Skip to content

Commit

Permalink
Update IDH Mappings
Browse files Browse the repository at this point in the history
  • Loading branch information
@defensivedepth
defensivedepth authored Aug 3, 2023
1 parent 3b3f6a1 commit f4c71c8
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions so-soctopus/so-soctopus/playbook/securityonion-baseline.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ logsources:
defaultindex: "*:so-*"
fieldmappings:
#START: SO Specific Mappings
DestinationIsIpv6:
logtype: event.code
EventID: event.code
Channel: winlog.channel
Protocol: network.transport
Expand Down Expand Up @@ -687,4 +687,4 @@ fieldmappings:
ApplicationPath: winlog.event_data.ApplicationPath
ModifyingApplication: winlog.event_data.ModifyingApplication
Action: winlog.event_data.Action
#END: Default WLB/ECS Mappings
#END: Default WLB/ECS Mappings

0 comments on commit f4c71c8

Please sign in to comment.