Skip to content

Commit

Permalink
idaholab#542 add 'public' pseudo-segment for source/destination publi…
Browse files Browse the repository at this point in the history
…c IP addresses
  • Loading branch information
mmguero committed Aug 15, 2024
1 parent dda5718 commit 9dee43b
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"source.segment.id:* OR destination.segment.id:*\",\"language\":\"lucene\"},\"filter\":[]}"
"searchSourceJSON": "{\"query\":{\"query\":\"source.segment:* OR destination.segment:*\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
Expand Down
7 changes: 7 additions & 0 deletions logstash/pipelines/enrichment/11_lookups.conf
Original file line number Diff line number Diff line change
Expand Up @@ -260,12 +260,19 @@ filter {
} else if ("internal_source" in [tags]) and ("external_destination" in [tags]) {
mutate { id => "mutate_add_field_metadata_network_direction_outbound"
add_field => { "[network][direction]" => "outbound" } }
mutate { id => "mutate_add_field_direction_outbound_destination_segment"
add_field => { "[destination][segment][name]" => "public" } }
} else if ("external_source" in [tags]) and ("internal_destination" in [tags]) {
mutate { id => "mutate_add_field_metadata_network_direction_inbound"
add_field => { "[network][direction]" => "inbound" } }
mutate { id => "mutate_add_field_direction_inbound_source_segment"
add_field => { "[source][segment][name]" => "public" } }
} else if ("external_source" in [tags]) and ("external_destination" in [tags]) {
mutate { id => "mutate_add_field_metadata_network_direction_external"
add_field => { "[network][direction]" => "external" } }
mutate { id => "mutate_add_field_direction_external_segments"
add_field => { "[source][segment][name]" => "public"
"[destination][segment][name]" => "public" } }
} else if ("external_source" in [tags]) or ("external_destination" in [tags]) {
mutate { id => "mutate_add_field_metadata_network_direction_external_one_sided"
add_field => { "[network][direction]" => "external" } }
Expand Down

0 comments on commit 9dee43b

Please sign in to comment.