Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 21 autogenerated filesets from rsa2elk devices #19713

Merged
merged 19 commits into from
Jul 14, 2020
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
event.action is not an array
adriansr committed Jul 13, 2020
commit 320c9e294ccd6f344a96df5c4be247e897ad9d0e
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/barracuda/README.md
Original file line number Diff line number Diff line change
@@ -3,5 +3,5 @@
This is a module for Barracuda Web Application Firewall logs.

Autogenerated from RSA NetWitness log parser 2.0 XML barracudawaf version 132
at 2020-07-08 18:27:57.27931 +0000 UTC.
at 2020-07-08 18:50:16.872444 +0000 UTC.

4 changes: 2 additions & 2 deletions x-pack/filebeat/module/barracuda/waf/config/liblogparser.js
Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ var ecs_mappings = {
"_facility": {convert: to_long, to:[{field: "log.syslog.facility.code", setter: fld_set}]},
"_pri": {convert: to_long, to:[{field: "log.syslog.priority", setter: fld_set}]},
"_severity": {convert: to_long, to:[{field: "log.syslog.severity.code", setter: fld_set}]},
"action": {to:[{field: "event.action", setter: fld_append}]},
"action": {to:[{field: "event.action", setter: fld_prio, prio: 0}]},
"administrator": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 4}]},
"alias.ip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 3},{field: "related.ip", setter: fld_append}]},
"alias.ipv6": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 4},{field: "related.ip", setter: fld_append}]},
@@ -957,7 +957,7 @@ var ecs_mappings = {
"ec_outcome": {to:[{field: "event.outcome", setter: fld_set}]},
"event_description": {to:[{field: "message", setter: fld_prio, prio: 0}]},
"event_time": {convert: to_date, to:[{field: "@timestamp", setter: fld_set}]},
"event_type": {to:[{field: "event.action", setter: fld_append}]},
"event_type": {to:[{field: "event.action", setter: fld_prio, prio: 1}]},
"extension": {to:[{field: "file.extension", setter: fld_prio, prio: 1}]},
"file.attributes": {to:[{field: "file.attributes", setter: fld_set}]},
"filename": {to:[{field: "file.name", setter: fld_set}]},
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/bluecoat/README.md
Original file line number Diff line number Diff line change
@@ -3,5 +3,5 @@
This is a module for Blue Coat Director logs.

Autogenerated from RSA NetWitness log parser 2.0 XML bluecoatdirector version 0
at 2020-07-08 18:27:58.877101 +0000 UTC.
at 2020-07-08 18:50:18.742646 +0000 UTC.

Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ var ecs_mappings = {
"_facility": {convert: to_long, to:[{field: "log.syslog.facility.code", setter: fld_set}]},
"_pri": {convert: to_long, to:[{field: "log.syslog.priority", setter: fld_set}]},
"_severity": {convert: to_long, to:[{field: "log.syslog.severity.code", setter: fld_set}]},
"action": {to:[{field: "event.action", setter: fld_append}]},
"action": {to:[{field: "event.action", setter: fld_prio, prio: 0}]},
"administrator": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 4}]},
"alias.ip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 3},{field: "related.ip", setter: fld_append}]},
"alias.ipv6": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 4},{field: "related.ip", setter: fld_append}]},
@@ -957,7 +957,7 @@ var ecs_mappings = {
"ec_outcome": {to:[{field: "event.outcome", setter: fld_set}]},
"event_description": {to:[{field: "message", setter: fld_prio, prio: 0}]},
"event_time": {convert: to_date, to:[{field: "@timestamp", setter: fld_set}]},
"event_type": {to:[{field: "event.action", setter: fld_append}]},
"event_type": {to:[{field: "event.action", setter: fld_prio, prio: 1}]},
"extension": {to:[{field: "file.extension", setter: fld_prio, prio: 1}]},
"file.attributes": {to:[{field: "file.attributes", setter: fld_set}]},
"filename": {to:[{field: "file.name", setter: fld_set}]},
Original file line number Diff line number Diff line change
@@ -105,9 +105,7 @@
]
},
{
"event.action": [
"accept"
],
"event.action": "accept",
"event.code": "heartbeat",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -351,9 +349,7 @@
]
},
{
"event.action": [
"accept"
],
"event.action": "accept",
"event.code": "configd",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -444,9 +440,7 @@
]
},
{
"event.action": [
"deny"
],
"event.action": "deny",
"event.code": "heartbeat",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -644,9 +638,7 @@
]
},
{
"event.action": [
"allow"
],
"event.action": "allow",
"event.code": "runner",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -737,9 +729,7 @@
]
},
{
"event.action": [
"cancel"
],
"event.action": "cancel",
"event.code": "configd",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -1215,9 +1205,7 @@
]
},
{
"event.action": [
"accept"
],
"event.action": "accept",
"event.code": "configd",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -1313,9 +1301,7 @@
]
},
{
"event.action": [
"accept"
],
"event.action": "accept",
"event.code": "heartbeat",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -1688,9 +1674,7 @@
]
},
{
"event.action": [
"cancel"
],
"event.action": "cancel",
"event.code": "heartbeat",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
@@ -2045,9 +2029,7 @@
]
},
{
"event.action": [
"block"
],
"event.action": "block",
"event.code": "heartbeat",
"event.dataset": "bluecoat.director",
"event.module": "bluecoat",
4 changes: 2 additions & 2 deletions x-pack/filebeat/module/cisco/nexus/config/liblogparser.js
Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ var ecs_mappings = {
"_facility": {convert: to_long, to:[{field: "log.syslog.facility.code", setter: fld_set}]},
"_pri": {convert: to_long, to:[{field: "log.syslog.priority", setter: fld_set}]},
"_severity": {convert: to_long, to:[{field: "log.syslog.severity.code", setter: fld_set}]},
"action": {to:[{field: "event.action", setter: fld_append}]},
"action": {to:[{field: "event.action", setter: fld_prio, prio: 0}]},
"administrator": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 4}]},
"alias.ip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 3},{field: "related.ip", setter: fld_append}]},
"alias.ipv6": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 4},{field: "related.ip", setter: fld_append}]},
@@ -957,7 +957,7 @@ var ecs_mappings = {
"ec_outcome": {to:[{field: "event.outcome", setter: fld_set}]},
"event_description": {to:[{field: "message", setter: fld_prio, prio: 0}]},
"event_time": {convert: to_date, to:[{field: "@timestamp", setter: fld_set}]},
"event_type": {to:[{field: "event.action", setter: fld_append}]},
"event_type": {to:[{field: "event.action", setter: fld_prio, prio: 1}]},
"extension": {to:[{field: "file.extension", setter: fld_prio, prio: 1}]},
"file.attributes": {to:[{field: "file.attributes", setter: fld_set}]},
"filename": {to:[{field: "file.name", setter: fld_set}]},
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/citrix/README.md
Original file line number Diff line number Diff line change
@@ -3,5 +3,5 @@
This is a module for Citrix XenApp logs.

