Skip to content

Commit 8794982

Browse files
williamtrelawnywilliamtrelawny
committed
BD Training Day 3 new content pack
Signed-off-by: William Trelawny <william.trelawny@graylog.com>
1 parent 5a13d9f commit 8794982

File tree

1 file changed

+55
-31
lines changed

1 file changed

+55
-31
lines changed

instruqt/general/configs/content_packs/bd-training-day-3.json

Lines changed: 55 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"v": 1,
3-
"id": "0cd3d0ac-2fd5-495a-8117-3e894de0e786",
3+
"id": "ab54d5e8-3495-4f2e-9647-e8572295297b",
44
"rev": 1,
55
"name": "BD Training Day 3",
66
"summary": "BD Training Day 3",
@@ -12,29 +12,39 @@
1212
{
1313
"v": "1",
1414
"type": {
15-
"name": "pipeline",
15+
"name": "stream",
1616
"version": "1"
1717
},
18-
"id": "568cab41-dae0-46a4-9f34-ebd854fd587b",
18+
"id": "32badf1d-4ed5-4307-8df0-2cf5a5700ce2",
1919
"data": {
20+
"alarm_callbacks": [],
21+
"outputs": [],
22+
"remove_matches": {
23+
"@type": "boolean",
24+
"@value": true
25+
},
2026
"title": {
2127
"@type": "string",
22-
"@value": "Firewall Routing Pipeline"
28+
"@value": "Firewall Stream"
2329
},
24-
"description": {
30+
"stream_rules": [],
31+
"alert_conditions": [],
32+
"matching_type": {
2533
"@type": "string",
26-
"@value": "Route firewall logs to Firewall Stream"
34+
"@value": "AND"
2735
},
28-
"source": {
36+
"disabled": {
37+
"@type": "boolean",
38+
"@value": false
39+
},
40+
"description": {
2941
"@type": "string",
30-
"@value": "pipeline \"Firewall Routing Pipeline\"\nstage 0 match either\nrule \"Route - Firewall Logs - Route to Firewall Stream\"\nend"
42+
"@value": "Firewall Logs"
3143
},
32-
"connected_streams": [
33-
{
34-
"@type": "string",
35-
"@value": "95b4fe20-52f4-4559-9357-93f72b863a7e"
36-
}
37-
]
44+
"default_stream": {
45+
"@type": "boolean",
46+
"@value": false
47+
}
3848
},
3949
"constraints": [
4050
{
@@ -49,7 +59,7 @@
4959
"name": "pipeline",
5060
"version": "1"
5161
},
52-
"id": "92f9b165-f029-49c7-bfe4-80de4426ff0b",
62+
"id": "3bf62201-1e35-4b21-a238-5d75c0d4455f",
5363
"data": {
5464
"title": {
5565
"@type": "string",
@@ -66,7 +76,7 @@
6676
"connected_streams": [
6777
{
6878
"@type": "string",
69-
"@value": "d312daf9-14fc-4e0b-ad06-c5a9f1eaccbf"
79+
"@value": "32badf1d-4ed5-4307-8df0-2cf5a5700ce2"
7080
}
7181
]
7282
},
@@ -80,23 +90,29 @@
8090
{
8191
"v": "1",
8292
"type": {
83-
"name": "pipeline_rule",
93+
"name": "pipeline",
8494
"version": "1"
8595
},
86-
"id": "68bfa6f5-3b43-4f54-a60d-919ed1b3c337",
96+
"id": "38452db3-53d8-4867-9b0c-dc1c14643983",
8797
"data": {
8898
"title": {
8999
"@type": "string",
90-
"@value": "Route - Firewall Logs - Route to Firewall Stream"
100+
"@value": "Firewall Routing Pipeline"
91101
},
92102
"description": {
93103
"@type": "string",
94104
"@value": "Route firewall logs to Firewall Stream"
95105
},
96106
"source": {
97107
"@type": "string",
98-
