standardize ICS protocols in network.protocol field, so they all get …

…tagged with 'ics' properly cisagov#541
mmguero-dev · Jan 9, 2025 · 3866959 · 3866959
1 parent 98d7d17
commit 3866959
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/logstash/pipelines/enrichment/11_lookups.conf b/logstash/pipelines/enrichment/11_lookups.conf
@@ -420,12 +420,14 @@ filter {
       ("ethercat" in [network][protocol]) or
       ("ge_srtp" in [network][protocol]) or
       ("genisys" in [network][protocol]) or
-      ("cotp" in [network][protocol]) or
+      ("hart_ip" in [network][protocol]) or
       ("opcua-binary" in [network][protocol]) or
       ("modbus" in [network][protocol]) or
       ("profinet" in [network][protocol]) or
       ("profinet_dce_rpc" in [network][protocol]) or
+      ("profinet_io_cm" in [network][protocol]) or
       ("s7comm" in [network][protocol]) or
+      ("s7comm-plus" in [network][protocol]) or
       ("s7comm_plus" in [network][protocol]) or
       ("synchrophasor" in [network][protocol])) {
     mutate { id => "mutate_add_tag_ics_from_network_protocol"