LinkedIn
Twitter
1 ACCEPTED SOLUTION
filter {
mutate {
replace => {
"event_type" => "GENERIC_EVENT"
"severity" => "INFO"
}
}
# Security Result
if [severity] == "INFO" {
mutate {
replace => {
"description" => "SUCCESS"
}
}
mutate {
replace => {
"security_action" => "ALLOW"
"security_result.description" => "%{description}"
}
}
}
else if [severity] == "ERROR" {
mutate {
replace => {
"security_action" => "BLOCK"
"security_result.description" => "%{jsonPayload.status.message}"
}
}
}
# Merge Action
if [security_action] != "" {
mutate {
merge => {
"security_result.action" => "security_action"
}
}
}
# Merge Security Results
if [security_result] != "" {
mutate {
merge => {
"event.idm.read_only_udm.security_result" => "security_result"
}
}
}
# Default Event Data
mutate {
replace => {
"event.idm.read_only_udm.metadata.event_type" => "%{event_type}"
}
}
# Generate Event
mutate {
merge => {
"@output" => "event"
}
}
}
