Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #20138 to 7.9: [Filebeat] Update crowdstrike module #20177

Merged
merged 2 commits into from
Jul 23, 2020
Merged

Cherry-pick #20138 to 7.9: [Filebeat] Update crowdstrike module #20177

merged 2 commits into from
Jul 23, 2020

Conversation

andrewstucki
Copy link

@andrewstucki andrewstucki commented Jul 23, 2020
edited by zube bot
Loading

Cherry-pick of PR #20138 to 7.9 branch. Original message:

What does this PR do?

I've been in the crowdstrike module recently anyway and noticed that there was an open issue reporting some parsing errors. I went ahead and just added some fixes for them.

One thing to note--due to normalizing all timestamps to UNIX_MS this is technically a breaking change. Do we want to be more conservative about the normalization?

Checklist

  • My code follows the style guidelines of this project
  • [ ] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [ ] I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

[Filebeat] Update crowdstrike module (elastic#20138)
5fe2f82 
* Update crowdstrike module

(cherry picked from commit 5e9a3a5)
@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Jul 23, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 23, 2020
edited by jenkins-beats-ci bot
Loading

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #20177 updated]

  • Start Time: 2020-07-23T03:04:16.450+0000

  • Duration: 66 min 37 sec

Test stats 🧪

Test Results
Failed 19
Passed 4240
Skipped 564
Total 4823

Test errors

Expand to view the tests failures

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_056_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.675
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.SourceFileName': 'Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'File', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'FileDeleted', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.SourceFileExtension': 'png', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Documents', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 6, 'o365.audit.ListId': '2b6ad2bd-0fd7-4556-9c89-a97847085b85', 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CreationTime': '2020-02-07T16:44:07', 'o365.audit.Id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'o365.audit.CorrelationId': '652b339f-908c-a000-f25f-91423da7dd9b', 'o365.audit.ListItemUniqueId': '4803608a-df7d-4f63-aa73-67aa33bb576e', 'o365.audit.UserType': 0, 'file.extension': 'png', 'file.name': 'Screenshot 2020-01-27 at 11.30.48.png', 'file.directory': 'Documents', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePointFileOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'FileDeleted', 'event.id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'event.type': 'deletion', 'event.category': 'file', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.', 'fileset.name': 'audit', 'url.original': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-07T16:44:07.000Z', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_060_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.42
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'Page', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'PageViewed', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 4, 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.CreationTime': '2020-02-07T16:43:53', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CustomUniqueId': True, 'o365.audit.CorrelationId': '622b339f-4000-a000-f25f-92b3478c7a25', 'o365.audit.Id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '59a8433d-9bb8-cfef-6edc-4c0fc8b86875', 'input.type': 'log', '@timestamp': '2020-02-07T16:43:53.000Z', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePoint', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'PageViewed', 'event.id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_061_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.644
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 3965, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '79.159.10.151', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'List', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'SharingInheritanceBroken', 'o365.audit.ClientIP': '79.159.10.151', 'o365.audit.EventData': 'FalseFalse', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Sharing Links', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 14, 'o365.audit.ListId': 'b108938d-3546-4359-925d-a1b54b4db8c2', 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'o365.audit.CreationTime': '2020-02-14T18:25:45', 'o365.audit.CorrelationId': 'fe71359f-005f-9000-7cb1-ccf5124703db', 'o365.audit.Id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-14T18:25:45.000Z', 'related.ip': '79.159.10.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '79.159.10.151', 'client.ip': '79.159.10.151', 'event.code': 'SharePointSharingOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'SharingInheritanceBroken', 'event.id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'event.category': 'web', 'event.type': 'info', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '73.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_062_o365 – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 8.485
