diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index c62bad7a213c..731b6c194d67 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -216,7 +216,11 @@ def _test_expected_events(self, test_file, objects): def clean_keys(obj): # These keys are host dependent - host_keys = ["host.name", "agent.name", "agent.type", "agent.ephemeral_id", "agent.id"] + host_keys = ["agent.name", "agent.type", "agent.ephemeral_id", "agent.id"] + # Strip host.name if event is not tagged as `forwarded`. + if "tags" not in obj or "forwarded" not in obj["tags"]: + host_keys.append("host.name") + # The create timestamps area always new time_keys = ["event.created"] # source path and agent.version can be different for each run diff --git a/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json index 465bbd1ea325..3540a3f6a15f 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json @@ -7,6 +7,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 0, @@ -26,6 +27,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 194, @@ -45,6 +47,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 386, @@ -64,6 +67,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 568, @@ -83,6 +87,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 774, @@ -102,6 +107,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 943, @@ -121,6 +127,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1072, @@ -140,6 +147,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1191, @@ -159,6 +167,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1316, @@ -178,6 +187,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1440, @@ -197,6 +207,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1575, @@ -216,6 +227,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1721, @@ -235,6 +247,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1867, @@ -254,6 +267,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1984, @@ -273,6 +287,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2128, @@ -292,6 +307,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2285, @@ -311,6 +327,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2436, @@ -330,6 +347,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2580, @@ -349,6 +367,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2737, @@ -368,6 +387,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2888, @@ -387,6 +407,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3032, @@ -406,6 +427,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3143, @@ -425,6 +447,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3267, @@ -444,6 +467,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3440, @@ -463,6 +487,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3564, @@ -482,6 +507,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3739, @@ -501,6 +527,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3874, @@ -520,6 +547,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4002, @@ -539,6 +567,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4113, @@ -558,6 +587,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4238, @@ -577,6 +607,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4357, @@ -596,6 +627,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4492, @@ -615,6 +647,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4686, @@ -634,6 +667,7 @@ "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", + "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4870, diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json index 51da7aa889ff..89bd797ebff2 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -904,4 +904,4 @@ "user.name": "No Authentication Required", "user_agent.original": "curl/7.58.0" } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json index 3aae7f3f80ea..e515eb465831 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-audit-events.log-expected.json @@ -19,6 +19,7 @@ "start" ], "fileset.name": "falcon", + "host.name": "hostnameofmachine", "input.type": "log", "log.flags": [ "multiline" @@ -52,6 +53,7 @@ "end" ], "fileset.name": "falcon", + "host.name": "hostnameofmachine", "input.type": "log", "log.flags": [ "multiline" diff --git a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json index e4f8a56d58c7..3213435b88c2 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json +++ b/x-pack/filebeat/module/crowdstrike/falcon/test/falcon-events.log-expected.json @@ -61,6 +61,7 @@ "file.hash.md5": "ac4c51eb24aa95b77f705ab159189e24", "file.hash.sha256": "6a671b92a69755de6fd063fcbe4ba926d83b49f78c42dbaeed8cdb6bbc57576a", "fileset.name": "falcon", + "host.name": "alice-laptop", "input.type": "log", "log.flags": [ "multiline" diff --git a/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json index 1fbe5afbaf7d..37acd84813c8 100644 --- a/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/01-exchange-admin.log-expected.json @@ -13,6 +13,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "o365.audit.AppId": "", @@ -57,6 +58,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 980, "o365.audit.AppId": "", @@ -114,6 +116,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 2735, "o365.audit.AppId": "", @@ -171,6 +174,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 4490, "o365.audit.AppId": "", @@ -215,6 +219,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5269, "o365.audit.AppId": "", @@ -259,6 +264,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 6035, "o365.audit.AppId": "", @@ -304,6 +310,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 6914, "o365.audit.AppId": "", @@ -350,6 +357,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 7955, "o365.audit.AppId": "", @@ -394,6 +402,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 8743, "o365.audit.AppId": "", @@ -451,6 +460,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 10498, "o365.audit.AppId": "", @@ -508,6 +518,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 12253, "o365.audit.AppId": "", @@ -553,6 +564,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 13107, "o365.audit.AppId": "", @@ -610,6 +622,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 14862, "o365.audit.AppId": "", @@ -667,6 +680,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 16617, "o365.audit.AppId": "", @@ -724,6 +738,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 18372, "o365.audit.AppId": "", @@ -781,6 +796,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 20127, "o365.audit.AppId": "", @@ -838,6 +854,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 21882, "o365.audit.AppId": "", @@ -895,6 +912,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 23638, "o365.audit.AppId": "", @@ -939,6 +957,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 24439, "o365.audit.AppId": "", @@ -984,6 +1003,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 25318, "o365.audit.AppId": "", @@ -1029,6 +1049,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 26189, "o365.audit.AppId": "", @@ -1073,6 +1094,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 26990, "o365.audit.AppId": "", @@ -1118,6 +1140,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 27869, "o365.audit.AppId": "", @@ -1175,6 +1198,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 29609, "o365.audit.AppId": "", @@ -1232,6 +1256,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 31365, "o365.audit.AppId": "", @@ -1289,6 +1314,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 33120, "o365.audit.AppId": "", @@ -1346,6 +1372,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 34875, "o365.audit.AppId": "", @@ -1403,6 +1430,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 36630, "o365.audit.AppId": "", @@ -1460,6 +1488,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 38385, "o365.audit.AppId": "", @@ -1517,6 +1546,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 40140, "o365.audit.AppId": "", @@ -1574,6 +1604,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 41895, "o365.audit.AppId": "", @@ -1633,6 +1664,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 43719, "o365.audit.AppId": "", @@ -1690,6 +1722,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 45474, "o365.audit.AppId": "", @@ -1747,6 +1780,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 47229, "o365.audit.AppId": "", @@ -1804,6 +1838,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 48984, "o365.audit.AppId": "", @@ -1861,6 +1896,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 50739, "o365.audit.AppId": "", @@ -1918,6 +1954,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 52494, "o365.audit.AppId": "", @@ -1975,6 +2012,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 54249, "o365.audit.AppId": "", @@ -2032,6 +2070,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 56004, "o365.audit.AppId": "", @@ -2089,6 +2128,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 57759, "o365.audit.AppId": "", @@ -2146,6 +2186,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 59514, "o365.audit.AppId": "", @@ -2200,6 +2241,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 60916, "o365.audit.AppId": "", @@ -2246,6 +2288,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 61845, "o365.audit.AppId": "", @@ -2291,6 +2334,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 62639, "o365.audit.AppId": "", @@ -2336,6 +2380,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 63518, "o365.audit.AppId": "", @@ -2381,6 +2426,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 64330, "o365.audit.AppId": "", @@ -2440,6 +2486,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 66154, "o365.audit.AppId": "", @@ -2497,6 +2544,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 67910, "o365.audit.AppId": "", @@ -2554,6 +2602,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 69665, "o365.audit.AppId": "", @@ -2611,6 +2660,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 71420, "o365.audit.AppId": "", @@ -2668,6 +2718,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 73175, "o365.audit.AppId": "", @@ -2725,6 +2776,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 74930, "o365.audit.AppId": "", @@ -2782,6 +2834,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 76685, "o365.audit.AppId": "", @@ -2839,6 +2892,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 78440, "o365.audit.AppId": "", @@ -2896,6 +2950,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 80195, "o365.audit.AppId": "", @@ -2953,6 +3008,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 81938, "o365.audit.AppId": "", @@ -3010,6 +3066,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 83693, "o365.audit.AppId": "", @@ -3067,6 +3124,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 85448, "o365.audit.AppId": "", @@ -3113,6 +3171,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 86366, "o365.audit.AppId": "", @@ -3159,6 +3218,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 87295, "o365.audit.AppId": "", @@ -3216,6 +3276,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 89050, "o365.audit.AppId": "", @@ -3273,6 +3334,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 90805, "o365.audit.AppId": "", @@ -3319,6 +3381,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 91734, "o365.audit.AppId": "", @@ -3363,6 +3426,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 92522, "o365.audit.AppId": "", @@ -3422,6 +3486,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 94346, "o365.audit.AppId": "", @@ -3479,6 +3544,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 