search

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
https://securityonion.net
3.06k stars 521 forks source link

securityonion-elastic: Bro HTTP Logs "user" field not mapped in Elasticsearch template #1672

Closed weslambert closed 4 years ago

weslambert commented 4 years ago

Need to map this field in the template or change the field to be username in the 1106 config.

dougburks commented 4 years ago

https://github.com/Security-Onion-Solutions/securityonion-elastic/commit/6f2384f223b32d39721f8fec84dcfda74e44425b

weslambert commented 4 years ago

Looks good 👍

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/02/zeek-301-elastic-686-and-cyberchef-9120.html