infosecn1nja
/
HELK
mirror of https://github.com/infosecn1nja/HELK.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Minor Fix - Winevent Security 

fix https://github.com/Cyb3rWard0g/HELK/issues/75
keyword-vs-text-changes
Roberto Rodriguez 2018-06-11 02:42:44 -04:00
parent fea1b81c31
commit 2856a40c9c
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
helk-logstash/pipeline/12-winevent-security-filter.conf
View File

@ -842,6 +842,13 @@ filter {
tag_on_exception => "_0591_rubyexception"
}
}
if [target_process_id] {
mutate { gsub => [ "target_process_id", "0x", "" ]}
ruby {
code => "event.set('target_process_id', event.get('target_process_id').to_s.hex)"
tag_on_exception => "_0591_rubyexception"
}
}
}
}