Skip to content

Commit

Permalink
tweaks for idaholab#419, testing ja4+ merge
Browse files Browse the repository at this point in the history
  • Loading branch information
@mmguero
mmguero committed Jun 25, 2024
1 parent b0bf7e7 commit d44b353
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion logstash/pipelines/zeek/13_zeek_normalize.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1369,7 +1369,7 @@ filter {
merge => { "[related][hash]" => "[zeek][files][sha1]" } } }
if ([zeek][files][sha256]) { mutate { id => "mutate_merge_field_related_hash_files_sha256"
merge => { "[related][hash]" => "[zeek][files][sha256]" } } }
if ([zeek][http][ja4]h) { mutate { id => "mutate_merge_field_related_hash_http_ja4h"
if ([zeek][http][ja4h]) { mutate { id => "mutate_merge_field_related_hash_http_ja4h"
merge => { "[related][hash]" => "[zeek][http][ja4h]" } } }
if ([zeek][ssh][hassh]) { mutate { id => "mutate_merge_field_related_hash_ssh_hassh"
merge => { "[related][hash]" => "[zeek][ssh][hassh]" } } }
Expand Down

0 comments on commit d44b353

Please sign in to comment.