96101, "o365.audit.AppId": "", @@ -3536,6 +3602,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 97844, "o365.audit.AppId": "", @@ -3593,6 +3660,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 99599, "o365.audit.AppId": "", @@ -3650,6 +3718,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 101354, "o365.audit.AppId": "", @@ -3707,6 +3776,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 103109, "o365.audit.AppId": "", @@ -3764,6 +3834,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 104864, "o365.audit.AppId": "", @@ -3821,6 +3892,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 106619, "o365.audit.AppId": "", @@ -3866,6 +3938,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 107473, "o365.audit.AppId": "", @@ -3912,6 +3985,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 108402, "o365.audit.AppId": "", @@ -3957,6 +4031,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 109265, "o365.audit.AppId": "", @@ -4003,6 +4078,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 110183, "o365.audit.AppId": "", @@ -4047,6 +4123,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 110984, "o365.audit.AppId": "", @@ -4093,6 +4170,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 112168, "o365.audit.AppId": "", @@ -4137,6 +4215,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 113148, "o365.audit.AppId": "", @@ -4183,6 +4262,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 114077, "o365.audit.AppId": "", @@ -4240,6 +4320,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 115817, "o365.audit.AppId": "", @@ -4297,6 +4378,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 117572, "o365.audit.AppId": "", @@ -4354,6 +4436,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 119327, "o365.audit.AppId": "", @@ -4411,6 +4494,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 121082, "o365.audit.AppId": "", @@ -4468,6 +4552,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 122837, "o365.audit.AppId": "", @@ -4525,6 +4610,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 124592, "o365.audit.AppId": "", @@ -4582,6 +4668,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 126347, "o365.audit.AppId": "", @@ -4639,6 +4726,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 128102, "o365.audit.AppId": "", @@ -4685,6 +4773,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 129286, "o365.audit.AppId": "", @@ -4742,6 +4831,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 131041, "o365.audit.AppId": "", @@ -4799,6 +4889,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 132784, "o365.audit.AppId": "", @@ -4844,6 +4935,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 133638, "o365.audit.AppId": "", @@ -4901,6 +4993,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 135393, "o365.audit.AppId": "", @@ -4945,6 +5038,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 136145, "o365.audit.AppId": "", @@ -4991,6 +5085,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 137063, "o365.audit.AppId": "", @@ -5045,6 +5140,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 138465, "o365.audit.AppId": "", @@ -5102,6 +5198,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 140220, "o365.audit.AppId": "", @@ -5148,6 +5245,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 141138, "o365.audit.AppId": "", @@ -5205,6 +5303,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 142893, "o365.audit.AppId": "", @@ -5264,6 +5363,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 144717, "o365.audit.AppId": "", diff --git a/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json index 7c530b3de406..05d19758b0e2 100644 --- a/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/02-exchange-item.log-expected.json @@ -15,6 +15,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "network.type": "ipv6", @@ -77,6 +78,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1526, "network.type": "ipv6", @@ -139,6 +141,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 3083, "network.type": "ipv6", @@ -201,6 +204,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 4634, "network.type": "ipv6", @@ -263,6 +267,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5847, "network.type": "ipv6", @@ -325,6 +330,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 7111, "network.type": "ipv6", @@ -387,6 +393,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 8324, "network.type": "ipv6", @@ -449,6 +456,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 9590, "network.type": "ipv6", @@ -511,6 +519,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 10832, "network.type": "ipv6", diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json index 650bbe92b0c9..92415bf00c4d 100644 --- a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json @@ -15,6 +15,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "network.type": "ipv4", @@ -82,6 +83,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 870, "network.type": "ipv4", @@ -149,6 +151,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1740, "network.type": "ipv4", @@ -216,6 +219,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 2610, "network.type": "ipv4", diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json index f77a0237b085..d6e9404a8425 100644 --- a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json @@ -18,6 +18,7 @@ "file.name": "Screenshot 2020-01-27 at 11.30.48.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "network.type": "ipv4", @@ -93,6 +94,7 @@ "file.name": "Screenshot 2020-01-27 at 11.30.48.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1130, "network.type": "ipv4", @@ -168,6 +170,7 @@ "file.name": "All.aspx", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 2260, "network.type": "ipv4", @@ -243,6 +246,7 @@ "file.name": "All.aspx", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 3346, "network.type": "ipv4", @@ -318,6 +322,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 4432, "network.type": "ipv4", @@ -394,6 +399,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5540, "network.type": "ipv4", @@ -469,6 +475,7 @@ "file.name": "Screenshot 2020-01-27 at 11.30.48.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 6625, "network.type": "ipv4", @@ -544,6 +551,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 7755, "network.type": "ipv4", @@ -620,6 +628,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 8863, "network.type": "ipv4", @@ -695,6 +704,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 9948, "network.type": "ipv4", @@ -770,6 +780,7 @@ "file.name": "Screenshot.png", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 11033, "network.type": "ipv4", diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json index e0dfc8ff9b8f..cea77b1153fa 100644 --- a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json @@ -15,6 +15,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "network.type": "ipv4", @@ -157,6 +158,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5611, "network.type": "ipv4", @@ -299,6 +301,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 11222, "network.type": "ipv4", @@ -441,6 +444,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 16833, "network.type": "ipv4", @@ -594,6 +598,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 20744, "network.type": "ipv4", @@ -747,6 +752,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 24655, "network.type": "ipv4", @@ -907,6 +913,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 29810, "network.type": "ipv4", @@ -1067,6 +1074,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 35008, "network.type": "ipv4", @@ -1227,6 +1235,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 40163, "network.type": "ipv4", @@ -1387,6 +1396,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 45361, "network.type": "ipv4", @@ -1547,6 +1557,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 50516, "network.type": "ipv4", @@ -1707,6 +1718,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 55714, "network.type": "ipv4", @@ -1867,6 +1879,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 60912, "network.type": "ipv4", @@ -2027,6 +2040,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 66067, "network.type": "ipv4", @@ -2187,6 +2201,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 71265, "network.type": "ipv4", @@ -2347,6 +2362,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 76420, "network.type": "ipv4", @@ -2507,6 +2523,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 81575, "network.type": "ipv4", @@ -2667,6 +2684,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 86773, "network.type": "ipv4", @@ -2827,6 +2845,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 91928, "network.type": "ipv4", @@ -2969,6 +2988,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 97179, "network.type": "ipv4", @@ -3111,6 +3131,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 102430, "network.type": "ipv4", @@ -3264,6 +3285,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 106341, "network.type": "ipv4", @@ -3406,6 +3428,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 111772, "network.type": "ipv4", @@ -3548,6 +3571,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 117203, "network.type": "ipv4", @@ -3690,6 +3714,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 122634, "network.type": "ipv4", @@ -3843,6 +3868,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 126545, "network.type": "ipv4", @@ -4003,6 +4029,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 131695, "network.type": "ipv4", @@ -4163,6 +4190,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 136845, "network.type": "ipv4", @@ -4323,6 +4351,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 141995, "network.type": "ipv4", @@ -4483,6 +4512,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 147145, "network.type": "ipv4", @@ -4643,6 +4673,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 152295, "network.type": "ipv4", @@ -4803,6 +4834,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 157445, "network.type": "ipv4", @@ -4963,6 +4995,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 162595, "network.type": "ipv4", @@ -5123,6 +5156,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 167745, "network.type": "ipv4", @@ -5284,6 +5318,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 172525, "network.type": "ipv4", @@ -5443,6 +5478,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "support.onmicrosoft.com", "input.type": "log", "log.offset": 177305, "o365.audit.Actor": [ @@ -5573,6 +5609,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 181962, "network.type": "ipv4", @@ -5733,6 +5770,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 187354, "network.type": "ipv4", @@ -5893,6 +5931,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 192746, "network.type": "ipv4", @@ -6053,6 +6092,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 198138, "network.type": "ipv4", @@ -6213,6 +6253,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 203293, "network.type": "ipv4", @@ -6373,6 +6414,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 208491, "network.type": "ipv4", @@ -6533,6 +6575,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 213646, "network.type": "ipv4", @@ -6693,6 +6736,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 218844, "network.type": "ipv4", @@ -6853,6 +6897,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 224042, "network.type": "ipv4", @@ -7013,6 +7058,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 229197, "network.type": "ipv4", @@ -7173,6 +7219,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 234395, "network.type": "ipv4", @@ -7333,6 +7380,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 239593, "network.type": "ipv4", @@ -7493,6 +7541,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 244748, "network.type": "ipv4", @@ -7653,6 +7702,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 249903, "network.type": "ipv4", @@ -7813,6 +7863,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 255101, "network.type": "ipv4", @@ -7973,6 +8024,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 260299, "network.type": "ipv4", @@ -8134,6 +8186,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 264870, "network.type": "ipv4", @@ -8295,6 +8348,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 269441, "network.type": "ipv4", @@ -8455,6 +8509,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 274829, "network.type": "ipv4", @@ -8615,6 +8670,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 280217, "network.type": "ipv4", @@ -8775,6 +8831,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 285605, "network.type": "ipv4", @@ -8935,6 +8992,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 290993, "network.type": "ipv4", @@ -9095,6 +9153,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 296142, "network.type": "ipv4", @@ -9255,6 +9314,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 301291, "network.type": "ipv4", @@ -9415,6 +9475,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 306440, "network.type": "ipv4", @@ -9575,6 +9636,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 311589, "network.type": "ipv4", @@ -9735,6 +9797,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 316738, "network.type": "ipv4", @@ -9877,6 +9940,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 321131, "network.type": "ipv4", @@ -10019,6 +10083,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 325524, "network.type": "ipv4", @@ -10161,6 +10226,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 329917, "network.type": "ipv4", @@ -10303,6 +10369,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 334310, "network.type": "ipv4", @@ -10455,6 +10522,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 338473, "network.type": "ipv4", @@ -10608,6 +10676,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 343183, "network.type": "ipv4", @@ -10761,6 +10830,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 347893, "network.type": "ipv4", @@ -10914,6 +10984,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 352603, "network.type": "ipv4", @@ -11067,6 +11138,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 357313, "network.type": "ipv4", @@ -11207,6 +11279,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 360775, "network.type": "ipv4", @@ -11349,6 +11422,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 364657, "network.type": "ipv4", @@ -11491,6 +11565,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 368539, "network.type": "ipv4", @@ -11644,6 +11719,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 372452, "network.type": "ipv4", @@ -11797,6 +11873,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 376365, "network.type": "ipv4", @@ -11950,6 +12027,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 380278, "network.type": "ipv4", @@ -12092,6 +12170,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 385372, "network.type": "ipv4", @@ -12234,6 +12313,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 390466, "network.type": "ipv4", @@ -12376,6 +12456,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 395560, "network.type": "ipv4", @@ -12529,6 +12610,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 399473, "network.type": "ipv4", @@ -12682,6 +12764,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 403386, "network.type": "ipv4", @@ -12835,6 +12918,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 407299, "network.type": "ipv4", @@ -12995,6 +13079,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 412451, "network.type": "ipv4", @@ -13155,6 +13240,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 417603, "network.type": "ipv4", @@ -13315,6 +13401,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 422755, "network.type": "ipv4", @@ -13475,6 +13562,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 427907, "network.type": "ipv4", @@ -13635,6 +13723,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 433059, "network.type": "ipv4", @@ -13795,6 +13884,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 438211, "network.type": "ipv4", @@ -13955,6 +14045,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 443363, "network.type": "ipv4", @@ -14115,6 +14206,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 448515, "network.type": "ipv4", @@ -14275,6 +14367,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 453904, "network.type": "ipv4", @@ -14435,6 +14528,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 459293, "network.type": "ipv4", @@ -14595,6 +14689,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 464682, "network.type": "ipv4", @@ -14756,6 +14851,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 469256, "network.type": "ipv4", @@ -14917,6 +15013,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 473830, "network.type": "ipv4", @@ -15078,6 +15175,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 478404, "network.type": "ipv4", @@ -15236,6 +15334,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 482728, "network.type": "ipv4", @@ -15394,6 +15493,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 487052, "network.type": "ipv4", diff --git