├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── pull_request_template.md └── workflows │ └── main.yml ├── .gitignore ├── CONTRIBUTING.md ├── GETTING_STARTED.md ├── LICENSE ├── README.md ├── config ├── cisco_aci.json ├── cisco_ios.json ├── cisco_ios_facility_categories.csv ├── cisco_ios_facility_categories.json ├── enrichments │ ├── 00_input.conf │ ├── 01_log_original.conf │ ├── 02_ecs_data_type.conf │ ├── 03_event_created.conf │ ├── 04_syslog_pri_ecs.conf │ ├── 04_timestamp.conf │ ├── 06_url.conf │ ├── 07_lowercase.conf │ ├── 08_add_hash.conf │ ├── 10_user_agent_enrichment.conf │ ├── 12_related_user.conf │ ├── 14_related_hash.conf │ ├── 15_standardize_mac.conf │ ├── 16_related_mac.conf │ ├── 17_dns.conf │ ├── 18_host_split.conf │ ├── 19_related_hosts.conf │ ├── 20_related_ip.conf │ ├── 90_lookup_iana_protocol.conf │ ├── 91_geoip.conf │ ├── 92_misp.conf │ ├── 93_mitre.conf │ ├── 94_remove_empty_n_truncate.conf │ ├── 95_remove_tags.conf │ └── 96_output.conf ├── iana_protocols.yml ├── iana_protocols_port.yml ├── iana_transport.yml ├── inputs │ ├── azure │ │ ├── event_hub_audit_azure.event_hub_signin.conf │ │ └── event_hub_audit_o365.dlp.conf │ └── kafka │ │ └── 1_kafka_input_template.conf ├── kafka_jaas.conf ├── lower.rb ├── mitre_subtechnique.json ├── mitre_tactics.json ├── mitre_technique.json ├── outputs │ ├── elastic_output.conf │ └── s3_output.conf ├── pipelines.yml └── processors │ ├── api_application_oci.object.conf │ ├── api_audit_aws.cloudtrail.conf │ ├── api_audit_aws.firewall.conf │ ├── api_audit_aws.ghe.conf │ ├── api_audit_oci.audit.conf │ ├── api_audit_okta.conf │ ├── api_audit_syncplicity.adm_report.conf │ ├── api_audit_syncplicity.usr_report.conf │ ├── api_aws.secuirty_lake_securityhub.conf │ ├── api_aws_app.conf │ ├── api_aws_securityhub.conf │ ├── api_azure_graph_api_incidences_api.conf │ ├── api_azure_graph_defender_usb.conf │ ├── api_box_com.conf │ ├── api_gitguardian_incidents.conf │ ├── api_https_audit_sap_tcodes.conf │ ├── api_list_ad_users.conf │ ├── api_mft_securetransport-edge.conf │ ├── api_mft_securetransport.conf │ ├── api_network_aws.secuirty_lake_vpcflow.conf │ ├── api_network_aws.secuirty_lake_waf.conf │ ├── api_network_aws.security_lake_route53.conf │ ├── api_network_aws.vpcflow.conf │ ├── api_network_oci.vcn.conf │ ├── api_ois_sap_security_bridge.conf │ ├── api_security_aws.cloudflare.conf │ ├── api_security_aws.guardduty.conf │ ├── api_security_azure.atp.conf │ ├── api_security_azure.graph_identity_protection_api.conf │ ├── api_security_azure.graph_security_alerts_api.conf │ ├── api_security_azure.mcas_alerts.conf │ ├── api_security_azure.o365_dlp.conf │ ├── api_security_infoblox.dns_events.conf │ ├── api_security_jamf.protect.conf │ ├── api_security_mcafee.mcp_v5.conf │ ├── api_security_misp.metrics.conf │ ├── api_security_oci.cloudguard.conf │ ├── api_security_preempt_monthly.conf │ ├── api_security_proofpoint.pod_email_gateway.conf │ ├── api_security_proofpoint.siem_api_clicks.conf │ ├── api_security_proofpoint.siem_api_message.conf │ ├── api_security_sap_btp.conf │ ├── api_security_sap_btp_calm.conf │ ├── api_security_scorecard.affiliate_company_scores.conf │ ├── api_security_scorecard.events.conf │ ├── api_security_skyhigh.scp.conf │ ├── api_skyhigh_scal_audit.conf │ ├── api_sqlite_known_good_hash_nist.conf │ ├── azure_monitor_agent_event_hub_dbhana.conf │ ├── azure_monitor_agent_event_hub_dboracle.conf │ ├── azure_monitor_agent_event_hub_dbsql.conf │ ├── azure_monitor_agent_event_hub_osrhle.conf │ ├── azure_monitor_agent_event_hub_oswindows.conf │ ├── boomi.integration-platform.conf │ ├── db_audit_citrix.admin.conf │ ├── db_audit_citrix.session.conf │ ├── event_hub_audit_azure.event_hub_anomalies.conf │ ├── event_hub_audit_azure.event_hub_audit.conf │ ├── event_hub_audit_azure.event_hub_azureactivity.conf │ ├── event_hub_audit_azure.event_hub_azureaudit.conf │ ├── event_hub_audit_azure.event_hub_emailevents.conf │ ├── event_hub_audit_azure.event_hub_interactive_signin.conf │ ├── event_hub_audit_azure.event_hub_officeactivity.conf │ ├── event_hub_audit_azure.event_hub_operational.conf │ ├── event_hub_audit_azure.event_hub_riskyuser.conf │ ├── event_hub_audit_azure.event_hub_securityalert.conf │ ├── event_hub_audit_azure.event_hub_securityincident.conf │ ├── event_hub_audit_azure.event_hub_signin.conf │ ├── event_hub_audit_azure.event_hub_userriskevents.conf │ ├── event_hub_audit_o365.dlp.conf │ ├── event_hub_audit_o365.msg.trkg_eventhub.conf │ ├── event_hub_azure.fw_dns_ids_proxy_flow.conf │ ├── event_hub_security_azure.event_hub.conf │ ├── event_hub_security_azure.event_hub_atp.conf │ ├── eventhub_dlq.conf │ ├── flat_file_atlassian_jira.conf │ ├── flat_file_atlassian_jira_audit.conf │ ├── flat_file_audit_ansible.conf │ ├── flat_file_audit_apache.access.conf │ ├── flat_file_audit_apache.error.conf │ ├── flat_file_audit_exchange.2016.msg.trkg.conf │ ├── flat_file_audit_iis.conf │ ├── flat_file_audit_microsoft.iis.w3c.conf │ ├── flat_file_audit_mwg.proxy.conf │ ├── flat_file_audit_pingfederate.conf │ ├── flat_file_audit_riverbed.amauth.conf │ ├── flat_file_audit_riverbed.audit.conf │ ├── flat_file_audit_riverbed.opnetreport.conf │ ├── flat_file_audit_riverbed.scportal.conf │ ├── flat_file_audit_riverbed.stdout.conf │ ├── flat_file_audit_riverbed.vnes_analytics.conf │ ├── flat_file_log_audit_sap.cloud_connector.conf │ ├── flat_file_security_windows.exported_security_events.conf │ ├── flow_audit_cisco_netflow.conf │ ├── ftp_gzip_audit_infoblox_dns.conf │ ├── hadoop_hdfs_audit.conf │ ├── hadoop_hms_audit.conf │ ├── hadoop_impala_audit.conf │ ├── kafka_error.conf │ ├── log_application_aws.elb.conf │ ├── log_audit_aws_kong.gateway.conf │ ├── log_audit_aws_seclake.conf │ ├── log_elasticsearch.conf │ ├── log_hadoop.conf │ ├── log_rundeck.conf │ ├── log_security_proofpoint.trap.conf │ ├── log_tanium.conf │ ├── logstash_virtustream_linux_forwarder.conf │ ├── logstash_virtustream_windows_forwarder.conf │ ├── openwec.conf │ ├── push_api_list_inventory_forescout.conf │ ├── s3_log_aws.cloudfront.conf │ ├── s3_log_aws.lb.conf │ ├── snmp_forescout.conf │ ├── snowflake_acc_access_history.conf │ ├── snowflake_acc_admin_role_activity.conf │ ├── snowflake_acc_columns.conf │ ├── snowflake_acc_copy_history.conf │ ├── snowflake_acc_data_transfer_history.conf │ ├── snowflake_acc_database_storage_usage_history.conf │ ├── snowflake_acc_databases.conf │ ├── snowflake_acc_event_usage_history.conf │ ├── snowflake_acc_failed_logins.conf │ ├── snowflake_acc_functions.conf │ ├── snowflake_acc_grants_to_public.conf │ ├── snowflake_acc_grants_to_roles.conf │ ├── snowflake_acc_grants_to_users.conf │ ├── snowflake_acc_integration_monitoring.conf │ ├── snowflake_acc_key_management.conf │ ├── snowflake_acc_key_pair_auth.conf │ ├── snowflake_acc_load_history.conf │ ├── snowflake_acc_login_history.conf │ ├── snowflake_acc_masking_policies.conf │ ├── snowflake_acc_metering_daily_history.conf │ ├── snowflake_acc_metering_history.conf │ ├── snowflake_acc_mfa_exist.conf │ ├── snowflake_acc_procedures.conf │ ├── snowflake_acc_query_history.conf │ ├── snowflake_acc_rest_event_history.conf │ ├── snowflake_acc_role_activity.conf │ ├── snowflake_acc_roles.conf │ ├── snowflake_acc_row_access_policies.conf │ ├── snowflake_acc_schemata.conf │ ├── snowflake_acc_scim_access_token.conf │ ├── snowflake_acc_serverless_task_history.conf │ ├── snowflake_acc_sessions.conf │ ├── snowflake_acc_stage_storage_usage_history.conf │ ├── snowflake_acc_stages.conf │ ├── snowflake_acc_storage_usage.conf │ ├── snowflake_acc_tables.conf │ ├── snowflake_acc_task_history.conf │ ├── snowflake_acc_user_activity.conf │ ├── snowflake_acc_user_creation_modification.conf │ ├── snowflake_acc_users.conf │ ├── snowflake_acc_views.conf │ ├── snowflake_acc_warehouse_events_history.conf │ ├── snowflake_acc_warehouse_load_history.conf │ ├── syslog_as400_audit.conf │ ├── syslog_audit_a10.proxy.conf │ ├── syslog_audit_accellion.sft.conf │ ├── syslog_audit_aix_rsyslog.conf │ ├── syslog_audit_apache.conf │ ├── syslog_audit_checkpoint.fw.conf │ ├── syslog_audit_checkpoint.operations.conf │ ├── syslog_audit_cisco.aci.conf │ ├── syslog_audit_cisco.dna.conf │ ├── syslog_audit_cisco.mso.conf │ ├── syslog_audit_cisco.prime.conf │ ├── syslog_audit_cisco.router.conf │ ├── syslog_audit_cisco.switch.conf │ ├── syslog_audit_cisco.wireless.ap.conf │ ├── syslog_audit_cisco.wireless.bridge.conf │ ├── syslog_audit_cisco.wireless.control.system.conf │ ├── syslog_audit_citrix.netscaler.conf │ ├── syslog_audit_f5.big.ip.gtm.dns.conf │ ├── syslog_audit_f5.big.ip.ltm.conf │ ├── syslog_audit_infoblox.conf │ ├── syslog_audit_lieberman.random.pass.mgr.conf │ ├── syslog_audit_linux.host.conf │ ├── syslog_audit_linux.redhat.conf │ ├── syslog_audit_linux_rsyslog.conf │ ├── syslog_audit_meraki.router.conf │ ├── syslog_audit_mpki.cmpv2.conf │ ├── syslog_audit_riverbed.netim_weekly.conf │ ├── syslog_audit_rsa.auth.conf │ ├── syslog_audit_spectracom.ntp.conf │ ├── syslog_audit_tenable.nessus_scanner.conf │ ├── syslog_audit_tenable.security_center.conf │ ├── syslog_audit_trellix.epo.conf │ ├── syslog_audit_ubiquiti.controller_session_logs.conf │ ├── syslog_audit_ubiquiti.wireless_bridge.conf │ ├── syslog_list_inventory_tanium.conf │ ├── syslog_remote_console.conf │ ├── syslog_security_a10.waf.conf │ ├── syslog_security_bomgar.conf │ ├── syslog_security_cisco.apic.conf │ ├── syslog_security_cisco.ise.conf │ ├── syslog_security_cisco.meraki.fw.conf │ ├── syslog_security_cisco.meraki.wap.conf │ ├── syslog_security_cisco.satellite.conf │ ├── syslog_security_cisco.stealthwatch.conf │ ├── syslog_security_cisco.waas.conf │ ├── syslog_security_forescout.counteract.nac.conf │ ├── syslog_security_guardium.db.conf │ ├── syslog_security_hp.network.node.mgr.conf │ ├── syslog_security_juniper.fw.conf │ ├── syslog_security_juniper_pulse.ssl.vpn.conf │ ├── syslog_security_layer7.securespan.soa.gw.conf │ ├── syslog_security_microsoft.ata.conf │ ├── syslog_security_palo.alto.fw.conf │ ├── syslog_security_sap.onapsis.conf │ ├── syslog_security_sdwan.app.conf │ ├── syslog_security_sdwan.os_ubuntu.conf │ ├── syslog_security_skyhigh.atd.conf │ ├── syslog_security_skyhigh.security.mgr.conf │ ├── syslog_security_skyhigh.swg.conf │ ├── syslog_security_symantec.dlp.conf │ ├── syslog_security_symantec.endpoint.conf │ ├── syslog_security_tanium.conf │ ├── syslog_security_tibco_ems.conf │ ├── syslog_security_tufin.conf │ ├── syslog_securityonion_securityonion.suricata.conf │ ├── syslog_securityonion_securityonion.zeek.conf │ ├── syslog_source_unidentified.conf │ ├── syslog_virtustream_trendmicro_forwarder.conf │ ├── vuln_gitguardian_internal.conf │ ├── vuln_sysdig_scanning.conf │ ├── vuln_tenable_asm.conf │ ├── vuln_tenable_sc.conf │ ├── webhook_ionix_alert.conf │ ├── webhook_wiz_alert.conf │ └── wef_audit_windows.events.conf └── doc ├── README.md ├── _resources ├── README.md ├── logflow_detailed.jpg ├── openSIEM_logflow.jpg └── pipeline_generation.jpg ├── ad_users └── ad_domain_users_list.ps1 ├── api_collection_programs ├── azure │ ├── azure_atp │ │ ├── azure_atp_job.service │ │ ├── job_azure_atp.py │ │ └── requirements.txt │ ├── azure_graph_alerts │ │ └── azure_graph_alerts.py │ ├── identity_protection_risk_detections │ │ ├── identity_protection_risk_detections.py │ │ ├── identity_protection_risk_detections.service │ │ └── identity_protection_risk_detections.timer │ └── identity_protection_risky_users │ │ └── identity_protection_risky_users.py ├── kafka_producer.py ├── mcafee_cloud_proxy │ ├── job_mcp.py │ └── job_mcp.service ├── okta │ ├── job_okta.py │ └── job_okta.service ├── proofpoint │ ├── proofpoint_forensics │ │ └── pp_forensics.py │ ├── proofpoint_pod │ │ ├── kafka_client.py │ │ └── pod_logging │ │ │ ├── __init__.py │ │ │ ├── pp_pod_job.service │ │ │ └── websocket │ │ │ ├── __init__.py │ │ │ ├── client.py │ │ │ └── config.py │ ├── proofpoint_siem │ │ ├── pp_siem.py │ │ ├── pp_siem_job.service │ │ └── sns.py │ └── proofpoint_trap │ │ ├── pp_trap.py │ │ └── pp_trap_job.service ├── secret.py └── syncplicity │ ├── syncplicity_admin.py │ └── syncplicity_user.py ├── elastic_common_schema ├── ecs_1.7_modified.csv └── ecs_1.9_with_custom_fields.csv ├── enrichments └── quick_reference_enrichment_enable_disable.csv ├── log_configurations ├── forescout │ └── logstash_forescout_push_api_inventory.conf ├── iis │ ├── iis.txt │ └── set_iis_logging_settings.ps1 ├── linux │ ├── README.md │ ├── configure_apache.py │ ├── rsyslog │ │ ├── auditd.conf │ │ └── rsyslog.conf │ └── setting_up_apache.md ├── mcafee_web_gateway.txt └── windows_security_events │ ├── readme.md │ └── send_evtx_to_elk.ps1 ├── snmp_traps └── SNMPTrapReceiver.py └── templates └── ECS_1.7 ├── 12_shard_volume.json ├── 1_shard_volume.json ├── 20_shard_volume.json ├── 2_shard_volume.json └── 6_shard_volume.json /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/.github/pull_request_template.md -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/.github/workflows/main.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ignore 2 | __pycache__ 3 | .DS_Store 4 | .vscode 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /GETTING_STARTED.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/GETTING_STARTED.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/README.md -------------------------------------------------------------------------------- /config/cisco_aci.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/cisco_aci.json -------------------------------------------------------------------------------- /config/cisco_ios.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/cisco_ios.json -------------------------------------------------------------------------------- /config/cisco_ios_facility_categories.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/cisco_ios_facility_categories.csv -------------------------------------------------------------------------------- /config/cisco_ios_facility_categories.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/cisco_ios_facility_categories.json -------------------------------------------------------------------------------- /config/enrichments/00_input.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/00_input.conf -------------------------------------------------------------------------------- /config/enrichments/01_log_original.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/01_log_original.conf -------------------------------------------------------------------------------- /config/enrichments/02_ecs_data_type.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/02_ecs_data_type.conf -------------------------------------------------------------------------------- /config/enrichments/03_event_created.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/03_event_created.conf -------------------------------------------------------------------------------- /config/enrichments/04_syslog_pri_ecs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/04_syslog_pri_ecs.conf -------------------------------------------------------------------------------- /config/enrichments/04_timestamp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/04_timestamp.conf -------------------------------------------------------------------------------- /config/enrichments/06_url.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/06_url.conf -------------------------------------------------------------------------------- /config/enrichments/07_lowercase.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/07_lowercase.conf -------------------------------------------------------------------------------- /config/enrichments/08_add_hash.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/08_add_hash.conf -------------------------------------------------------------------------------- /config/enrichments/10_user_agent_enrichment.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/10_user_agent_enrichment.conf -------------------------------------------------------------------------------- /config/enrichments/12_related_user.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/12_related_user.conf -------------------------------------------------------------------------------- /config/enrichments/14_related_hash.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/14_related_hash.conf -------------------------------------------------------------------------------- /config/enrichments/15_standardize_mac.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/15_standardize_mac.conf -------------------------------------------------------------------------------- /config/enrichments/16_related_mac.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/16_related_mac.conf -------------------------------------------------------------------------------- /config/enrichments/17_dns.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/17_dns.conf -------------------------------------------------------------------------------- /config/enrichments/18_host_split.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/18_host_split.conf -------------------------------------------------------------------------------- /config/enrichments/19_related_hosts.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/19_related_hosts.conf -------------------------------------------------------------------------------- /config/enrichments/20_related_ip.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/20_related_ip.conf -------------------------------------------------------------------------------- /config/enrichments/90_lookup_iana_protocol.