checkpoint: Make checkpoint.source_object a keyword

According to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk144192, Check Point module field checkpoint.source_object should be mapped as a string type instead of long. Syncs change from: elastic/beats@a5e6e5b Relates: elastic/beats#25124
andrewkroh · Mar 31, 2022 · 1902d0a · 1902d0a
1 parent 2aee5ee
commit 1902d0a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/packages/checkpoint/data_stream/firewall/fields/fields.yml b/packages/checkpoint/data_stream/firewall/fields/fields.yml
@@ -571,7 +571,8 @@
         Number of files that were not  scanned due to an error.
     - name: next_scheduled_scan_date
       type: keyword
-      description: "Next scan scheduled time according to time object.     \n"
+      description: |
+        Next scan scheduled time according to time object.
     - name: dlp_repository_scanned_total_size
       type: integer
       description: |
@@ -1257,7 +1258,7 @@
       description: |
         Reports whether watermark is added to the cleaned file.
     - name: source_object
-      type: integer
+      type: keyword
       description: |
         Matched object name on source column.
     - name: destination_object
@@ -1299,9 +1300,8 @@
     - name: action_reason_msg
       type: keyword
       overwrite: true
-      description: >
+      description: |
         Connection drop reason message.
-
     - name: c_bytes
       type: integer
       description: |

diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md
@@ -426,7 +426,7 @@ An example event for `firewall` looks as following:
 | checkpoint.sip_reason | Explains why 'source_ip' isn't allowed to redirect (handover). | keyword |
 | checkpoint.site_name | Site name. | keyword |
 | checkpoint.source_interface | External Interface name for source interface or Null if not found. | keyword |
-| checkpoint.source_object | Matched object name on source column. | integer |
+| checkpoint.source_object | Matched object name on source column. | keyword |
 | checkpoint.source_os | OS which generated the attack. | keyword |
 | checkpoint.special_properties | If this field is set to '1' the log will not be shown (in use for monitoring scan progress). | integer |
 | checkpoint.specific_data_type_name | Compound/Group scenario, data type that was matched. | keyword |