Skip to content

Commit

Permalink
Merge pull request #98 from kevwal1/SFN41_DNS-Security_update
Browse files Browse the repository at this point in the history
Sfn41 dns security update. lgtm!
  • Loading branch information
Nathan Embery authored Aug 26, 2020
2 parents c6103ef + a8026eb commit 2b909f9
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion install/logstash/threat.conf
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,8 @@ filter {
else if ([ThreatCategory] =~ "^dns") {
# The dns-cloud logging messages are formatted differently than content based
# so check to see if we have one of those and parse it.
if ([ThreatCategory] =~ "^dns-cloud") {
# Now supports changes added to the DNS Security subscription.
if ([ThreatCategory] =~ "^dns-cloud" or [ThreatCategory] =~ "^dns-security") {
if ([ThreatID] =~ "^109000001" or [ThreatID] =~ "^109001001") {
grok {
# We use the grok regex of DATA (rather than HOSTNAME) because we with Kiev/PANOS9.0 we
Expand Down

0 comments on commit 2b909f9

Please sign in to comment.