Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Ingest Pipeline for Creating a process_signature field from Auditd in CEF
"description": "Pipeline for creating process_signature field",
"processors": [
"script": {
"lang": "painless",
"inline": "if (ctx.auditd?.log?.a0 != null) { ctx.process_signature = ctx.auditd.log.a0+'|'+ctx.auditd.log.a1+'|'; }"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment