Commit 98982a0a authored by Deepak Nadig's avatar Deepak Nadig

Fixed feed indexer.

parent 06258767
......@@ -2,7 +2,7 @@ input {
file {
type => "json"
codec => "json"
path => "/home/ubuntu/intel/feeds/json/*"
path => "/home/ubuntu/intel/json/*"
sincedb_path => "/var/tmp/.sincedb_threats"
# sincedb_path => "/dev/null"
exclude => "*.py"
......@@ -12,14 +12,14 @@ input {
filter {
mutate {
add_field => {"intel-type-metadata" => ""}
}
split {
field => "[Event][Attribute]"
}
mutate {
add_field => {"intel-type-metadata" => ""}
}
# IP Fields
if [Event][Attribute][type] == "ip-src" {
mutate {
......@@ -42,32 +42,32 @@ filter {
if [Event][Attribute][type] == "sha256" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "sha256"}
update => {"intel-type-metadata" => "sha256"}
}
} else if [Event][Attribute][type] == "md5" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "md5"}
update => {"intel-type-metadata" => "md5"}
}
} else if [Event][Attribute][type] == "sha1" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "sha1"}
update => {"intel-type-metadata" => "sha1"}
}
} else if [Event][Attribute][type] == "sha224" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "sha224"}
update => {"intel-type-metadata" => "sha224"}
}
} else if [Event][Attribute][type] == "sha384" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "sha384"}
update => {"intel-type-metadata" => "sha384"}
}
} else if [Event][Attribute][type] == "sha512" {
mutate {
replace => [ "[Event][Attribute][type]", "FILEHASH" ]
add_field => {"intel-type-metadata" => "sha512"}
update => {"intel-type-metadata" => "sha512"}
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment