Skip to content

Commit

Permalink
adding vuln cve parsing
Browse files Browse the repository at this point in the history
  • Loading branch information
MehmedSalihbasic committed Sep 23, 2024
1 parent 530ef53 commit 4f7db78
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions config/processors/syslog_security_symantec.endpoint.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,11 @@ filter {
remove_field => ["[event][name]"]
}
}
if [rule][name] =~ "^.*?(cve|CVE)-\d+-\d+" {
grok {
match => { "[rule][name]" => "^.*?(?<[vulnerability][id]>(cve|CVE)-\d+-\d+)" }
}
}
}
output {
pipeline { send_to => [enrichments] }
Expand Down

0 comments on commit 4f7db78

Please sign in to comment.