Skip to content

Instantly share code, notes, and snippets.

@Sylvain-69

Sylvain-69/Output Secret

Created January 22, 2018 21:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Sylvain-69/719f369644f4ed8b4d0f35170cb5ead9 to your computer and use it in GitHub Desktop.
Save Sylvain-69/719f369644f4ed8b4d0f35170cb5ead9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Output
output {
# Envoi des donnees Sysmon du SOI dans elasticsearch en creant un index SOI-[date du jour]
if "soi" in [tags] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "soi-%{+YYYY.MM.dd}"
document_type => "doc"
}
}
# Envoi des donnees Winlogbeat (informations login + journaux evenements) dans Elasticsearch en creant un index nomme Winlogbeat-[version]-[date du jour]
else if [identification] == "winlogbeat" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "wineventlog"
}
}
# Envoi des donnees Packetbeat du SOI (capture de packets reseau) dans Elasticsearch en creant un index nomme Packetbeat-[version]-[date du jour]
else if [identification] == "packetbeat-soi" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "packetbeat-soi%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "doc"
}
}
# Envoi des donnees du Palo-Alto provenant du filtrage d'URL en creant un index nomme Palo-url-[date du jour]
else if [identification] == "palo-url" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "palo-url-%{+YYYY.MM.dd}"
}
}
# Envoi des donnees du Palo-Alto provenant du trafic en creant un index nomme Palo-firewall-[date du jour]
else if [identification] == "palo-firewall" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "palo-firewall-%{+YYYY.MM.dd}"
document_type => "paloalto-traffic"
}
}
# Envoi des donnees netflow du routeur dans elasticsearch en creant un index netflow-routeur[date du jour]
else if [identification] == "netflow-routeur" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "netflow-routeur-%{+YYYY.MM.dd}"
document_type => "doc"
}
}
# Envoi des donnees netflow de Corpse dans elasticsearch en creant un index netflow-corpse-[date du jour]
else if [identification] == "netflow-corpse" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "netflow-corpse-%{+YYYY.MM.dd}"
document_type => "doc"
}
}
# Envoi des donnees netflow de Cannibal dans elasticsearch en creant un index netflow-cannibal-[date du jour]
else if [identification] == "netflow-cannibal" {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "netflow-cannibal-%{+YYYY.MM.dd}"
}
}
}
#output {
# stdout {}
# file {
# path => "/tmp/debug-filters.log"
# }
#}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment