Logstash-Configs
Logstash-Configs copied to clipboard
SMAPPER
Contains log parsers for Logstash for many systems and applications. Also contains many methods of augmenting logs.
Need to add tag for if geo information from geoip lookup matches certificate information
Need to add verification checks against state and possibility locality fields. Each has a finite list of valid fields that can be used to verify the contents.
Need to extract fields from the tls.issuerdn field similar to how it is done with bro_x509. Also, should consider flattening and renaming the tls fields to match x509.
Currently if a source_ip is IPv6 it gets moved to source_ip_v6. However, the DNS resolving does not account for this. Most likely just need to use if statements to account...
Logstash configs for bro x509 certificates needs the certificate_not_valid_after and certificate_not_valid_before converted to dates from timestamps.