Mo Amiri
40 lines
659 B
YAML
40 lines
659 B
YAML
logsources:
|
|
apache:
|
|
product: apache
|
|
conditions:
|
|
deviceProduct: LOGSOURCETYPENAME(devicetype) ilike Apache
|
|
|
|
windows:
|
|
product: windows
|
|
conditions:
|
|
deviceProduct: LOGSOURCETYPENAME(devicetype)=Microsoft Windows Security Event Log
|
|
|
|
qflow:
|
|
product: qflow
|
|
index: flows
|
|
|
|
netflow:
|
|
product: netflow
|
|
index: flows
|
|
|
|
ipfix:
|
|
product: ipfix
|
|
index: flows
|
|
|
|
flow:
|
|
category: flow
|
|
index: flows
|
|
|
|
fieldmappings:
|
|
EventID:
|
|
- Event ID Code
|
|
dst:
|
|
- destinationIP
|
|
dst_ip:
|
|
- destinationIP
|
|
src:
|
|
- sourceIP
|
|
src_ip:
|
|
- sourceIP
|
|
ServiceFileName: Service Name
|