tools/config/devo-network.yml

title: Devo sourcetype mappings for network sources
order: 20
backends:
  - devo
logsources:
  firewall-product:
    product: firewall
    index: firewall.all.traffic
  firewall-category:
    category: firewall
    index: firewall.all.traffic
  dns:
    category: dns
    index: network.dns
fieldmappings:
  src_ip: srcIp
  dst_ip: dstIp
  dst_port: dstPort
  parent_domain: select rootdomain(name) as parent_domain
  record_type: type
  answer: answers
  query: name
master: Added new Devo backend for the sigmac tool. Added three new backend configurations to support the Devo backend. Added a new test suite to cover the Devo backend cases. 2021-06-21 14:06:04 +02:00			`title: Devo sourcetype mappings for network sources`
			`order: 20`
			`backends:`
			`- devo`
			`logsources:`
			`firewall-product:`
			`product: firewall`
			`index: firewall.all.traffic`
			`firewall-category:`
			`category: firewall`
			`index: firewall.all.traffic`
			`dns:`
			`category: dns`
			`index: network.dns`
			`fieldmappings:`
			`src_ip: srcIp`
			`dst_ip: dstIp`
			`dst_port: dstPort`
			`parent_domain: select rootdomain(name) as parent_domain`
			`record_type: type`
			`answer: answers`
			`query: name`