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/90_lookup_iana_protocol.conf -------------------------------------------------------------------------------- /config/enrichments/91_geoip.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/91_geoip.conf -------------------------------------------------------------------------------- /config/enrichments/92_misp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/92_misp.conf -------------------------------------------------------------------------------- /config/enrichments/93_mitre.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/93_mitre.conf -------------------------------------------------------------------------------- /config/enrichments/94_remove_empty_n_truncate.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/94_remove_empty_n_truncate.conf -------------------------------------------------------------------------------- /config/enrichments/95_remove_tags.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/95_remove_tags.conf -------------------------------------------------------------------------------- /config/enrichments/96_output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/enrichments/96_output.conf -------------------------------------------------------------------------------- /config/iana_protocols.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/iana_protocols.yml -------------------------------------------------------------------------------- /config/iana_protocols_port.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/iana_protocols_port.yml -------------------------------------------------------------------------------- /config/iana_transport.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/iana_transport.yml -------------------------------------------------------------------------------- /config/inputs/azure/event_hub_audit_azure.event_hub_signin.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/inputs/azure/event_hub_audit_azure.event_hub_signin.conf -------------------------------------------------------------------------------- /config/inputs/azure/event_hub_audit_o365.dlp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/inputs/azure/event_hub_audit_o365.dlp.conf -------------------------------------------------------------------------------- /config/inputs/kafka/1_kafka_input_template.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/inputs/kafka/1_kafka_input_template.conf -------------------------------------------------------------------------------- /config/kafka_jaas.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/kafka_jaas.conf -------------------------------------------------------------------------------- /config/lower.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/lower.rb -------------------------------------------------------------------------------- /config/mitre_subtechnique.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/mitre_subtechnique.json -------------------------------------------------------------------------------- /config/mitre_tactics.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/mitre_tactics.json -------------------------------------------------------------------------------- /config/mitre_technique.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/mitre_technique.json -------------------------------------------------------------------------------- /config/outputs/elastic_output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/outputs/elastic_output.conf -------------------------------------------------------------------------------- /config/outputs/s3_output.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/outputs/s3_output.conf -------------------------------------------------------------------------------- /config/pipelines.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/pipelines.yml -------------------------------------------------------------------------------- /config/processors/api_application_oci.object.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_application_oci.object.conf -------------------------------------------------------------------------------- /config/processors/api_audit_aws.cloudtrail.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_aws.cloudtrail.conf -------------------------------------------------------------------------------- /config/processors/api_audit_aws.firewall.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_aws.firewall.conf -------------------------------------------------------------------------------- /config/processors/api_audit_aws.ghe.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_aws.ghe.conf -------------------------------------------------------------------------------- /config/processors/api_audit_oci.audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_oci.audit.conf -------------------------------------------------------------------------------- /config/processors/api_audit_okta.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_okta.conf -------------------------------------------------------------------------------- /config/processors/api_audit_syncplicity.adm_report.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_syncplicity.adm_report.conf -------------------------------------------------------------------------------- /config/processors/api_audit_syncplicity.usr_report.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_audit_syncplicity.usr_report.conf -------------------------------------------------------------------------------- /config/processors/api_aws.secuirty_lake_securityhub.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_aws.secuirty_lake_securityhub.conf -------------------------------------------------------------------------------- /config/processors/api_aws_app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_aws_app.conf -------------------------------------------------------------------------------- /config/processors/api_aws_securityhub.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_aws_securityhub.conf -------------------------------------------------------------------------------- /config/processors/api_azure_graph_api_incidences_api.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_azure_graph_api_incidences_api.conf -------------------------------------------------------------------------------- /config/processors/api_azure_graph_defender_usb.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_azure_graph_defender_usb.conf -------------------------------------------------------------------------------- /config/processors/api_box_com.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_box_com.conf -------------------------------------------------------------------------------- /config/processors/api_gitguardian_incidents.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_gitguardian_incidents.conf -------------------------------------------------------------------------------- /config/processors/api_https_audit_sap_tcodes.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_https_audit_sap_tcodes.conf -------------------------------------------------------------------------------- /config/processors/api_list_ad_users.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_list_ad_users.conf -------------------------------------------------------------------------------- /config/processors/api_mft_securetransport-edge.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_mft_securetransport-edge.conf -------------------------------------------------------------------------------- /config/processors/api_mft_securetransport.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_mft_securetransport.conf -------------------------------------------------------------------------------- /config/processors/api_network_aws.secuirty_lake_vpcflow.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_network_aws.secuirty_lake_vpcflow.conf -------------------------------------------------------------------------------- /config/processors/api_network_aws.secuirty_lake_waf.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_network_aws.secuirty_lake_waf.conf -------------------------------------------------------------------------------- /config/processors/api_network_aws.security_lake_route53.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_network_aws.security_lake_route53.conf -------------------------------------------------------------------------------- /config/processors/api_network_aws.vpcflow.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_network_aws.vpcflow.conf -------------------------------------------------------------------------------- /config/processors/api_network_oci.vcn.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_network_oci.vcn.conf -------------------------------------------------------------------------------- /config/processors/api_ois_sap_security_bridge.