[Filebeat] Upgrade iptables module to ECS 1.4 #16166

leehinman · 2020-02-06T21:02:16Z

Filesets

log

elasticmachine · 2020-02-06T21:02:18Z

Pinging @elastic/siem (Team:SIEM)

- event.category - event.kind - event.type - related.ip - convert pipeline to yaml Closes elastic#16166

* Improve ECS categorization in iptables module - event.action, map to accept/drop like gui - event.category - event.kind - event.type - observer.egress.zone - observer.ingress.zone - related.ip - rule.id - rule.name - convert pipeline to yaml - fix tcp_flags grok to get all entries - make iptables.tcp.flags an array - make iptables.fragment_flags an array Closes #16166

* Improve ECS categorization in iptables module - event.action, map to accept/drop like gui - event.category - event.kind - event.type - observer.egress.zone - observer.ingress.zone - related.ip - rule.id - rule.name - convert pipeline to yaml - fix tcp_flags grok to get all entries - make iptables.tcp.flags an array - make iptables.fragment_flags an array Closes elastic#16166 (cherry picked from commit d9c83df)

…7064) * Improve ECS categorization in iptables module - event.action, map to accept/drop like gui - event.category - event.kind - event.type - observer.egress.zone - observer.ingress.zone - related.ip - rule.id - rule.name - convert pipeline to yaml - fix tcp_flags grok to get all entries - make iptables.tcp.flags an array - make iptables.fragment_flags an array Closes #16166 (cherry picked from commit d9c83df)

leehinman added enhancement Filebeat Filebeat Team:SIEM ecs labels Feb 6, 2020

andrewkroh mentioned this issue Feb 6, 2020

[meta] Update to ECS 1.2 to 1.4 #13940

Closed

51 tasks

leehinman mentioned this issue Feb 26, 2020

[Filebeat] Improve ECS categorization in iptables module #16637

Merged

leehinman added a commit to leehinman/beats that referenced this issue Mar 14, 2020

Improve ECS categorization in iptables module

ee6ee40

- event.category - event.kind - event.type - related.ip - convert pipeline to yaml Closes elastic#16166

leehinman closed this as completed in #16637 Mar 17, 2020

leehinman mentioned this issue Mar 17, 2020

Cherry-pick #16637 to 7.x: [Filebeat] Improve ECS categorization in iptables module #17064

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Filebeat] Upgrade iptables module to ECS 1.4 #16166

[Filebeat] Upgrade iptables module to ECS 1.4 #16166

leehinman commented Feb 6, 2020

elasticmachine commented Feb 6, 2020

[Filebeat] Upgrade iptables module to ECS 1.4 #16166

[Filebeat] Upgrade iptables module to ECS 1.4 #16166

Comments

leehinman commented Feb 6, 2020

Filesets

elasticmachine commented Feb 6, 2020