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '83.57.233.151', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.AzureActiveDirectoryEventType': 1, 'o365.audit.UserKey': '1003200096971F55@testsiem.onmicrosoft.com', 'o365.audit.ActorIpAddress': '83.57.233.151', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'UserLoggedIn', 'o365.audit.ExtendedProperties.ResultStatusDetail': 'Success', 'o365.audit.ExtendedProperties.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.ExtendedProperties.KeepMeSignedIn': 'False', 'o365.audit.ExtendedProperties.UserAuthenticationMethod': '9', 'o365.audit.ExtendedProperties.RequestType': 'OAuth2:Authorize', 'o365.audit.IntraSystemId': 'c4206c29-46c2-4a6f-a46b-735107705400', 'o365.audit.Target': [{'Type': 0, 'ID': '00000002-0000-0000-c000-000000000000'}], 'o365.audit.RecordType': 15, 'o365.audit.Version': 1, 'o365.audit.SupportTicketId': '', 'o365.audit.Actor': [{'Type': 0, 'ID': '755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 5, 'ID': 'asr@testsiem.onmicrosoft.com'}, {'Type': 3, 'ID': '1003200096971F55'}], 'o365.audit.ActorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ObjectId': '00000002-0000-0000-c000-000000000000', 'o365.audit.ResultStatus': 'Succeeded', 'o365.audit.ClientIP': '83.57.233.151', 'o365.audit.Workload': 'AzureActiveDirectory', 'o365.audit.TargetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.CreationTime': '2020-02-10T15:13:13', 'o365.audit.Id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'o365.audit.InterSystemsId': '03616b3a-fc75-46a1-b34a-2d82fc8f1e7e', 'o365.audit.ApplicationId': '4345a7b9-9a63-4910-a426-35363201d503', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-10T15:13:13.000Z', 'related.ip': '83.57.233.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '83.57.233.151', 'client.ip': '83.57.233.151', 'event.code': 'AzureActiveDirectoryStsLogon', 'event.provider': 'AzureActiveDirectory', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'UserLoggedIn', 'event.id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'event.category': 'authentication', 'event.type': ['start', 'authentication_success'], 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing o365/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_095_cylance – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 8.805
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['@timestamp']": {'new_value': '2020-07-24T10:58:48.000Z', 'old_value': '2019-07-24T10:58:48.000Z'}, "root['rsa.time.event_time']": {'new_value': '2020-07-24T10:58:48.000Z', 'old_value': '2019-07-24T10:58:48.000Z'}}}, full object:
      {'rsa.internal.messageid': 'CylancePROTECT', 'rsa.identity.firstname': 'rinc', 'rsa.identity.lastname': 'tno', 'rsa.investigations.event_cat': 1609000000, 'rsa.investigations.event_cat_name': 'System.Alerts', 'rsa.time.event_time': '2020-07-24T10:58:48.000Z', 'rsa.db.index': 'rExce', 'rsa.network.alias_host': ['squ2213.www.test'], 'rsa.misc.device_name': 'ncididu', 'rsa.misc.event_type': 'Alert', 'rsa.misc.mail_id': 'meumf', 'log.offset': 24048, 'fileset.name': 'protect', 'tags': ['cylance.protect', 'forwarded'], 'observer.product': 'Protect', 'observer.vendor': 'Cylance', 'observer.type': 'Anti-Virus', 'input.type': 'log', '@timestamp': '2020-07-24T10:58:48.000Z', 'service.type': 'cylance', 'host.name': 'squ2213.www.test', 'event.original': '24-Jul-2019 8:58:48 very-high uiacon6640.api.localhost suntexpl <sBonoru 24T08:58:48.everi squ2213.www.test CylancePROTECT Event Name:Alert, Device Message: Device: ncididu; Zones Removed: itati; Zones Added: nostrude, User: rinc tno (meumf), Zone Names:rExce Device Id: quisquam', 'event.code': 'CylancePROTECT', 'event.module': 'cylance', 'event.action': 'Alert', 'event.dataset': 'cylance.protect'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing cylance/protect on /go/src/github.com/elastic/beats/x-pack/filebeat/module/cylance/protect/test/generated.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_106_okta – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.538
