Convert rita.dns ingest pipeline to the same naming standard as zeek.dns #8258

johnununu · 2022-07-08T15:18:33Z

johnununu
Jul 8, 2022

This would allow folks to take advantage of the dns.tld pipeline enrichment.

weslambert · 2022-07-13T12:10:09Z

weslambert
Jul 13, 2022

Are you referring to DNS-specific fields, or could you provide an example?

0 replies

johnununu · 2022-07-13T14:31:47Z

johnununu
Jul 13, 2022
Author

The rita.dns elasticsearch ingest has naming standard of 'dns.question.[name | subdomain_count | count]
where as the zeek.dns elasticsearch ingest renames message2.query to dns.queary.name. which then uses the dns.tld pipeline.

I'm asking if the rita.dns elasticsearch ingest pipeline can match the naming standard of the zeek.dns pipeline.
Both are under /opt/so/saltstack/default/salt/elasticsearch/files/ingest

1 reply

weslambert Jul 20, 2022

Thanks for the feedback. We'll look at this as time allows.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Convert rita.dns ingest pipeline to the same naming standard as zeek.dns #8258

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Convert rita.dns ingest pipeline to the same naming standard as zeek.dns #8258

Uh oh!

johnununu Jul 8, 2022

Replies: 2 comments · 1 reply

Uh oh!

weslambert Jul 13, 2022

Uh oh!

johnununu Jul 13, 2022 Author

Uh oh!

weslambert Jul 20, 2022

johnununu
Jul 8, 2022

Replies: 2 comments 1 reply

weslambert
Jul 13, 2022

johnununu
Jul 13, 2022
Author