Adding logstash pipeline for python script

wazuh · Feb 5, 2024 · 116b22b · 116b22b
1 parent e6784f3
commit 116b22b
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/integrations/amazon-security-lake/pipe-output.conf b/integrations/amazon-security-lake/pipe-output.conf
@@ -0,0 +1,35 @@
+input {
+   opensearch {
+      hosts =>  ["127.0.0.1:9200"]
+      user  =>  "${WAZUH_INDEXER_USERNAME}"
+      password  =>  "${WAZUH_INDEXER_PASSWORD}"
+      index =>  "wazuh-alerts-4.x-*"
+      ssl => true
+      ca_file => "/etc/logstash/wi-certs/root-ca.pem"
+      query =>  '{
+            "query": {
+               "range": {
+                  "@timestamp": {
+                     "gt": "now-1m"
+                  }
+               }
+            }
+      }'
+			target => "_source"
+      schedule => "* * * * *"
+   }
+}
+
+output {
+
+	stdout { codec => rubydebug }
+
+	pipe
+	{
+		id => "securityLake"
+		message_format => "%{_source}"
+		ttl => "10"
+		command => "/usr/bin/env python3 /usr/local/bin/stdin_to_securitylake.py -d"
+	}
+
+}