Skip to content

Commit

Permalink
25254: Rename rsa.misc.hardware_id to observer.serial_number
Browse files Browse the repository at this point in the history
  • Loading branch information
legoguy1000 committed Apr 28, 2021
1 parent f1fea95 commit 866656f
Show file tree
Hide file tree
Showing 5 changed files with 419 additions and 408 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -852,6 +852,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add `awsfargate` module to collect container logs from Amazon ECS on Fargate. {pull}25041[25041]
- New module `cyberarkpas` for CyberArk Privileged Access Security audit logs. {pull}24803[24803]
- Add `uri_parts` processor to Apache, Nginx, IIS, Traefik, S3Access, Cisco, F5, Fortinet, Google Workspace, Imperva, Microsoft, Netscout, O365, Sophos, Squid, Suricata, Zeek, Zia, Zoom, and ZScaler modules ingest pipelines. {issue}19088[19088] {pull}24699[24699]
- Rename `rsa.misc.hardware_id` to `observer.serial_number` for `fortinet.fortimail` and `fortinet.fortimanager` modules. {issue}25254[25254] {pull}25356[25356]

*Heartbeat*

Expand Down
5 changes: 5 additions & 0 deletions x-pack/filebeat/module/fortinet/fortimail/ingest/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ processors:
- user_agent:
field: user_agent.original
ignore_missing: true
# Serial Number
- rename:
field: rsa.misc.hardware_id
target_field: observer.serial_number
ignore_missing: true
# IP Geolocation Lookup
- geoip:
field: source.ip
Expand Down
Loading

0 comments on commit 866656f

Please sign in to comment.