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_ois_sap_security_bridge.conf -------------------------------------------------------------------------------- /config/processors/api_security_aws.cloudflare.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_aws.cloudflare.conf -------------------------------------------------------------------------------- /config/processors/api_security_aws.guardduty.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_aws.guardduty.conf -------------------------------------------------------------------------------- /config/processors/api_security_azure.atp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_azure.atp.conf -------------------------------------------------------------------------------- /config/processors/api_security_azure.graph_identity_protection_api.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_azure.graph_identity_protection_api.conf -------------------------------------------------------------------------------- /config/processors/api_security_azure.graph_security_alerts_api.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_azure.graph_security_alerts_api.conf -------------------------------------------------------------------------------- /config/processors/api_security_azure.mcas_alerts.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_azure.mcas_alerts.conf -------------------------------------------------------------------------------- /config/processors/api_security_azure.o365_dlp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_azure.o365_dlp.conf -------------------------------------------------------------------------------- /config/processors/api_security_infoblox.dns_events.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_infoblox.dns_events.conf -------------------------------------------------------------------------------- /config/processors/api_security_jamf.protect.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_jamf.protect.conf -------------------------------------------------------------------------------- /config/processors/api_security_mcafee.mcp_v5.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_mcafee.mcp_v5.conf -------------------------------------------------------------------------------- /config/processors/api_security_misp.metrics.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_misp.metrics.conf -------------------------------------------------------------------------------- /config/processors/api_security_oci.cloudguard.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_oci.cloudguard.conf -------------------------------------------------------------------------------- /config/processors/api_security_preempt_monthly.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_preempt_monthly.conf -------------------------------------------------------------------------------- /config/processors/api_security_proofpoint.pod_email_gateway.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_proofpoint.pod_email_gateway.conf -------------------------------------------------------------------------------- /config/processors/api_security_proofpoint.siem_api_clicks.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_proofpoint.siem_api_clicks.conf -------------------------------------------------------------------------------- /config/processors/api_security_proofpoint.siem_api_message.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_proofpoint.siem_api_message.conf -------------------------------------------------------------------------------- /config/processors/api_security_sap_btp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_sap_btp.conf -------------------------------------------------------------------------------- /config/processors/api_security_sap_btp_calm.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_sap_btp_calm.conf -------------------------------------------------------------------------------- /config/processors/api_security_scorecard.affiliate_company_scores.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_scorecard.affiliate_company_scores.conf -------------------------------------------------------------------------------- /config/processors/api_security_scorecard.events.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_scorecard.events.conf -------------------------------------------------------------------------------- /config/processors/api_security_skyhigh.scp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_security_skyhigh.scp.conf -------------------------------------------------------------------------------- /config/processors/api_skyhigh_scal_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_skyhigh_scal_audit.conf -------------------------------------------------------------------------------- /config/processors/api_sqlite_known_good_hash_nist.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/api_sqlite_known_good_hash_nist.conf -------------------------------------------------------------------------------- /config/processors/azure_monitor_agent_event_hub_dbhana.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/azure_monitor_agent_event_hub_dbhana.conf -------------------------------------------------------------------------------- /config/processors/azure_monitor_agent_event_hub_dboracle.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/azure_monitor_agent_event_hub_dboracle.conf -------------------------------------------------------------------------------- /config/processors/azure_monitor_agent_event_hub_dbsql.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/azure_monitor_agent_event_hub_dbsql.conf -------------------------------------------------------------------------------- /config/processors/azure_monitor_agent_event_hub_osrhle.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/azure_monitor_agent_event_hub_osrhle.conf -------------------------------------------------------------------------------- /config/processors/azure_monitor_agent_event_hub_oswindows.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/azure_monitor_agent_event_hub_oswindows.conf -------------------------------------------------------------------------------- /config/processors/boomi.integration-platform.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/boomi.integration-platform.conf -------------------------------------------------------------------------------- /config/processors/db_audit_citrix.admin.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/db_audit_citrix.admin.conf -------------------------------------------------------------------------------- /config/processors/db_audit_citrix.session.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/db_audit_citrix.session.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_anomalies.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_anomalies.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_audit.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_azureactivity.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_azureactivity.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_azureaudit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_azureaudit.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_emailevents.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_emailevents.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_interactive_signin.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_interactive_signin.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_officeactivity.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_officeactivity.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_operational.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_operational.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_riskyuser.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_riskyuser.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_securityalert.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_securityalert.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_securityincident.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_securityincident.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_signin.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_signin.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_azure.event_hub_userriskevents.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_azure.event_hub_userriskevents.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_o365.dlp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_o365.dlp.conf -------------------------------------------------------------------------------- /config/processors/event_hub_audit_o365.msg.trkg_eventhub.