Hello
I'm trying to send a json like this
{
"Modified": "2019-08-22T10:15:11.617000",
"Published": "2019-08-22T10:15:11.617000",
"capec": [
{
"id": "17",
"name": "Accessing, Modifying or Executing Executable Files",
"prerequisites": "System's configuration must allow an attacker to directly access executable files or upload files to execute. This means that any access control system that is supposed to mediate communications between the subject and the object is set incorrectly or assumes a benign environment.",
"related_weakness": [
"732",
"285",
"272",
"59",
"282",
"275",
"264",
"270",
"693"
],
"solutions": "Design: Enforce principle of least privilege\nDesign: Run server interfaces with a non-root",
"summary": "interface."
},
{
"id": "35",
"name": "Leverage Executable Code in Non-Executable Files",
"prerequisites": "The attacker must have the ability to modify non-executable files consumed by the target software.",
"related_weakness": [
"94",
"96",
"95",
"97",
"272",
"59",
"282",
"275",
"264",
"270",
"714"
],
"solutions": "Design: Enforce principle of least privilege\nDesign: Run server interfaces with a non-root account and/or utilize chroot jails or other configuration techniques to constrain privileges even if attacker gains some limited access to commands",
"summary": "An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipul "
},
{
"id": "5",
"name": "Blue Boxing",
"prerequisites": "System must use weak authentication mechanisms for administrative functions.",
"related_weakness": [
"264"
],
"solutions": "Implementation: Upgrade phone lines. Note this may be prohibitively expensive\nUse strong access control such as two factor access control for administrative access to the switch",
"summary": "This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the "
},
{
"id": "58",
"name": "Restful Privilege Elevation",
"prerequisites": "The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete.",
"related_weakness": [
"267",
"269",
"264"
],
"solutions": "Design: Enforce principle of least privilege\nImplementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side\nImplementation: ",
"summary": "Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete ."
},
{
"id": "69",
"name": "Target Programs with Elevated Privileges",
"prerequisites": "The targeted program runs with elevated OS privileges.\nThe targeted program accepts input data from the user or from another program.\nThe targeted program does not perform input validation properly.\nThe targeted program does not fail safely. ",
"related_weakness": [
"250",
"264",
"15"
],
"solutions": "Apply the principle of least privilege.\nValidate all untrusted data.\nApply the latest patches.\nScan your services and disable the ones which are not needed and are exposed.",
"summary": "This attackl."
},
{
"id": "76",
"name": "Manipulating Input to File System Calls",
"prerequisites": "Program must allow for user controlled variables to be applied directly to the filesystem",
"related_weakness": [
"23",
"22",
"73",
"77",
"346",
"348",
"285",
"264",
"272",
"59",
"74",
"15",
"715"
],
"solutions": "Design: Enforce principle of least privilege.\nDesign: Ensure all input is validated, and does not contain .",
"summary": "An attacker ."
}
],
"cvss": 7.5,
"cwe": "CWE-264",
"id": "CVE-2016-10923",
"last-modified": "2019-08-23T15:46:58.257000",
"references": [
"https://wordpress.org/plugins/woocommerce-store-toolkit/#developers"
],
"summary": "The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.",
"vulnerable_configuration": [],
"vulnerable_configuration_cpe_2_2": []
}
My .conf file has the following code
input {
file {
type => "json"
path => "/home/ubuntu/sec_1.json"
start_position => "beginning"
}
}
filter {
json {
source => "message"
}
}
output{
elasticsearch {
hosts => ["http://xxxxx:9200"]
index => "xxxx"
user => "xxx"
password => "xxxx"
}
}
it stores but when it checked the data in elastic it stores me badly.
I would like to know how to store the records as they come in that same json format, and if you could what would be the way to store them
thanks