work on idaholab#19, remove dce/rpc from standard ports list as it's …

…using a random high port
mmguero-dev · Sep 2, 2021 · ea31c51 · ea31c51
1 parent 9e60126
commit ea31c51
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 7 deletions.
diff --git a/logstash/maps/service_ports.yaml b/logstash/maps/service_ports.yaml
@@ -12,12 +12,6 @@ cip:
   - 44818
 cotp:
   - 102
-dce_rpc:
-  - 135
-  - 137
-  - 138
-  - 139
-  - 445
 dhcp:
   - 67
   - 68

diff --git a/logstash/pipelines/enrichment/19_severity.conf b/logstash/pipelines/enrichment/19_severity.conf
@@ -345,7 +345,7 @@ filter {
                (dstPort = event.get('[dstPort]')) then
               service.each do |srv|
                 if (!$servicePortMap[srv].nil?) and
-                   (service.kind_of?($servicePortMap[srv])) and
+                   ($servicePortMap[srv].kind_of?(Array)) and
                    ($servicePortMap[srv].length > 0) and
                    (!$servicePortMap[srv].include?(dstPort)) then
                   foundOddPort += 1
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,12 +12,6 @@ cip: @@
       - 44818
     cotp:
       - 102
-    dce_rpc:
-      - 135
-      - 137
-      - 138
-      - 139
-      - 445
     dhcp:
       - 67
       - 68
@@ Expand Down @@