add workaround for vulnerability detector data published field (#282)

Former-commit-id: e3883725b9
2025-10-23 04:51:57 +00:00 · 2019-12-12 11:52:53 +01:00
parent 503200ea70
commit 3431411eaf
1 changed files with 16 additions and 0 deletions
--- a/logstash/config/01-wazuh.conf
+++ b/logstash/config/01-wazuh.conf
@@ -40,6 +40,22 @@ filter {
        remove_field => [ "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"]
    }
 }
+filter {
+    # Workarounds for vulnerability-detector
+    if "vulnerability-detector" in [rule][groups] {
+        # Drop vulnerability-detector events from Manager
+        if [agent][id] == "000"{
+            drop { }
+        }
+
+        # if exists, remove data.vulnerability.published field due to conflicts
+        if [data][vulnerability][published] {
+            mutate {
+                remove_field => [ "[data][vulnerability][published]" ]
+            }
+        }
+    }
+}
 output {
    elasticsearch {
        hosts => ["elasticsearch:9200"]