security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcce3a85aa43a936412fd32ffdfd41ea71ce1e02
blue-team-tools/tools/config/devo-web.yml
T
frack113 a1a94a0b66 Update W3C field name
2023-01-02 16:39:55 +01:00

31 lines
699 B
YAML
Raw Blame History

title: Devo sourcetype mappings for web sources
order: 20
backends:
- devo
logsources:
web:
category: webserver
index: web.all.access
proxy:
category: proxy
index: proxy.all.access
apache:
service: apache
index: web.all.access
fieldmappings:
c-uri: url
c-useragent: userAgent
cs-user-agent: userAgent
sc-status: statusCode
useragent: userAgent
cs-method: method
clientip: srcIp
uri_query: select uriquery(url) as url_query
r-dns: select urihost(url) as url_dns
cs-host: srcHost
c-uri-query: select uriquery(url) as url_query
c-uri-stem: url
c-uri-extension: select uripath(url) as uri_path
cs-uri-query: select uriquery(url) as url_query
Reference in New Issue View Git Blame Copy Permalink