HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /usr/share/filebeat/module/zeek/intel/config/
Upload Files
File: //usr/share/filebeat/module/zeek/intel/config/intel.yml
type: log
paths:
{{ range $i, $path := .paths }}
 - {{$path}}
{{ end }}
exclude_files: [".gz$"]
tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

processors:
  - rename:
      fields:
        - {from: message, to: event.original}
  - decode_json_fields:
      fields: [event.original]
      target: zeek.intel
  - convert:
      ignore_missing: true
      fields:
        - {from: zeek.intel.id.orig_h, to: source.address}
        - {from: zeek.intel.id.orig_h, to: source.ip, type: ip}
        - {from: zeek.intel.id.orig_p, to: source.port, type: long}
        - {from: zeek.intel.id.resp_h, to: destination.address}
        - {from: zeek.intel.id.resp_h, to: destination.ip, type: ip}
        - {from: zeek.intel.id.resp_p, to: destination.port, type: long}
  - rename:
      ignore_missing: true
      fields:
        - from: zeek.intel.uid
          to: zeek.session_id

        # Expand field names containing dots.
        - from: zeek.intel.seen.indicator
          to: seen.indicator
        - from: zeek.intel.seen.indicator_type
          to: seen.indicator_type
        - from: zeek.intel.seen.host
          to: seen.host
        - from: zeek.intel.seen.where
          to: seen.where
        - from: zeek.intel.seen.node
          to: seen.node
        - from: zeek.intel.seen.conn
          to: seen.conn
        - from: zeek.intel.seen.uid
          to: seen.uid
        - from: zeek.intel.seen.f
          to: seen.f
        - from: zeek.intel.seen.fuid
          to: seen.fuid
        - from: seen
          to: zeek.intel.seen
  - drop_fields:
      ignore_missing: true
      fields:
        - zeek.intel.id.orig_h
        - zeek.intel.id.orig_p
        - zeek.intel.id.resp_h
        - zeek.intel.id.resp_p
  - add_fields:
      target: event
      fields:
        kind: alert
        type:
          - info
  - community_id:
{{ if .internal_networks }}
  - add_network_direction:
      source: source.ip
      destination: destination.ip
      target: network.direction
      internal_networks: {{ .internal_networks | tojson }}
{{ end }}
  - add_fields:
      target: ''
      fields:
        ecs.version: 1.12.0
@ Telegram