HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /usr/share/filebeat/module/crowdstrike/falcon/ingest/
Upload Files
File: //usr/share/filebeat/module/crowdstrike/falcon/ingest/firewall_match.yml
processors:
  - set:
      field: event.kind
      value: event
  - append:
      field: event.category
      value: [network]
  - append:
      field: event.action
      value: [firewall_match_event]
  - append:
      field: event.type
      value: [start, connection]
  - set:
      field: event.dataset
      value: crowdstrike.falcon_endpoint
  - set:
      field: message
      value: "Firewall Rule '{{crowdstrike.event.RuleName}}' triggered"
      if: ctx?.crowdstrike?.event?.RuleName != null
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.Ipv"
      target_field: "network.type"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.PID"
      target_field: "process.pid"
      ignore_failure: true
      ignore_missing: true
      type: "long"
  - convert:
      field: "crowdstrike.event.RuleId"
      target_field: "rule.id"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.RuleName"
      target_field: "rule.name"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.RuleGroupName"
      target_field: "rule.ruleset"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.RuleDescription"
      target_field: "rule.description"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.RuleFamilyID"
      target_field: "rule.category"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.HostName"
      target_field: "host.name"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.Ipv"
      target_field: "network.type"
      type: string
      ignore_missing: true
      ignore_failure: true
  - convert:
      field: "crowdstrike.event.EventType"
      target_field: "event.code"
      type: string
      ignore_missing: true
      ignore_failure: true
  - set:
      field: network.direction
      value: ingress
      if: ctx?.crowdstrike?.event?.ConnectionDirection == "1"
  - set:
      field: source.ip
      value: "{{crowdstrike.event.RemoteAddress}}"
      ignore_empty_value: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection == "1"
  - convert:
      field: crowdstrike.event.RemotePort
      target_field: source.port
      type: long
      ignore_missing: true
      ignore_failure: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection == "1"
  - set:
      field: destination.ip
      value: "{{crowdstrike.event.LocalAddress}}"
      ignore_empty_value: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection == "1"
  - convert:
      field: crowdstrike.event.LocalPort
      target_field: destination.port
      type: long
      ignore_missing: true
      ignore_failure: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection == "1"
  - set:
      field: network.direction
      value: ingress
      if: ctx?.crowdstrike?.event?.ConnectionDirection != "1"
  - set:
      field: destination.ip
      value: "{{crowdstrike.event.RemoteAddress}}"
      ignore_empty_value: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection != "1"
  - convert:
      field: crowdstrike.event.RemotePort
      target_field: destination.port
      type: long
      ignore_missing: true
      ignore_failure: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection != "1"
  - set:
      field: source.ip
      value: "{{crowdstrike.event.LocalAddress}}"
      ignore_empty_value: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection != "1"
  - convert:
      field: crowdstrike.event.LocalPort
      target_field: source.port
      type: long
      ignore_missing: true
      ignore_failure: true
      if: ctx?.crowdstrike?.event?.ConnectionDirection != "1"
@ Telegram