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CA', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'US', 'source.geo.region_name': 'California', 'source.geo.location.lon': -121.919, 'source.geo.location.lat': 37.7201, 'source.as.number': 7018, 'source.as.organization.name': 'AT&T Services, Inc.', 'source.ip': '108.255.197.247', 'source.user.full_name': 'xxxxxx', 'source.user.id': '00u1abvz4pYqdM8ms4x6', 'fileset.name': 'system', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-14T22:18:51.843Z', 'related.ip': '108.255.197.247', 'related.user': 'xxxxxx', 'service.type': 'okta', 'client.geo.city_name': 'Dublin', 'client.geo.country_name': 'United States', 'client.geo.location.lon': -121.919, 'client.geo.location.lat': 37.7201, 'client.geo.region_name': 'California', 'client.ip': '108.255.197.247', 'client.user.full_name': 'xxxxxx', 'client.user.id': '00u1abvz4pYqdM8ms4x6', 'event.original': '{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"}', 'event.kind': 'event', 'event.module': 'okta', 'event.action': 'user.session.end', 'event.id': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'event.category': ['authentication'], 'event.type': ['access'], 'event.dataset': 'okta.system', 'event.outcome': 'success', 'okta.actor.id': '00u1abvz4pYqdM8ms4x6', 'okta.actor.display_name': 'xxxxxx', 'okta.actor.type': 'User', 'okta.actor.alternate_id': 'xxxxxx@elastic.co', 'okta.debug_context.debug_data.threat_suspected': 'false', 'okta.debug_context.debug_data.request_id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.debug_context.debug_data.request_uri': '/login/signout', 'okta.debug_context.debug_data.url': '/login/signout?message=login_page_messages.session_has_expired', 'okta.event_type': 'user.session.end', 'okta.authentication_context.authentication_step': 0, 'okta.authentication_context.external_session_id': '102nZHzd6OHSfGG51vsoc22gw', 'okta.display_message': 'User logout from Okta', 'okta.client.zone': 'null', 'okta.client.ip': '108.255.197.247', 'okta.client.device': 'Computer', 'okta.client.user_agent.raw_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'okta.client.user_agent.os': 'Mac OS X', 'okta.client.user_agent.browser': 'FIREFOX', 'okta.uuid': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'okta.outcome.result': 'SUCCESS', 'okta.transaction.id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.transaction.type': 'WEB', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing okta/system on /go/src/github.com/elastic/beats/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_167_zscaler – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 8.927
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'U307AS', 'old_value': 'Generic Smartphone'}}}, full object:
      {'rsa.internal.data': 'amco', 'rsa.internal.messageid': 'ZSCALERNSS_1', 'rsa.web.fqdn': 'orsitame3262.domain', 'rsa.identity.user_dept': 'onev', 'rsa.investigations.ec_subject': 'User', 'rsa.investigations.ec_activity': 'Deny', 'rsa.investigations.ec_theme': 'Communication', 'rsa.investigations.event_vcat': 'uptassi', 'rsa.threat.threat_category': 'tur', 'rsa.time.timezone': 'CT', 'rsa.time.event_time': '2016-02-26T10:15:08.000Z', 'rsa.db.index': 'nsequat', 'rsa.misc.filter': 'tconsec', 'rsa.misc.result': 'success', 'rsa.misc.reference_id': 'laboreet', 'rsa.misc.action': ['giatq', 'Blocked'], 'rsa.misc.result_code': 'tia', 'rsa.misc.category': 'llu', 'rsa.network.alias_host': ['orsitame3262.domain'], 'log.offset': 1742, 'destination.bytes': 1837, 'destination.ip': ['10.204.86.149'], 'source.bytes': 2935, 'source.ip': ['10.254.146.57'], 'network.protocol': 'igmp', 'network.bytes': 6905, 'observer.product': 'Internet', 'observer.vendor': 'Zscaler', 'observer.type': 'Configuration', 'file.type': 'oluptas', 'related.ip': ['10.204.86.149', '10.254.146.57'], 'related.user': ['tenima'], 'host.name': 'orsitame3262.domain', 'event.original': 'amco ZSCALERNSS: time=exe Feb 26 8:15:08 2016^^timezone=CT^^action=Blocked^^reason=success^^hostname=orsitame3262.domain^^protocol=igmp^^serverip=10.204.86.149^^url=https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte^^urlcategory=tconsec^^urlclass=nsequat^^dlpdictionaries=taev^^dlpengine=roidents^^filetype=oluptas^^threatcategory=llu^^threatclass=uptassi^^pagerisk=tamremap^^threatname=tur^^clientpublicIP=aperi^^ClientIP=10.254.146.57^^location=estqui^^refererURL=https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit^^useragent=Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36^^department=onev^^user=tenima^^event_id=laboreet^^clienttranstime=aquaeabi^^requestmethod=giatq^^requestsize=2935^^requestversion=veleumi^^status=tia^^responsesize=1837^^responseversion=ude^^transactionsize=6905', 'event.code': 'laboreet', 'event.timezone': 'CT', 'event.module': 'zscaler', 'event.action': 'Blocked', 'event.dataset': 'zscaler.zia', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'U307AS', 'user_agent.version': '83.0.4103.83', 'fileset.name': 'zia', 'url.original': 'https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte', 'tags': ['zscaler.zia', 'forwarded'], 'input.type': 'log', '@timestamp': '2016-02-26T10:15:08.000Z', 'service.type': 'zscaler', 'http.request.referrer': 'https://www5.example.net/emaper/ssitasp.html?enimad=rmagni#sit', 'user.name': 'tenima'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing zscaler/zia on /go/src/github.com/elastic/beats/x-pack/filebeat/module/zscaler/zia/test/generated.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_180_suricata – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.593
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 985, 'destination.address': '192.168.86.28', 'destination.port': 63963, 'destination.ip': '192.168.86.28', 'destination.domain': '192.168.86.28', 'source.address': '192.168.86.85', 'source.port': 56119, 'source.ip': '192.168.86.85', 'fileset.name': 'eve', 'url.path': '/dd.xml', 'url.original': '/dd.xml', 'url.domain': '192.168.86.28', 'tags': ['suricata'], 'network.community_id': '1:gjMiDGtS5SVvdwzjjQdAKGBrDA4=', 'network.protocol': 'http', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2018-07-05T19:43:47.690Z', 'related.ip': ['192.168.86.85', '192.168.86.28'], 'service.type': 'suricata', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 1155, 'suricata.eve.in_iface': 'en0', 'suricata.eve.event_type': 'http', 'suricata.eve.flow_id': 2115002772430095, 'suricata.eve.http.protocol': 'HTTP/1.1', 'suricata.eve.http.http_content_type': 'text/xml', 'suricata.eve.tx_id': 0, 'event.original': '{"timestamp":"2018-07-05T15:43:47.690014-0400","flow_id":2115002772430095,"in_iface":"en0","event_type":"http","src_ip":"192.168.86.85","src_port":56119,"dest_ip":"192.168.86.28","dest_port":63963,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.86.28","url":"\/dd.xml","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/67.0.3396.99 Safari\/537.36","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1155}}', 'event.kind': 'event', 'event.module': 'suricata', 'event.category': ['network', 'web'], 'event.type': ['access', 'protocol'], 'event.dataset': 'suricata.eve', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.13.5', 'user_agent.os.full': 'Mac OS X 10.13.5', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '67.0.3396.99'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing suricata/eve on /go/src/github.com/elastic/beats/x-pack/filebeat/module/suricata/eve/test/eve-small.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_189_googlecloud – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 3.899
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 945, 'log.logger': 'projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access', 'source.ip': '192.168.1.1', 'fileset.name': 'audit', 'tags': ['forwarded'], 'cloud.project.id': 'elastic-beats', 'input.type': 'log', '@timestamp': '2019-12-19T00:45:51.228Z', 'service.name': 'compute.googleapis.com', 'service.type': 'googlecloud', 'event.kind': 'event', 'event.module': 'googlecloud', 'event.action': 'beta.compute.machineTypes.aggregatedList', 'event.id': '-h6onuze1h7dg', 'event.dataset': 'googlecloud.audit', 'event.outcome': 'failure', 'googlecloud.audit.request.proto_name': 'type.googleapis.com/compute.machineTypes.aggregatedList', 'googlecloud.audit.authentication_info.principal_email': 'xxx@xxx.xxx', 'googlecloud.audit.request_metadata.caller_ip': '192.168.1.1', 'googlecloud.audit.request_metadata.caller_supplied_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'googlecloud.audit.method_name': 'beta.compute.machineTypes.aggregatedList', 'googlecloud.audit.service_name': 'compute.googleapis.com', 'googlecloud.audit.num_response_items': 71, 'googlecloud.audit.type': 'type.googleapis.com/google.cloud.audit.AuditLog', 'googlecloud.audit.authorization_info': [{'permission': 'compute.machineTypes.list', 'resource_attributes': {'service': 'resourcemanager', 'name': 'projects/elastic-beats', 'type': 'resourcemanager.projects'}, 'granted': False}], 'googlecloud.audit.resource_name': 'projects/elastic-beats/global/machineTypes', 'googlecloud.audit.resource_location.current_locations': ['global'], 'user.email': 'xxx@xxx.xxx', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '71.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing googlecloud/audit on /go/src/github.com/elastic/beats/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat x-pack / test_fileset_file_208_tomcat – test_xpack_modules.XPackTest
    • Age: 1
    • Duration: 9.493
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'G8142', 'old_value': 'Generic Smartphone'}}}, full object:
      {'rsa.internal.level': 1516, 'rsa.internal.messageid': 'asdf', 'rsa.web.web_ref_domain': 'mail.example.net', 'rsa.web.alias_host': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.fqdn': 'https://example.com/illumqui/ventore.html?min=ite#utl', 'rsa.web.web_cookie': 'aliqu', 'rsa.time.timezone': 'OMST', 'rsa.time.event_time': '2016-01-29T08:09:59.000Z', 'rsa.network.network_service': 'oremi', 'rsa.misc.action': ['exercita'], 'rsa.misc.result_code': 'ntsunti', 'log.offset': 0, 'source.bytes': 5293, 'source.ip': ['10.251.224.219'], 'fileset.name': 'log', 'url.domain': 'example.com', 'url.query': 'amremap', 'tags': ['tomcat.log', 'forwarded'], 'observer.product': 'TomCat', 'observer.vendor': 'Apache', 'observer.type': 'Web', 'input.type': 'log', '@timestamp': '2016-01-29T08:09:59.000Z', 'file.name': 'vol', 'related.ip': ['10.251.224.219'], 'related.user': ['rci'], 'service.type': 'tomcat', 'http.request.referrer': 'https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer', 'event.original': '%APACHETOMCAT-1516-asdf: 10.251.224.219||eacommod||rci||[29/Jan/2016:6:09:59 OMST]||exercita||https://example.com/illumqui/ventore.html?min=ite#utl||vol||amremap||oremi||ntsunti||5293||https://mail.example.net/turadipi/aeca.htm?ntium=psaq#cer||Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36||aliqu', 'event.code': 'asdf', 'event.timezone': 'OMST', 'event.module': 'tomcat', 'event.dataset': 'tomcat.log', 'user.name': 'rci', 'user_agent.original': 'Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36', 'user_agent.os.name': 'Android', 'user_agent.os.version': '9', 'user_agent.os.full': 'Android 9', 'user_agent.name': 'Chrome Mobile', 'user_agent.device.name': 'G8142', 'user_agent.version': '83.0.4103.83'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing tomcat/log on /go/src/github.com/elastic/beats/x-pack/filebeat/module/tomcat/log/test/generated.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_019_apache – test_modules.Test
    • Age: 1
    • Duration: 3.514
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 73, 'source.address': '192.168.33.1', 'source.ip': '192.168.33.1', 'fileset.name': 'access', 'url.original': '/hello', 'input.type': 'log', '@timestamp': '2016-12-26T16:22:13.000Z', 'service.type': 'apache', 'http.request.referrer': '-', 'http.request.method': 'GET', 'http.response.status_code': 404, 'http.response.body.bytes': 499, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access', 'event.outcome': 'failure', 'user.name': '-', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '50.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing apache/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/apache/access/test/test.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_020_apache – test_modules.Test
    • Age: 1
    • Duration: 2.035
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 98, 'source.address': '192.168.33.1', 'source.ip': '192.168.33.1', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-12-26T16:22:00.000Z', 'service.type': 'apache', 'http.request.referrer': '-', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 484, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access', 'event.outcome': 'success', 'user.name': '-', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12.0', 'user_agent.os.full': 'Mac OS X 10.12.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '54.0.2840.98'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing apache/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/apache/access/test/ubuntu-2.2.22.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_021_apache – test_modules.Test
    • Age: 1
    • Duration: 2.173
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 0, 'destination.domain': 'vhost1.domaine.fr', 'source.ip': '192.168.33.2', 'fileset.name': 'access', 'url.original': '/hello', 'input.type': 'log', '@timestamp': '2016-12-26T16:22:14.000Z', 'service.type': 'apache', 'http.request.referrer': '-', 'http.request.method': 'GET', 'http.response.status_code': 404, 'http.response.body.bytes': 499, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access', 'event.outcome': 'failure', 'user.name': '-', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '50.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing apache/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/apache/access/test/test-vhost.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_028_iis – test_modules.Test
    • Age: 1
    • Duration: 3.162
