Skip to content

Commit

Permalink
Pass-thru other panw.panos log types (elastic#19375)
Browse files Browse the repository at this point in the history
This removes the drop processor from the ingest node pipeline that drops events other than THREAT and TRAFFIC.
This way we can retain the other log data but don't necessarily handle the parsing of it.

Closes elastic#16815

(cherry picked from commit 53b32f9)
  • Loading branch information
andrewkroh committed Jul 14, 2020
1 parent 06b353b commit f19ac0f
Show file tree
Hide file tree
Showing 3 changed files with 662 additions and 2 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -513,6 +513,8 @@ field. You can revert this change by configuring tags for the module and omittin
- Add new mode to multiline reader to aggregate constant number of lines {pull}18352[18352]
- Explicitly set ECS version in all Filebeat modules. {pull}19198[19198]
- Add awscloudwatch input. {pull}19025[19025]
- Add automatic retries and exponential backoff to httpjson input. {pull}18956[18956]
- Changed the panw module to pass through (rather than drop) message types other than threat and traffic. {issue}16815[16815] {pull}19375[19375]
- Add support for timezone offsets and `Z` to decode_cef timestamp parser. {pull}19346[19346]
- Improve ECS categorization field mappings in traefik module. {issue}16183[16183] {pull}19379[19379]
- Improve ECS categorization field mappings in azure module. {issue}16155[16155] {pull}19376[19376]
Expand Down
2 changes: 0 additions & 2 deletions x-pack/filebeat/module/panw/panos/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -197,8 +197,6 @@ processors:
- intrusion_detection
- network
if: 'ctx?._temp_?.message_type == "THREAT"'
- drop:
if: 'ctx?.event?.category == null'
- append:
field: event.type
value: allowed
Expand Down
Loading

0 comments on commit f19ac0f

Please sign in to comment.