adding linux-auditd support and alignment

2022-04-20 14:31:32 +00:00
parent 130ce58ff6
commit 3f08d37a0e
1 changed files with 8 additions and 4 deletions
@@ -67,10 +67,6 @@ logsources:
   conditions:
    vendor_name: "Google"
    product_name: "Cloud"
- auditd:
-   service: auditd
-   conditions:
-    process_name: "auditd"
 sshd:
   service: sshd
   conditions:
@@ -84,6 +80,12 @@ logsources:
   product: spring
   conditions:
    vendor_name: "Spring"
+ linux-audit:
+   product: linux
+   service: auditd
+   conditions:
+    vendor_name: "Linux"
+    product_name: "Audit"
 modsecurity:
   service: modsecurity
   conditions:
@@ -540,7 +542,9 @@ fieldmappings:
  cs-host: http_host
  cs-method: http_method
  c-uri: http_uri
+  c-uri-stem: http_uri
  cs-uri: http_uri
+  cs-uri-stem: http_uri
  c-agent: http_user_agent
  cs-agent: http_user_agent
  c-useragent: http_user_agent