paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-02 13:03:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

add workaround for vulnerability detector data published field (#282)

Browse Source
This commit is contained in:
AlfonsoRBJ
2019-12-12 11:52:53 +01:00
committed by Jesús Linares
parent fcca484a9e
commit e3883725b9
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
logstash/config/01-wazuh.conf
View File

@@ -40,6 +40,22 @@ filter {
remove_field => [ "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"] remove_field => [ "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"]
} }
} }
filter {
# Workarounds for vulnerability-detector
if "vulnerability-detector" in [rule][groups] {
# Drop vulnerability-detector events from Manager
if [agent][id] == "000"{
drop { }
}
# if exists, remove data.vulnerability.published field due to conflicts
if [data][vulnerability][published] {
mutate {
remove_field => [ "[data][vulnerability][published]" ]
}
}
}
}
output { output {
elasticsearch { elasticsearch {
hosts => ["elasticsearch:9200"] hosts => ["elasticsearch:9200"]