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 1204, 'destination.address': '127.0.0.1', 'destination.port': 80, 'destination.domain': 'example.com', 'destination.ip': '127.0.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.path': '/', 'input.type': 'log', 'iis.access.site_name': 'W3SVC1', 'iis.access.server_name': 'MACHINE-NAME', 'iis.access.sub_status': 0, 'iis.access.win32_status': 0, '@timestamp': '2018-01-01T10:11:12.000Z', 'related.ip': ['85.181.35.98', '127.0.0.1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.request.body.bytes': 456, 'http.response.status_code': 200, 'http.response.body.bytes': 123, 'http.version': '1.1', 'event.duration': 789000000, 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14.0', 'user_agent.os.full': 'Mac OS X 10.14.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '70.0.3538.102'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing iis/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/iis/access/test/test.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_031_iis – test_modules.Test
    • Age: 1
    • Duration: 2.275
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'log.offset': 331, 'destination.address': '::1%0', 'destination.port': 80, 'destination.domain': 'example.com', 'destination.ip': '::1', 'source.address': '::1%0', 'source.ip': '::1', 'fileset.name': 'access', 'url.path': '/', 'input.type': 'log', 'iis.access.site_name': 'W3SVC1', 'iis.access.server_name': 'MACHINE-NAME', 'iis.access.sub_status': 0, 'iis.access.win32_status': 0, '@timestamp': '2018-01-01T10:11:12.000Z', 'related.ip': ['::1', '::1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.request.body.bytes': 456, 'http.response.status_code': 200, 'http.response.body.bytes': 123, 'http.version': '1.1', 'event.duration': 789000000, 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14.0', 'user_agent.os.full': 'Mac OS X 10.14.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '70.0.3538.102'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing iis/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/iis/access/test/test-ipv6zone.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_097_nginx – test_modules.Test
    • Age: 1
    • Duration: 2.589
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'nginx.ingress_controller.upstream.alternative_name': '', 'nginx.ingress_controller.upstream.port': '8080', 'nginx.ingress_controller.upstream.response.status_code': 200, 'nginx.ingress_controller.upstream.response.length': 59, 'nginx.ingress_controller.upstream.response.time': 0.0, 'nginx.ingress_controller.upstream.ip': '172.17.0.5', 'nginx.ingress_controller.upstream.name': 'default-web-8080', 'nginx.ingress_controller.http.request.length': 450, 'nginx.ingress_controller.http.request.id': 'da29abf31e4d6324cebe5e7bca370709', 'nginx.ingress_controller.http.request.time': 0.001, 'nginx.ingress_controller.remote_ip_list': ['192.168.64.1'], 'log.offset': 1273, 'source.address': '192.168.64.1', 'source.ip': '192.168.64.1', 'fileset.name': 'ingress_controller', 'url.original': '/products/42', 'input.type': 'log', '@timestamp': '2020-02-07T11:55:57.000Z', 'related.ip': ['192.168.64.1'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 59, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['info'], 'event.dataset': 'nginx.ingress_controller', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14.6', 'user_agent.os.full': 'Mac OS X 10.14.6', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '79.0.3945.130'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing nginx/ingress_controller on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/nginx/ingress_controller/test/test.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_098_nginx – test_modules.Test
    • Age: 1
    • Duration: 2.224
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '127.0.0.1'], 'log.offset': 0, 'source.address': '10.0.0.2', 'source.ip': '10.0.0.2', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['10.0.0.2'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing nginx/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/nginx/access/test/test.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_099_nginx – test_modules.Test
    • Age: 1
    • Duration: 1.964
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'nginx.access.remote_ip_list': ['77.179.66.156'], 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-RP', 'source.geo.city_name': 'Germersheim', 'source.geo.country_iso_code': 'DE', 'source.geo.region_name': 'Rheinland-Pfalz', 'source.geo.location.lon': 8.3639, 'source.geo.location.lat': 49.2231, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '77.179.66.156', 'source.ip': '77.179.66.156', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-10-25T12:49:33.000Z', 'related.ip': ['77.179.66.156'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 612, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12.0', 'user_agent.os.full': 'Mac OS X 10.12.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '54.0.2840.59'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing nginx/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/nginx/access/test/access.log

