mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 17:58:52 +00:00
47 lines
894 B
YAML
47 lines
894 B
YAML
title: Splunk Zeek sourcetype mappings
|
|
order: 20
|
|
backends:
|
|
- splunk
|
|
- splunkxml
|
|
logsources:
|
|
zeek-conn:
|
|
product: zeek
|
|
service: conn
|
|
conditions:
|
|
sourcetype: 'bro:conn:json'
|
|
zeek-dns:
|
|
product: zeek
|
|
service: dns
|
|
conditions:
|
|
sourcetype: 'bro:dns:json'
|
|
zeek-files:
|
|
product: zeek
|
|
service: files
|
|
conditions:
|
|
sourcetype: 'bro:files:json'
|
|
zeek-kerberos:
|
|
product: zeek
|
|
service: kerberos
|
|
conditions:
|
|
sourcetype: 'bro:kerberos:json'
|
|
zeek-http:
|
|
product: zeek
|
|
service: http
|
|
conditions:
|
|
sourcetype: 'bro:http:json'
|
|
zeek-rdp:
|
|
product: zeek
|
|
service: rdp
|
|
conditions:
|
|
sourcetype: 'bro:rdp:json'
|
|
zeek-ssl:
|
|
product: zeek
|
|
service: ssl
|
|
conditions:
|
|
sourcetype: 'bro:ssl:json'
|
|
zeek-x509:
|
|
product: zeek
|
|
service: x509
|
|
conditions:
|
|
sourcetype: 'bro:x509:json'
|