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_audit_o365.msg.trkg_eventhub.conf -------------------------------------------------------------------------------- /config/processors/event_hub_azure.fw_dns_ids_proxy_flow.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_azure.fw_dns_ids_proxy_flow.conf -------------------------------------------------------------------------------- /config/processors/event_hub_security_azure.event_hub.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_security_azure.event_hub.conf -------------------------------------------------------------------------------- /config/processors/event_hub_security_azure.event_hub_atp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/event_hub_security_azure.event_hub_atp.conf -------------------------------------------------------------------------------- /config/processors/eventhub_dlq.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/eventhub_dlq.conf -------------------------------------------------------------------------------- /config/processors/flat_file_atlassian_jira.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_atlassian_jira.conf -------------------------------------------------------------------------------- /config/processors/flat_file_atlassian_jira_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_atlassian_jira_audit.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_ansible.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_ansible.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_apache.access.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_apache.access.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_apache.error.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_apache.error.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_exchange.2016.msg.trkg.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_exchange.2016.msg.trkg.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_iis.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_iis.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_microsoft.iis.w3c.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_microsoft.iis.w3c.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_mwg.proxy.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_mwg.proxy.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_pingfederate.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_pingfederate.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.amauth.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.amauth.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.audit.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.opnetreport.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.opnetreport.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.scportal.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.scportal.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.stdout.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.stdout.conf -------------------------------------------------------------------------------- /config/processors/flat_file_audit_riverbed.vnes_analytics.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_audit_riverbed.vnes_analytics.conf -------------------------------------------------------------------------------- /config/processors/flat_file_log_audit_sap.cloud_connector.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_log_audit_sap.cloud_connector.conf -------------------------------------------------------------------------------- /config/processors/flat_file_security_windows.exported_security_events.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flat_file_security_windows.exported_security_events.conf -------------------------------------------------------------------------------- /config/processors/flow_audit_cisco_netflow.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/flow_audit_cisco_netflow.conf -------------------------------------------------------------------------------- /config/processors/ftp_gzip_audit_infoblox_dns.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/ftp_gzip_audit_infoblox_dns.conf -------------------------------------------------------------------------------- /config/processors/hadoop_hdfs_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/hadoop_hdfs_audit.conf -------------------------------------------------------------------------------- /config/processors/hadoop_hms_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/hadoop_hms_audit.conf -------------------------------------------------------------------------------- /config/processors/hadoop_impala_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/hadoop_impala_audit.conf -------------------------------------------------------------------------------- /config/processors/kafka_error.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/kafka_error.conf -------------------------------------------------------------------------------- /config/processors/log_application_aws.elb.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_application_aws.elb.conf -------------------------------------------------------------------------------- /config/processors/log_audit_aws_kong.gateway.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_audit_aws_kong.gateway.conf -------------------------------------------------------------------------------- /config/processors/log_audit_aws_seclake.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_audit_aws_seclake.conf -------------------------------------------------------------------------------- /config/processors/log_elasticsearch.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_elasticsearch.conf -------------------------------------------------------------------------------- /config/processors/log_hadoop.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_hadoop.conf -------------------------------------------------------------------------------- /config/processors/log_rundeck.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_rundeck.conf -------------------------------------------------------------------------------- /config/processors/log_security_proofpoint.trap.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_security_proofpoint.trap.conf -------------------------------------------------------------------------------- /config/processors/log_tanium.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/log_tanium.conf -------------------------------------------------------------------------------- /config/processors/logstash_virtustream_linux_forwarder.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/logstash_virtustream_linux_forwarder.conf -------------------------------------------------------------------------------- /config/processors/logstash_virtustream_windows_forwarder.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/logstash_virtustream_windows_forwarder.conf -------------------------------------------------------------------------------- /config/processors/openwec.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/openwec.conf -------------------------------------------------------------------------------- /config/processors/push_api_list_inventory_forescout.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/push_api_list_inventory_forescout.conf -------------------------------------------------------------------------------- /config/processors/s3_log_aws.cloudfront.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/s3_log_aws.cloudfront.conf -------------------------------------------------------------------------------- /config/processors/s3_log_aws.lb.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/s3_log_aws.lb.conf -------------------------------------------------------------------------------- /config/processors/snmp_forescout.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snmp_forescout.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_access_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_access_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_admin_role_activity.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_admin_role_activity.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_columns.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_columns.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_copy_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_copy_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_data_transfer_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_data_transfer_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_database_storage_usage_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_database_storage_usage_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_databases.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_databases.