telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

include tanner patterns, tweaking

Browse Source
This commit is contained in:
Marco Ochse
2018-05-29 12:05:07 +00:00
parent 428ee43c18
commit 72313a600d
5 changed files with 243 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
docker/elk/logstash/dist/logstash.conf vendored
View File

@ -395,6 +395,15 @@ filter {
date {
match => [ "timestamp", "ISO8601" ]
}
mutate {
rename => {
"[peer][ip]" => "src_ip"
"[peer][port]" => "src_port"
}
add_field => {
"dest_port" => "80"
}
}
}
# Vnclowpot
@ -449,7 +458,7 @@ if "_grokparsefailure" in [tags] { drop {} }
}
# Add T-Pot hostname and external IP
if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Vnclowpot" {
if [type] == "Ciscoasa" or [type] == "ConPot" or [type] == "Cowrie" or [type] == "Dionaea" or [type] == "ElasticPot" or [type] == "eMobility" or [type] == "Glastopf" or [type] == "Honeytrap" or [type] == "Heralding" or [type] == "Mailoney" or [type] == "Rdpy" or [type] == "Suricata" or [type] == "Tanner" or [type] == "Vnclowpot" {
mutate {
add_field => {
"t-pot_ip_ext" => "${MY_EXTIP}"
@ -475,11 +484,11 @@ output {
}
}
# Debug output
#if [type] == "XYZ" {
# stdout {
# codec => rubydebug
# }
#}
if [type] == "Tanner" {
stdout {
codec => rubydebug
}
}
# Debug output
#stdout {
# codec => rubydebug