Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

symantec_endpoint using invalid field values according to ECS #3050

Closed
Tracked by #3016
jsoriano opened this issue Apr 11, 2022 · 2 comments · Fixed by #3244 or #3330
Closed
Tracked by #3016

symantec_endpoint using invalid field values according to ECS #3050

jsoriano opened this issue Apr 11, 2022 · 2 comments · Fixed by #3244 or #3330
Assignees
@efd6
Labels
Integration:symantec_endpoint Symantec Endpoint Protection

Comments

@jsoriano
Copy link
Member

jsoriano commented Apr 11, 2022
edited
Loading 

[0] parsing field value failed: field "event.type"'s value "process" is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user)

"process" => use "event.category: process" instead?

Part of #3016
@jsoriano jsoriano mentioned this issue Apr 11, 2022
Closed
17 tasks
@jsoriano jsoriano changed the title symantec_endpoint[0] parsing field value failed: field "event.type"'s value "process" is not one of the allowed values (access, admin, allowed, change, connection, creation, deletion, denied, end, error, group, indicator, info, installation, protocol, start, user) "process" => use "event.category: process" instead? symantec_endpoint using invalid field values according to ECS Apr 11, 2022
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jsoriano jsoriano added the Integration:symantec_endpoint Symantec Endpoint Protection label Apr 11, 2022
@efd6 efd6 self-assigned this May 2, 2022
@efd6 efd6 mentioned this issue May 2, 2022
Merged
4 tasks
@efd6 efd6 closed this as completed in #3244 May 2, 2022
@jsoriano
Copy link
Member Author

Reopening as the issue seems to be still present https://beats-ci.elastic.co/blue/organizations/jenkins/Ingest-manager%2Fintegrations/detail/PR-3017/3/tests

@jsoriano jsoriano reopened this May 11, 2022
@efd6 efd6 mentioned this issue May 11, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
Integration:symantec_endpoint Symantec Endpoint Protection
Projects
None yet
Milestone
No milestone
3 participants
@jsoriano @elasticmachine @efd6