Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Socket: Add network.transport and network.community_id #12231

Merged
merged 5 commits into from
May 23, 2019
Merged

[Auditbeat] Socket: Add network.transport and network.community_id #12231

merged 5 commits into from
May 23, 2019

Conversation

cwurm
Copy link
Contributor

@cwurm cwurm commented May 22, 2019

Adds network.transport (always tcp at the moment) and network.community_id to the socket dataset.

I tested that the community ID here is identical with the one generated by Packetbeat and that it can be used to match Packetbeat data (e.g. flow, http) with Auditbeat socket data to get the process and user information.

@cwurm cwurm requested a review from a team as a code owner May 22, 2019 01:25
@elasticmachine
Copy link
Collaborator

Pinging @elastic/secops

andrewkroh
andrewkroh reviewed May 22, 2019
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cwurm cwurm merged commit 874e01f into elastic:master May 23, 2019
@cwurm cwurm deleted the socket_community_id branch May 23, 2019 17:25
@cwurm cwurm mentioned this pull request May 23, 2019
Merged
@cwurm cwurm added the v7.2.0 label May 23, 2019
cwurm pushed a commit to cwurm/beats that referenced this pull request May 23, 2019
[Auditbeat] Socket: Add network.transport and network.community_id (e…
d9a0f30 
…lastic#12231)

Adds `network.transport` (always `tcp` at the moment) and `network.community_id` to the `socket` dataset.

(cherry picked from commit 874e01f)
@cwurm cwurm mentioned this pull request May 23, 2019
Closed
cwurm pushed a commit that referenced this pull request May 24, 2019
[Auditbeat] Cherry-pick #12231 to 7.2: Socket: Add network.transport …
4340d40 
…and network.community_id (#12257)

Adds `network.transport` (always `tcp` at the moment) and `network.community_id` to the `socket` dataset.

(cherry picked from commit 874e01f)
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
[Auditbeat] Cherry-pick elastic#12231 to 7.2: Socket: Add network.tra…
5bc64a6 
…nsport and network.community_id (elastic#12257)

Adds `network.transport` (always `tcp` at the moment) and `network.community_id` to the `socket` dataset.

(cherry picked from commit fe6cab4)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh left review comments

Assignees
No one assigned
Labels
Auditbeat review v7.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwurm @elasticmachine @andrewkroh