Skip to content

Commit

Permalink
Merge pull request #539 from Cargill/cve_vuln_sep
Browse files Browse the repository at this point in the history 
adding vuln cve parsing
  • Loading branch information
@MehaSal
MehaSal authored Sep 23, 2024
2 parents 530ef53 + 4f7db78 commit ff8c4e2
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions config/processors/syslog_security_symantec.endpoint.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -531,6 +531,11 @@ filter {
remove_field => ["[event][name]"]
}
}
if [rule][name] =~ "^.*?(cve|CVE)-\d+-\d+" {
grok {
match => { "[rule][name]" => "^.*?(?<[vulnerability][id]>(cve|CVE)-\d+-\d+)" }
}
}
}
output {
pipeline { send_to => [enrichments] }
Expand Down

0 comments on commit ff8c4e2

Please sign in to comment.