[Filebeat] PANW Module - SYSTEM and CONFIG logs

[nanjum88]

Currently, PANW module is only able to parse and forward THREAT and TRAFFIC pattern logs, other log types - SYSTEM and CONFIG are discarded. For them to be visible , user needs to run another instance of FileBeat, whitelist the events, develop patterns in Logstash for the logs and then send them to elastic search.

SYSTEM Logs
CONFIG Logs

We'll also need to map the fields in these logs to ECS.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[willemdh]

And userid..

[botelastic]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[willemdh]

#19375 says this is fixed. I didn't have the time to reconfigure our PA syslog output to test this. Will be for 2021..

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

[jamiehynds]

Closing as we're about to begin development on additional PANW datasets and tracking in the integrations repo: elastic/integrations#2988