Merge pull request #556 from Cargill/guardduty_missing_dataset

Fix for Guardduty missing dataset
Cargill · Oct 25, 2024 · ad9ac2f · ad9ac2f
2 parents 841ea15 + cfe022e
commit ad9ac2f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/config/processors/api_security_aws.guardduty.conf b/config/processors/api_security_aws.guardduty.conf
@@ -10,11 +10,13 @@ filter {
     source => "message"
     target => "guard"
   }
+  mutate {
+   remove_field => [ "host", "event" ]
+  }
   mutate {
     add_field => { "[cloud][provider]" => "aws" }
     add_field => { "[event][module]" => "aws" }
     add_field => { "[event][dataset]" => "aws.guardduty" } 
-    remove_field => [ "host", "event" ]   
   }
   ruby {
     init => '@ignore = [ "path", "@timestamp", "@metadata", "host", "@version" ]'