--------------------- >> end captured stdout << ----------------------

  • Name: Build and Test / Filebeat oss / test_fileset_file_100_nginx – test_modules.Test
    • Age: 1
    • Duration: 2.466
    • Error Details: The following expected object doesn't match:
      Diff:
      {'values_changed': {"root['user_agent.device.name']": {'new_value': 'Mac', 'old_value': 'Other'}}}, full object:
      {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '127.0.0.1'], 'log.offset': 0, 'destination.domain': 'example.com', 'source.address': '10.0.0.2', 'source.ip': '10.0.0.2', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['10.0.0.2'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'}
      -------------------- >> begin captured stdout << ---------------------
      Using elasticsearch: http://elasticsearch:9200
      Testing nginx/access on /go/src/github.com/elastic/beats/filebeat/tests/system/../../module/nginx/access/test/test-with-host.log

--------------------- >> end captured stdout << ----------------------

Steps errors

Expand to view the steps failures

  • Name: Make testsuite

    • Description: make -C filebeat testsuite

    • Duration: 33 min 59 sec

    • Start Time: 2020-07-23T03:27:12.791+0000

    • log

  • Name: Mage update build test

    • Description: mage update build test

    • Duration: 31 min 38 sec

    • Start Time: 2020-07-23T03:27:09.188+0000

    • log

  • Name: Mage build unitTest

    • Description: mage build unitTest

    • Duration: 7 min 16 sec

    • Start Time: 2020-07-23T04:02:08.274+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-07-23T04:00:47.387Z] + FILE=metricbeat/build/coverage/full.cov
[2020-07-23T04:00:47.387Z] + '[' -f metricbeat/build/coverage/full.cov ']'
[2020-07-23T04:00:47.387Z] + for i in '"$@"'
[2020-07-23T04:00:47.387Z] + FILE=packetbeat/build/coverage/full.cov
[2020-07-23T04:00:47.387Z] + '[' -f packetbeat/build/coverage/full.cov ']'
[2020-07-23T04:00:47.387Z] + for i in '"$@"'
[2020-07-23T04:00:47.387Z] + FILE=winlogbeat/build/coverage/full.cov
[2020-07-23T04:00:47.387Z] + '[' -f winlogbeat/build/coverage/full.cov ']'
[2020-07-23T04:00:48.688Z] Failed in branch Filebeat oss
[2020-07-23T04:02:08.209Z] python not installed. An error occurred during installation:
[2020-07-23T04:02:08.209Z]  Unable to read package from path 'python3.3.8.2.nupkg'.
[2020-07-23T04:02:08.209Z] python package files install completed. Performing other installation steps.
[2020-07-23T04:02:08.209Z] The install of python was NOT successful.
[2020-07-23T04:02:08.209Z] python not installed. An error occurred during installation:
[2020-07-23T04:02:08.209Z]  Unable to read package from path 'python3.3.8.2.nupkg'.
[2020-07-23T04:02:08.209Z] 
[2020-07-23T04:02:08.209Z] Chocolatey installed 0/1 packages. 1 packages failed.
[2020-07-23T04:02:08.209Z]  See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
[2020-07-23T04:02:08.209Z] 
[2020-07-23T04:02:08.209Z] Failures
[2020-07-23T04:02:08.209Z]  - python (exited 1) - python not installed. An error occurred during installation:
[2020-07-23T04:02:08.209Z]  Unable to read package from path 'python3.3.8.2.nupkg'.
[2020-07-23T04:02:08.209Z] ERROR 
[2020-07-23T04:02:08.255Z] Running in C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\x-pack\filebeat
[2020-07-23T04:02:08.566Z] 
[2020-07-23T04:02:08.566Z] C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\x-pack\filebeat>mage  build unitTest 
[2020-07-23T04:03:30.073Z] >> build: Building filebeat
[2020-07-23T04:05:06.519Z] >> go test: Unit Testing
[2020-07-23T04:08:28.037Z] SUMMARY:
[2020-07-23T04:08:28.037Z]   Fail:     0
[2020-07-23T04:08:28.037Z]   Skip:     7
[2020-07-23T04:08:28.037Z]   Pass:     548
[2020-07-23T04:08:28.037Z]   Packages: 20
[2020-07-23T04:08:28.037Z]   Duration: 3m17.3818598s
[2020-07-23T04:08:28.037Z]   Coverage Report: C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\x-pack\filebeat\build\TEST-go-unit.html
[2020-07-23T04:08:28.037Z]   JUnit Report:    C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\x-pack\filebeat\build\TEST-go-unit.xml
[2020-07-23T04:08:28.037Z]   Output File:     C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\x-pack\filebeat\build\TEST-go-unit.out
[2020-07-23T04:08:28.037Z] >> go test: Unit Test Passed
[2020-07-23T04:09:24.291Z] >> python test: Unit Testing
[2020-07-23T04:09:24.291Z] C:\Python27\python.exe: No module named venv