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_event_usage_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_event_usage_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_failed_logins.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_failed_logins.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_functions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_functions.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_grants_to_public.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_grants_to_public.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_grants_to_roles.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_grants_to_roles.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_grants_to_users.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_grants_to_users.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_integration_monitoring.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_integration_monitoring.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_key_management.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_key_management.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_key_pair_auth.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_key_pair_auth.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_load_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_load_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_login_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_login_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_masking_policies.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_masking_policies.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_metering_daily_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_metering_daily_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_metering_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_metering_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_mfa_exist.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_mfa_exist.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_procedures.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_procedures.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_query_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_query_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_rest_event_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_rest_event_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_role_activity.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_role_activity.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_roles.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_roles.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_row_access_policies.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_row_access_policies.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_schemata.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_schemata.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_scim_access_token.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_scim_access_token.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_serverless_task_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_serverless_task_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_sessions.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_sessions.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_stage_storage_usage_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_stage_storage_usage_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_stages.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_stages.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_storage_usage.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_storage_usage.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_tables.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_tables.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_task_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_task_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_user_activity.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_user_activity.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_user_creation_modification.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_user_creation_modification.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_users.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_users.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_views.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_views.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_warehouse_events_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_warehouse_events_history.conf -------------------------------------------------------------------------------- /config/processors/snowflake_acc_warehouse_load_history.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/snowflake_acc_warehouse_load_history.conf -------------------------------------------------------------------------------- /config/processors/syslog_as400_audit.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_as400_audit.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_a10.proxy.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_a10.proxy.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_accellion.sft.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_accellion.sft.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_aix_rsyslog.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_aix_rsyslog.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_apache.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_apache.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_checkpoint.fw.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_checkpoint.fw.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_checkpoint.operations.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_checkpoint.operations.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.aci.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.aci.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.dna.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.dna.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.mso.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.mso.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.prime.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.prime.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.router.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.router.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.switch.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.switch.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.wireless.ap.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.wireless.ap.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.wireless.bridge.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.wireless.bridge.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_cisco.wireless.control.system.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_cisco.wireless.control.system.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_citrix.netscaler.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_citrix.netscaler.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_f5.big.ip.gtm.dns.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_f5.big.ip.gtm.dns.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_f5.big.ip.ltm.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_f5.big.ip.ltm.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_infoblox.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_infoblox.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_lieberman.random.pass.mgr.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_lieberman.random.pass.mgr.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_linux.host.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_linux.host.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_linux.redhat.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_linux.redhat.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_linux_rsyslog.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_linux_rsyslog.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_meraki.router.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_meraki.router.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_mpki.cmpv2.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_mpki.cmpv2.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_riverbed.netim_weekly.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_riverbed.netim_weekly.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_rsa.auth.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_rsa.auth.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_spectracom.ntp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_spectracom.ntp.