blob: 4b2efd54ef6a261e085781739f5fa6fc401c8d5e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
# ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe }
[
{
"match": {
"left": {
"concat": [
{
"payload": {
"field": "saddr",
"protocol": "ip"
}
},
{
"payload": {
"field": "daddr",
"protocol": "ip"
}
},
{
"payload": {
"field": "saddr",
"protocol": "ether"
}
}
]
},
"right": {
"set": [
{
"concat": [
"1.1.1.1",
"2.2.2.2",
"ca:fe:ca:fe:ca:fe"
]
}
]
}
}
}
]
|