mirror of
https://github.com/valitydev/SigmaHQ.git
synced 2024-11-07 17:58:52 +00:00
109 lines
2.2 KiB
YAML
109 lines
2.2 KiB
YAML
title: SumoLogic
|
|
order: 20
|
|
backends:
|
|
- sumologic
|
|
# Sumulogic mapping depends on customer configuration. Adapt to your context!
|
|
# typically rule on _sourceCategory, _index or Field Extraction Rules (FER)
|
|
# supposing existing FER for service, EventChannel, EventID
|
|
logsources:
|
|
unix:
|
|
product: unix
|
|
index: UNIX
|
|
linux:
|
|
product: linux
|
|
index: LINUX
|
|
linux-sshd:
|
|
product: linux
|
|
service: sshd
|
|
index: LINUX
|
|
linux-auth:
|
|
product: linux
|
|
service: auth
|
|
index: LINUX
|
|
linux-clamav:
|
|
product: linux
|
|
service: clamav
|
|
index: LINUX
|
|
windows:
|
|
product: windows
|
|
index: WINDOWS
|
|
windows-sysmon:
|
|
product: windows
|
|
service: sysmon
|
|
conditions:
|
|
EventChannel: Microsoft-Windows-Sysmon
|
|
index: WINDOWS
|
|
windows-security:
|
|
product: windows
|
|
service: security
|
|
conditions:
|
|
EventChannel: Security
|
|
index: WINDOWS
|
|
windows-powershell:
|
|
product: windows
|
|
service: powershell
|
|
conditions:
|
|
EventChannel: Microsoft-Windows-Powershell
|
|
index: WINDOWS
|
|
windows-system:
|
|
product: windows
|
|
service: system
|
|
conditions:
|
|
EventChannel: System
|
|
index: WINDOWS
|
|
windows-dhcp:
|
|
product: windows
|
|
service: dhcp
|
|
conditions:
|
|
EventChannel: Microsoft-Windows-DHCP-Server
|
|
index: WINDOWS
|
|
windows-ntlm:
|
|
product: windows
|
|
service: ntlm
|
|
conditions:
|
|
EventChannel: 'Microsoft-Windows-NTLM/Operational'
|
|
apache:
|
|
product: apache
|
|
service: apache
|
|
index: WEBSERVER
|
|
apache2:
|
|
product: apache
|
|
index: WEBSERVER
|
|
webserver:
|
|
category: webserver
|
|
index: WEBSERVER
|
|
firewall:
|
|
category: firewall
|
|
index: FIREWALL
|
|
firewall2:
|
|
product: firewall
|
|
index: FIREWALL
|
|
network-dns:
|
|
category: dns
|
|
index: DNS
|
|
network-dns2:
|
|
product: dns
|
|
index: DNS
|
|
proxy:
|
|
category: proxy
|
|
index: PROXY
|
|
antivirus:
|
|
product: antivirus
|
|
index: ANTIVIRUS
|
|
application-sql:
|
|
product: sql
|
|
index: DATABASE
|
|
application-python:
|
|
product: python
|
|
index: APPLICATIONS
|
|
application-django:
|
|
product: django
|
|
index: DJANGO
|
|
application-rails:
|
|
product: rails
|
|
index: RAILS
|
|
application-spring:
|
|
product: spring
|
|
index: SPRING
|
|
# if no index, search in all indexes
|