8 lines
557 B
Markdown
8 lines
557 B
Markdown
```
|
|
index=* sourcetype=zeek*
|
|
| iplocation prefix=Source_ allfields=true id.orig_h
|
|
| eval "Source_Location"=case(Source_City=="Whitehall", "Lumen",Source_City== "Quantico", "MCCOG")
|
|
| iplocation prefix=Destination_ allfields=true id.resp_h
|
|
| eval "Destination_Location"=case(Destination_City=="Whitehall", "Lumen",Destination_City== "Quantico", "MCCOG")
|
|
| table sourcetype, _time, id.orig_h, "Source_City","Source_Region","Source_Country", "Source_Location",id.resp_h,"Destination_City","Destination_Region","Destination_Country", "Destination_Location"
|
|
``` |