sof-elk icon indicating copy to clipboard operation
sof-elk copied to clipboard

Published 20 hours ago verified publisher icon philhagen

Create Community ID field for NetFlow

Open philhagen opened this issue 5 years ago • 4 comments

See https://github.com/corelight/community-id-spec

philhagen avatar Nov 01 '19 13:11 philhagen

https://github.com/Cyb3rWard0g/HELK/commit/e81a98a745a4d02acc9d346865aeb312b3ee599d#diff-81497c6343ac648c68637062cf1ba082

philhagen avatar Nov 22 '19 06:11 philhagen

also add for any entry with all necessary component fields

philhagen avatar May 23 '23 19:05 philhagen

create ElasticSearch pipeline and apply via the logstash elasticsearch output

https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html#add-pipeline-to-indexing-request

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html

philhagen avatar Jun 07 '23 01:06 philhagen

may be easier to just use a ruby implementation: https://github.com/rocknsm/rock-dashboards/blob/master/ecs-configuration/logstash/conf.d/logstash-900-filter-community_Id_hash-enrich.conf

philhagen avatar Jun 07 '23 01:06 philhagen