"@value": "rule \"Route - Firewall Logs - Route to Firewall Stream\"\nwhen\n contains(\n value: to_string($message.message),\n search: \"zone=LAB\"\n )\nthen\n route_to_stream(\n name: \"Firewall Stream\",\n remove_from_default: true\n );\nend"
99-
}
108+
"@value": "pipeline \"Firewall Routing Pipeline\"\nstage 0 match either\nrule \"Route - Firewall Logs - Route to Firewall Stream\"\nend"
109+
},
110+
"connected_streams": [
111+
{
112+
"@type": "string",
113+
"@value": "db9b1e9a-1fa7-4bb2-8cf2-448a3ac4fb78"
114+
}
115+
]
100116
},
101117
"constraints": [
102118
{
@@ -108,14 +124,22 @@
108124
{
109125
"v": "1",
110126
"type": {
111-
"name": "stream_title",
127+
"name": "pipeline_rule",
112128
"version": "1"
113129
},
114-
"id": "95b4fe20-52f4-4559-9357-93f72b863a7e",
130+
"id": "081333f5-768e-459d-8669-3307487483bc",
115131
"data": {
116132
"title": {
117133
"@type": "string",
118-
"@value": "Default Stream"
134+
"@value": "Parse - Firewall Logs - Base Parser"
135+
},
136+
"description": {
137+
"@type": "string",
138+
"@value": "Parse Firewall Logs"
139+
},
140+
"source": {
141+
"@type": "string",
142+
"@value": "rule \"Parse - Firewall Logs - Base Parser\"\nwhen\n true\nthen\n let x = key_value(\n value: to_string($message.message),\n trim_value_chars: '\"'\n );\n \n set_fields(x);\nend"
119143
}
120144
},
121145
"constraints": [
@@ -131,7 +155,7 @@
131155
"name": "pipeline_rule",
132156
"version": "1"
133157
},
134-
"id": "280b7fb8-3ce2-4f3a-8b1a-dd1537625fe0",
158+
"id": "7ded77ae-1061-4faf-a841-efbaee8640b3",
135159
"data": {
136160
"title": {
137161
"@type": "string",
@@ -159,19 +183,19 @@
159183
"name": "pipeline_rule",
160184
"version": "1"
161185
},
162-
"id": "6b506b75-4964-49b6-847e-bad925212e01",
186+
"id": "60c00610-26a7-4938-b780-f1907bcbd3d9",
163187
"data": {
164188
"title": {
165189
"@type": "string",
166-
"@value": "Parse - Firewall Logs - Base Parser"
190+
"@value": "Route - Firewall Logs - Route to Firewall Stream"
167191
},
168192
"description": {
169193
"@type": "string",
170-
"@value": "Parse Firewall Logs"
194+
"@value": "Route firewall logs to Firewall Stream"
171195
},
172196
"source": {
173197
"@type": "string",
174-
"@value": "rule \"Parse - Firewall Logs - Base Parser\"\nwhen\n true\nthen\n let x = key_value(\n value: to_string($message.message),\n trim_value_chars: '\"'\n );\n \n set_fields(x);\nend"
198+
"@value": "rule \"Route - Firewall Logs - Route to Firewall Stream\"\nwhen\n contains(\n value: to_string($message.message),\n search: \"zone=LAB\"\n )\nthen\n route_to_stream(\n name: \"Firewall Stream\",\n remove_from_default: true\n );\nend"
175199
}
176200
},
177201
"constraints": [
@@ -187,11 +211,11 @@
187211
"name": "stream_title",
188212
"version": "1"
189213
},
190-
"id": "d312daf9-14fc-4e0b-ad06-c5a9f1eaccbf",
214+
"id": "db9b1e9a-1fa7-4bb2-8cf2-448a3ac4fb78",
191215
"data": {
192216
"title": {
193217
"@type": "string",
194-
"@value": "Firewall Stream"
218+
"@value": "Default Stream"
195219
}
196220
},
197221
"constraints": [

0 commit comments

Comments
 (0)