a/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json index 5fbd3a96c718..18e35d50c187 100644 --- a/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/11-dlp-sharepoint.log-expected.json @@ -17,6 +17,7 @@ "file.owner": "Alan Smithee", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "TESTSIEM2.ONMICROSOFT.COM", "input.type": "log", "log.offset": 0, "o365.audit.CreationTime": "2020-02-25T16:20:15", @@ -102,6 +103,7 @@ "file.owner": "Alan Smithee", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "TESTSIEM2.ONMICROSOFT.COM", "input.type": "log", "log.offset": 1559, "o365.audit.CreationTime": "2020-02-25T16:23:39", @@ -196,6 +198,7 @@ "file.owner": "Alan Smithee", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "TESTSIEM2.ONMICROSOFT.COM", "input.type": "log", "log.offset": 3297, "o365.audit.CreationTime": "2020-02-25T16:23:39", @@ -286,6 +289,7 @@ "file.owner": "Alan Smithee", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "TESTSIEM2.ONMICROSOFT.COM", "input.type": "log", "log.offset": 4958, "o365.audit.CreationTime": "2020-02-25T16:22:22", @@ -380,6 +384,7 @@ "file.owner": "Alan Smithee", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "TESTSIEM2.ONMICROSOFT.COM", "input.type": "log", "log.offset": 6684, "o365.audit.CreationTime": "2020-02-26T10:13:48", @@ -474,6 +479,7 @@ "file.owner": "alice@testsiem2.onmicrosoft.com", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "testsiem2.onmicrosoft.com", "input.type": "log", "log.offset": 8428, "o365.audit.CreationTime": "2020-02-26T12:39:40", @@ -568,6 +574,7 @@ "file.owner": "alice@testsiem2.onmicrosoft.com", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "testsiem2.onmicrosoft.com", "input.type": "log", "log.offset": 10042, "o365.audit.CreationTime": "2020-02-26T12:39:40", diff --git a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json index dd3364f133f5..e4da4415ad82 100644 --- a/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/13-dlp-exchange.log-expected.json @@ -716,6 +716,7 @@ "file.owner": "alice@testsiem2.onmicrosoft.com", "fileset.name": "audit", "host.id": "0e1dddce-163e-4b0b-9e33-87ba56ac4655", + "host.name": "testsiem2.onmicrosoft.com", "input.type": "log", "log.offset": 10504, "o365.audit.CreationTime": "2020-02-24T20:11:15", diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json index 190e21855848..9f10e9f89f34 100644 --- a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json @@ -13,6 +13,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "sharepoint", "input.type": "log", "log.offset": 0, "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", @@ -63,6 +64,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "sharepoint", "input.type": "log", "log.offset": 807, "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", @@ -113,6 +115,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "sharepoint", "input.type": "log", "log.offset": 1594, "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", @@ -163,6 +166,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "sharepoint", "input.type": "log", "log.offset": 2385, "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", @@ -213,6 +217,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "sharepoint", "input.type": "log", "log.offset": 3178, "o365.audit.CorrelationId": "4464369f-303c-b000-7cb1-c0cce4f2da18", @@ -265,6 +270,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 3965, "network.type": "ipv4", @@ -334,6 +340,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5028, "network.type": "ipv4", @@ -407,6 +414,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 6178, "network.type": "ipv4", @@ -481,6 +489,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 7466, "network.type": "ipv4", @@ -555,6 +564,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 8685, "network.type": "ipv4", diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json index a71438525e90..2daa90ba4b75 100644 --- a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json @@ -18,6 +18,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "network.type": "ipv4", @@ -114,6 +115,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1450, "network.type": "ipv4", @@ -210,6 +212,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 2901, "network.type": "ipv4", @@ -306,6 +309,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 4293, "network.type": "ipv4", @@ -402,6 +406,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 5744, "network.type": "ipv4", @@ -498,6 +503,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 7137, "network.type": "ipv4", @@ -594,6 +600,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 8587, "network.type": "ipv4", @@ -690,6 +697,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 10037, "network.type": "ipv4", @@ -786,6 +794,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 11429, "network.type": "ipv4", @@ -882,6 +891,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 12822, "network.type": "ipv4", @@ -978,6 +988,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 14214, "network.type": "ipv4", @@ -1074,6 +1085,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 15664, "network.type": "ipv4", @@ -1170,6 +1182,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 17114, "network.type": "ipv4", @@ -1266,6 +1279,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 18564, "network.type": "ipv4", @@ -1362,6 +1376,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 20013, "network.type": "ipv4", @@ -1455,6 +1470,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 21463, "network.type": "ipv4", @@ -1551,6 +1567,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 22913, "network.type": "ipv4", @@ -1647,6 +1664,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 