Autogenerated from RSA NetWitness log parser 2.0 XML citrixxa version 79
at 2020-07-08 18:27:59.806607 +0000 UTC.
at 2020-07-08 18:50:19.728951 +0000 UTC.

Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ var ecs_mappings = {
"_facility": {convert: to_long, to:[{field: "log.syslog.facility.code", setter: fld_set}]},
"_pri": {convert: to_long, to:[{field: "log.syslog.priority", setter: fld_set}]},
"_severity": {convert: to_long, to:[{field: "log.syslog.severity.code", setter: fld_set}]},
"action": {to:[{field: "event.action", setter: fld_append}]},
"action": {to:[{field: "event.action", setter: fld_prio, prio: 0}]},
"administrator": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 4}]},
"alias.ip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 3},{field: "related.ip", setter: fld_append}]},
"alias.ipv6": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 4},{field: "related.ip", setter: fld_append}]},
@@ -957,7 +957,7 @@ var ecs_mappings = {
"ec_outcome": {to:[{field: "event.outcome", setter: fld_set}]},
"event_description": {to:[{field: "message", setter: fld_prio, prio: 0}]},
"event_time": {convert: to_date, to:[{field: "@timestamp", setter: fld_set}]},
"event_type": {to:[{field: "event.action", setter: fld_append}]},
"event_type": {to:[{field: "event.action", setter: fld_prio, prio: 1}]},
"extension": {to:[{field: "file.extension", setter: fld_prio, prio: 1}]},
"file.attributes": {to:[{field: "file.attributes", setter: fld_set}]},
"filename": {to:[{field: "file.name", setter: fld_set}]},
2 changes: 1 addition & 1 deletion x-pack/filebeat/module/cylance/README.md
Original file line number Diff line number Diff line change
@@ -3,5 +3,5 @@
This is a module for CylanceProtect logs.

Autogenerated from RSA NetWitness log parser 2.0 XML cylance version 127
at 2020-07-08 18:28:00.053323 +0000 UTC.
at 2020-07-08 18:50:19.981316 +0000 UTC.

4 changes: 2 additions & 2 deletions x-pack/filebeat/module/cylance/protect/config/liblogparser.js
Original file line number Diff line number Diff line change
@@ -916,7 +916,7 @@ var ecs_mappings = {
"_facility": {convert: to_long, to:[{field: "log.syslog.facility.code", setter: fld_set}]},
"_pri": {convert: to_long, to:[{field: "log.syslog.priority", setter: fld_set}]},
"_severity": {convert: to_long, to:[{field: "log.syslog.severity.code", setter: fld_set}]},
"action": {to:[{field: "event.action", setter: fld_append}]},
"action": {to:[{field: "event.action", setter: fld_prio, prio: 0}]},
"administrator": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 4}]},
"alias.ip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 3},{field: "related.ip", setter: fld_append}]},
"alias.ipv6": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 4},{field: "related.ip", setter: fld_append}]},
@@ -957,7 +957,7 @@ var ecs_mappings = {
"ec_outcome": {to:[{field: "event.outcome", setter: fld_set}]},
"event_description": {to:[{field: "message", setter: fld_prio, prio: 0}]},
"event_time": {convert: to_date, to:[{field: "@timestamp", setter: fld_set}]},
"event_type": {to:[{field: "event.action", setter: fld_append}]},
"event_type": {to:[{field: "event.action", setter: fld_prio, prio: 1}]},
"extension": {to:[{field: "file.extension", setter: fld_prio, prio: 1}]},
"file.attributes": {to:[{field: "file.attributes", setter: fld_set}]},
"filename": {to:[{field: "file.name", setter: fld_set}]},
Loading