags => "nessus"
|
|
codec => json
|
|
}
|
|
file {
|
|
path => "/opt/VulnWhisperer/data/tenable/*.json"
|
|
mode => "read"
|
|
start_position => "beginning"
|
|
file_completed_action => "delete"
|
|
tags => "tenable"
|
|
codec => json
|
|
}
|
|
}
|
|
|
|
filter {
|
|
if "nessus" in [tags] or "tenable" in [tags] {
|
|
|
|
date {
|
|
match => [ "scan_time", "UNIX" ]
|
|
target => "@timestamp"
|
|
remove_field => ["scan_time"]
|
|
}
|
|
|
|
mutate {
|
|
convert => { "cvss" => "float"}
|
|
convert => { "cvss_base" => "float"}
|
|
convert => { "cvss_temporal" => "float"}
|
|
convert => { "cvss3" => "float"}
|
|
convert => { "cvss3_base" => "float"}
|
|
convert => { "cvss3_temporal" => "float"}
|
|
convert => { "risk_number" => "integer"}
|
|
convert => { "total_times_detected" => "integer"}
|
|
}
|
|
|
|
if [_unique] {
|
|
# Set document ID from _unique
|
|
mutate {
|
|
rename => { "_unique" => "[@metadata][id]" }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
output {
|
|
if "nessus" in [tags] or "tenable" in [tags]{
|
|
if [@metadata][id] {
|
|
elasticsearch {
|
|
hosts => [ "elasticsearch:9200" ]
|
|
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
|
|
document_id => "%{[@metadata][id]}"
|
|
}
|
|
} else {
|
|
elasticsearch {
|
|
hosts => [ "elasticsearch:9200" ]
|
|
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
|
|
}
|
|
}
|
|
}
|
|
}
|