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_tenable.nessus_scanner.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_tenable.nessus_scanner.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_tenable.security_center.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_tenable.security_center.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_trellix.epo.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_trellix.epo.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_ubiquiti.controller_session_logs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_ubiquiti.controller_session_logs.conf -------------------------------------------------------------------------------- /config/processors/syslog_audit_ubiquiti.wireless_bridge.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_audit_ubiquiti.wireless_bridge.conf -------------------------------------------------------------------------------- /config/processors/syslog_list_inventory_tanium.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_list_inventory_tanium.conf -------------------------------------------------------------------------------- /config/processors/syslog_remote_console.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_remote_console.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_a10.waf.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_a10.waf.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_bomgar.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_bomgar.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.apic.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.apic.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.ise.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.ise.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.meraki.fw.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.meraki.fw.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.meraki.wap.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.meraki.wap.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.satellite.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.satellite.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.stealthwatch.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.stealthwatch.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_cisco.waas.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_cisco.waas.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_forescout.counteract.nac.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_forescout.counteract.nac.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_guardium.db.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_guardium.db.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_hp.network.node.mgr.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_hp.network.node.mgr.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_juniper.fw.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_juniper.fw.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_juniper_pulse.ssl.vpn.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_juniper_pulse.ssl.vpn.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_layer7.securespan.soa.gw.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_layer7.securespan.soa.gw.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_microsoft.ata.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_microsoft.ata.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_palo.alto.fw.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_palo.alto.fw.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_sap.onapsis.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_sap.onapsis.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_sdwan.app.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_sdwan.app.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_sdwan.os_ubuntu.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_sdwan.os_ubuntu.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_skyhigh.atd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_skyhigh.atd.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_skyhigh.security.mgr.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_skyhigh.security.mgr.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_skyhigh.swg.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_skyhigh.swg.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_symantec.dlp.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_symantec.dlp.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_symantec.endpoint.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_symantec.endpoint.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_tanium.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_tanium.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_tibco_ems.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_tibco_ems.conf -------------------------------------------------------------------------------- /config/processors/syslog_security_tufin.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_security_tufin.conf -------------------------------------------------------------------------------- /config/processors/syslog_securityonion_securityonion.suricata.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_securityonion_securityonion.suricata.conf -------------------------------------------------------------------------------- /config/processors/syslog_securityonion_securityonion.zeek.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_securityonion_securityonion.zeek.conf -------------------------------------------------------------------------------- /config/processors/syslog_source_unidentified.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_source_unidentified.conf -------------------------------------------------------------------------------- /config/processors/syslog_virtustream_trendmicro_forwarder.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/syslog_virtustream_trendmicro_forwarder.conf -------------------------------------------------------------------------------- /config/processors/vuln_gitguardian_internal.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/vuln_gitguardian_internal.conf -------------------------------------------------------------------------------- /config/processors/vuln_sysdig_scanning.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/vuln_sysdig_scanning.conf -------------------------------------------------------------------------------- /config/processors/vuln_tenable_asm.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/vuln_tenable_asm.conf -------------------------------------------------------------------------------- /config/processors/vuln_tenable_sc.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/vuln_tenable_sc.conf -------------------------------------------------------------------------------- /config/processors/webhook_ionix_alert.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/webhook_ionix_alert.conf -------------------------------------------------------------------------------- /config/processors/webhook_wiz_alert.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/webhook_wiz_alert.conf -------------------------------------------------------------------------------- /config/processors/wef_audit_windows.events.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/config/processors/wef_audit_windows.events.conf -------------------------------------------------------------------------------- /doc/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/README.md -------------------------------------------------------------------------------- /doc/_resources/README.md: -------------------------------------------------------------------------------- 1 | diagrams to be used in docs/wiki -------------------------------------------------------------------------------- /doc/_resources/logflow_detailed.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/_resources/logflow_detailed.jpg -------------------------------------------------------------------------------- /doc/_resources/openSIEM_logflow.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/_resources/openSIEM_logflow.jpg -------------------------------------------------------------------------------- /doc/_resources/pipeline_generation.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/_resources/pipeline_generation.jpg -------------------------------------------------------------------------------- /doc/ad_users/ad_domain_users_list.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/ad_users/ad_domain_users_list.ps1 -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/azure_atp/azure_atp_job.