Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PANW module is incorrectly mapping client/source and server/destination bytes and packets #18522

Closed
adriansr opened this issue May 14, 2020 · 1 comment · Fixed by #18525
Closed

PANW module is incorrectly mapping client/source and server/destination bytes and packets #18522

adriansr opened this issue May 14, 2020 · 1 comment · Fixed by #18525
Labels
bug

Comments

@adriansr
Copy link
Contributor

For confirmed bugs, please report:

Quoting from the discuss post:

There are some inconsistencies in the way the bytes sent/received and packets sent/received are being mapped in the panw module for filebeat. According to ECS the traditional "bytes_sent" would be mapped to "client.bytes" and/or "source.bytes", and "bytes_received" would be mapped to "server.bytes" and/or "destination.bytes". "packets_sent" would be mapped to "client.packets" and/or "source.packets", and "packets_received" would be mapped to "server.packets" and/or "destination.packets". This is not how panw has been implemented.

PANW pipeline is mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

adriansr added a commit to adriansr/beats that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and bytes
dafe54c 
PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes elastic#18522
@adriansr adriansr mentioned this issue May 14, 2020
Merged
adriansr added a commit that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
463a52a 
…es (#18525)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes #18522
adriansr added a commit to adriansr/beats that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
2167d8a 
…es (elastic#18525)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes elastic#18522

(cherry picked from commit 463a52a)
@adriansr adriansr mentioned this issue May 14, 2020
Merged
adriansr added a commit to adriansr/beats that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
51ee434 
…es (elastic#18525)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes elastic#18522

(cherry picked from commit 463a52a)
@adriansr adriansr mentioned this issue May 14, 2020
Merged
adriansr added a commit to adriansr/beats that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
1365180 
…es (elastic#18525)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes elastic#18522

(cherry picked from commit 463a52a)
@adriansr adriansr mentioned this issue May 14, 2020
Merged
adriansr added a commit that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
a40d449 
…es (#18525) (#18531)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes #18522

(cherry picked from commit 463a52a)
adriansr added a commit that referenced this issue May 14, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
ab24273 
…es (#18525) (#18532)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes #18522

(cherry picked from commit 463a52a)
adriansr added a commit that referenced this issue May 15, 2020
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
1c31fe2 
…es (#18525) (#18533)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes #18522

(cherry picked from commit 463a52a)
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
@adriansr
Fix PANW bad mapping of client/source and server/dest packets and byt…
47218e8 
…es (elastic#18525) (elastic#18533)

PANW pipeline was mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

The correct is:
Bytes sent to client/source bytes.
Bytes received to server/destination bytes.
Packets sent to client/source packets.
Packets received to server/destination packets.

Also adding some missing ECS mappings in the process.

Fixes elastic#18522

(cherry picked from commit 9bae856)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix PANW bad mapping of client/source and server/dest packets and bytes adriansr/beats
2 participants
@adriansr @elasticmachine