24306, "network.type": "ipv4", @@ -1740,6 +1758,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 25755, "network.type": "ipv4", @@ -1836,6 +1855,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 27205, "network.type": "ipv4", @@ -1932,6 +1952,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 28655, "network.type": "ipv4", @@ -2028,6 +2049,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 30048, "network.type": "ipv4", @@ -2124,6 +2146,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 31498, "network.type": "ipv4", @@ -2220,6 +2243,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 32948, "network.type": "ipv4", @@ -2316,6 +2340,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 34398, "network.type": "ipv4", @@ -2412,6 +2437,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 35847, "network.type": "ipv4", @@ -2508,6 +2534,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 37297, "network.type": "ipv4", @@ -2604,6 +2631,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 38748, "network.type": "ipv4", @@ -2700,6 +2728,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 40199, "network.type": "ipv4", @@ -2796,6 +2825,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 41650, "network.type": "ipv4", @@ -2891,6 +2921,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 43031, "network.type": "ipv4", @@ -3072,6 +3103,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 45648, "network.type": "ipv4", @@ -3252,6 +3284,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 48207, "network.type": "ipv4", @@ -3433,6 +3466,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 50824, "network.type": "ipv4", @@ -3530,6 +3564,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 52332, "network.type": "ipv4", @@ -3626,6 +3661,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 53782, "network.type": "ipv4", @@ -3806,6 +3842,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 56341, "network.type": "ipv4", @@ -3903,6 +3940,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 57849, "network.type": "ipv4", @@ -3996,6 +4034,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 59299, "network.type": "ipv4", @@ -4092,6 +4131,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 60750, "network.type": "ipv4", @@ -4272,6 +4312,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 63308, "network.type": "ipv4", @@ -4368,6 +4409,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 64758, "network.type": "ipv4", @@ -4464,6 +4506,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 66208, "network.type": "ipv4", @@ -4560,6 +4603,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 67601, "network.type": "ipv4", @@ -4656,6 +4700,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 69051, "network.type": "ipv4", @@ -4752,6 +4797,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 70444, "network.type": "ipv4", @@ -4848,6 +4894,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 71895, "network.type": "ipv4", @@ -4944,6 +4991,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 73345, "network.type": "ipv4", @@ -5040,6 +5088,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 74795, "network.type": "ipv4", @@ -5136,6 +5185,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 76246, "network.type": "ipv4", @@ -5232,6 +5282,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 77696, "network.type": "ipv4", @@ -5328,6 +5379,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 79146, "network.type": "ipv4", @@ -5424,6 +5476,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 80596, "network.type": "ipv4", @@ -5520,6 +5573,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 82047, "network.type": "ipv4", @@ -5613,6 +5667,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 83439, "network.type": "ipv4", @@ -5709,6 +5764,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 84890, "network.type": "ipv4", @@ -5805,6 +5861,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 86340, "network.type": "ipv4", @@ -5901,6 +5958,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 87732, "network.type": "ipv4", @@ -5997,6 +6055,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 89182, "network.type": "ipv4", @@ -6093,6 +6152,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 90575, "network.type": "ipv4", @@ -6189,6 +6249,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 91967, "network.type": "ipv4", @@ -6285,6 +6346,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 93417, "network.type": "ipv4", @@ -6381,6 +6443,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 94867, "network.type": "ipv4", @@ -6477,6 +6540,7 @@ ], "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 96317, "network.type": "ipv4", diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json index c3435f152d65..3425c52aafa5 100644 --- a/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams.log-expected.json @@ -48,6 +48,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 354, "o365.audit.CreationTime": "2020-02-17T16:59:47", @@ -109,6 +110,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1079, "o365.audit.CreationTime": "2020-02-17T16:59:44", @@ -155,6 +157,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 1597, "o365.audit.CreationTime": "2020-02-17T16:59:34", diff --git a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json index fd05be0b0445..7401b62112b6 100644 --- a/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/40-sec-comp-alerts.log-expected.json @@ -14,6 +14,7 @@ "event.type": "info", "fileset.name": "audit", "host.id": "b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd", + "host.name": "testsiem.onmicrosoft.com", "input.type": "log", "log.offset": 0, "message": "New alert",