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/azure_atp/azure_atp_job.service -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/azure_atp/job_azure_atp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/azure_atp/job_azure_atp.py -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/azure_atp/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/azure_atp/requirements.txt -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/azure_graph_alerts/azure_graph_alerts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/azure_graph_alerts/azure_graph_alerts.py -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.py -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.service -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.timer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/identity_protection_risk_detections/identity_protection_risk_detections.timer -------------------------------------------------------------------------------- /doc/api_collection_programs/azure/identity_protection_risky_users/identity_protection_risky_users.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/azure/identity_protection_risky_users/identity_protection_risky_users.py -------------------------------------------------------------------------------- /doc/api_collection_programs/kafka_producer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/kafka_producer.py -------------------------------------------------------------------------------- /doc/api_collection_programs/mcafee_cloud_proxy/job_mcp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/mcafee_cloud_proxy/job_mcp.py -------------------------------------------------------------------------------- /doc/api_collection_programs/mcafee_cloud_proxy/job_mcp.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/mcafee_cloud_proxy/job_mcp.service -------------------------------------------------------------------------------- /doc/api_collection_programs/okta/job_okta.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/okta/job_okta.py -------------------------------------------------------------------------------- /doc/api_collection_programs/okta/job_okta.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/okta/job_okta.service -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_forensics/pp_forensics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_forensics/pp_forensics.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/kafka_client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_pod/kafka_client.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/pp_pod_job.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/pp_pod_job.service -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/websocket/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/websocket/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/websocket/client.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/websocket/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_pod/pod_logging/websocket/config.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_siem/pp_siem.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_siem/pp_siem.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_siem/pp_siem_job.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_siem/pp_siem_job.service -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_siem/sns.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_siem/sns.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_trap/pp_trap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_trap/pp_trap.py -------------------------------------------------------------------------------- /doc/api_collection_programs/proofpoint/proofpoint_trap/pp_trap_job.service: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/proofpoint/proofpoint_trap/pp_trap_job.service -------------------------------------------------------------------------------- /doc/api_collection_programs/secret.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/secret.py -------------------------------------------------------------------------------- /doc/api_collection_programs/syncplicity/syncplicity_admin.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/syncplicity/syncplicity_admin.py -------------------------------------------------------------------------------- /doc/api_collection_programs/syncplicity/syncplicity_user.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/api_collection_programs/syncplicity/syncplicity_user.py -------------------------------------------------------------------------------- /doc/elastic_common_schema/ecs_1.7_modified.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/elastic_common_schema/ecs_1.7_modified.csv -------------------------------------------------------------------------------- /doc/elastic_common_schema/ecs_1.9_with_custom_fields.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/elastic_common_schema/ecs_1.9_with_custom_fields.csv -------------------------------------------------------------------------------- /doc/enrichments/quick_reference_enrichment_enable_disable.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/enrichments/quick_reference_enrichment_enable_disable.csv -------------------------------------------------------------------------------- /doc/log_configurations/forescout/logstash_forescout_push_api_inventory.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/forescout/logstash_forescout_push_api_inventory.conf -------------------------------------------------------------------------------- /doc/log_configurations/iis/iis.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/iis/iis.txt -------------------------------------------------------------------------------- /doc/log_configurations/iis/set_iis_logging_settings.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/iis/set_iis_logging_settings.ps1 -------------------------------------------------------------------------------- /doc/log_configurations/linux/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/linux/README.md -------------------------------------------------------------------------------- /doc/log_configurations/linux/configure_apache.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/linux/configure_apache.py -------------------------------------------------------------------------------- /doc/log_configurations/linux/rsyslog/auditd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/linux/rsyslog/auditd.conf -------------------------------------------------------------------------------- /doc/log_configurations/linux/rsyslog/rsyslog.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/linux/rsyslog/rsyslog.conf -------------------------------------------------------------------------------- /doc/log_configurations/linux/setting_up_apache.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/linux/setting_up_apache.md -------------------------------------------------------------------------------- /doc/log_configurations/mcafee_web_gateway.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/mcafee_web_gateway.txt -------------------------------------------------------------------------------- /doc/log_configurations/windows_security_events/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/windows_security_events/readme.md -------------------------------------------------------------------------------- /doc/log_configurations/windows_security_events/send_evtx_to_elk.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/log_configurations/windows_security_events/send_evtx_to_elk.ps1 -------------------------------------------------------------------------------- /doc/snmp_traps/SNMPTrapReceiver.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/snmp_traps/SNMPTrapReceiver.py -------------------------------------------------------------------------------- /doc/templates/ECS_1.7/12_shard_volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/templates/ECS_1.7/12_shard_volume.json -------------------------------------------------------------------------------- /doc/templates/ECS_1.7/1_shard_volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/templates/ECS_1.7/1_shard_volume.json -------------------------------------------------------------------------------- /doc/templates/ECS_1.7/20_shard_volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/templates/ECS_1.7/20_shard_volume.json -------------------------------------------------------------------------------- /doc/templates/ECS_1.7/2_shard_volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/templates/ECS_1.7/2_shard_volume.json -------------------------------------------------------------------------------- /doc/templates/ECS_1.7/6_shard_volume.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Cargill/OpenSIEM-Logstash-Parsing/HEAD/doc/templates/ECS_1.7/6_shard_volume.json --------------------------------------------------------------------------------