telekom-security/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 01:27:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

prepare for new attack map feature

Browse Source 
tweaking, cleanup
This commit is contained in:
t3chn0m4g3
2022-01-04 16:16:27 +00:00
parent 0178b4c4d3
commit 788a4c4f98
7 changed files with 74 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docker/elk/logstash/dist/update.sh vendored
View File

@ -47,7 +47,7 @@ if [ "$MY_TPOT_TYPE" == "POT" ];
echo "Hive IP: $MY_HIVE_IP"
echo
cp /usr/share/logstash/config/pipelines_pot.yml /usr/share/logstash/config/pipelines.yml
autossh -f -M 0 -v -4 -l $MY_HIVE_USERNAME -i $MY_POT_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_POT_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null"
exit 0
fi
@ -60,7 +60,7 @@ echo "Checking if empty."
curl -s -XGET http://elasticsearch:9200/_template/logstash
echo
echo "Putting default template."
curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d'
curl -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: application/json' -d'
{
"index_patterns" : "logstash-*",
"version" : 60001,
@ -106,6 +106,15 @@ curl -s -XPUT "http://elasticsearch:9200/_template/logstash" -H 'Content-Type: a
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
},
"geoip_ext" : {
"dynamic": true,
"properties" : {
"ip": { "type": "ip" },
"location" : { "type" : "geo_point" },
"latitude" : { "type" : "half_float" },
"longitude" : { "type" : "half_float" }
}
}
}
}