I am trying to automate/ease a procedure to review firewall rules within ELK (ElasticSearch, Logstash, Kibana). I have some data obtained from a CSV, which is structured like this:
Source;Destination;Service;Action;Comment 10.0.0.0/8 172.16.0.0/16 192.168.0.0/24 184.108.40.206;10.0.0.1 10.0.0.2 10.0.0.3;udp:53 tcp:53;accept;No.10: ID: INC0000000001
My objective is to import this data within ELK by parsing each field (for subnet and/or IP address) and, if possible, add a sequential field (IP_Source1,IP_Destination2,etc) containing each one. This, in order to correlate each IP and (for example) see if it's contained within one of the subnets (aggregation of rules), and enrich the data with other inputs.
Is this possible, to your knowledge? How?
Thanks a lot for any input you might have.