[2020-07-23T04:09:24.291Z] Error: running "python -m venv C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\build\ve\windows" failed with exit code 1
[2020-07-23T04:09:24.685Z] 
[2020-07-23T04:09:24.685Z] C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats>python .ci/scripts/pre_archive_test.py 
[2020-07-23T04:09:25.254Z] Copy .\x-pack\filebeat\build into build\x-pack\filebeat\build
[2020-07-23T04:09:25.262Z] Running in C:\Users\jenkins\workspace\Beats_beats_PR-20177\src\github.com\elastic\beats\build
[2020-07-23T04:09:25.287Z] Recording test results
[2020-07-23T04:09:26.616Z] Stashed 1 file(s)
[2020-07-23T04:09:26.628Z] Archiving artifacts
[2020-07-23T04:09:27.234Z] [INFO] system-tests=''. If no empty then let's create a tarball
[2020-07-23T04:09:28.583Z] Failed in branch Filebeat x-pack Windows
[2020-07-23T04:09:28.733Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats
[2020-07-23T04:09:29.037Z] + find . -type f -name TEST*.xml -path */build/* -delete
[2020-07-23T04:09:29.048Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Lint
[2020-07-23T04:09:29.151Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-x-pack-Mac-OS-X
[2020-07-23T04:09:29.225Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-Mac-OS-X
[2020-07-23T04:09:29.301Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-Windows
[2020-07-23T04:09:29.386Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-x-pack
[2020-07-23T04:09:29.464Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-oss
[2020-07-23T04:09:29.540Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats/Filebeat-x-pack-Windows
[2020-07-23T04:09:29.938Z] + cat
[2020-07-23T04:09:29.938Z] + /usr/local/bin/runbld ./runbld-script
[2020-07-23T04:09:29.938Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-07-23T04:09:36.515Z] runbld>>> runbld started
[2020-07-23T04:09:36.515Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-07-23T04:09:37.082Z] runbld>>> The following profiles matched the job 'Beats/beats/PR-20177' in order of occurrence in the config (last value wins).
[2020-07-23T04:09:38.458Z] runbld>>> Debug logging enabled.
[2020-07-23T04:09:38.458Z] runbld>>> Storing result
[2020-07-23T04:09:38.458Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-07-23T04:09:38.458Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723040938-9C28A3D7
[2020-07-23T04:09:38.458Z] runbld>>> Adding system facts.
[2020-07-23T04:09:39.394Z] runbld>>> Adding vcs info for the latest commit:  d63584b9d7a390bdbebe15c3f604b33edc1afc46
[2020-07-23T04:09:39.394Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-07-23T04:09:39.394Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-07-23T04:09:39.394Z] Processing JUnit reports with runbld...
[2020-07-23T04:09:39.394Z] + echo 'Processing JUnit reports with runbld...'
[2020-07-23T04:09:39.683Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-07-23T04:09:39.683Z] runbld>>> DURATION: 21ms
[2020-07-23T04:09:39.683Z] runbld>>> STDOUT: 40 bytes
[2020-07-23T04:09:39.683Z] runbld>>> STDERR: 49 bytes
[2020-07-23T04:09:39.683Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-07-23T04:09:39.683Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats
[2020-07-23T04:09:40.621Z] runbld>>> Storing build metadata: 
[2020-07-23T04:09:40.621Z] runbld>>> Adding test report.
[2020-07-23T04:09:40.621Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-20177/src/github.com/elastic/beats
[2020-07-23T04:09:41.555Z] runbld>>> Found 12 test output files
[2020-07-23T04:09:42.939Z] runbld>>> Test output logs contained: Errors: 0 Failures: 19 Tests: 4823 Skipped: 540
[2020-07-23T04:09:42.939Z] runbld>>> Storing result
[2020-07-23T04:09:42.939Z] runbld>>> FAILURES: 19
[2020-07-23T04:09:47.128Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-07-23T04:09:47.128Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1587637540455/t/20200723040938-9C28A3D7
[2020-07-23T04:09:47.128Z] runbld>>> Email notification disabled by environment variable.
[2020-07-23T04:09:47.128Z] runbld>>> Slack notification disabled by environment variable.
[2020-07-23T04:09:52.901Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-20177
[2020-07-23T04:09:53.110Z] [INFO] getVaultSecret: Getting secrets
[2020-07-23T04:09:53.184Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-07-23T04:09:53.936Z] + chmod 755 generate-build-data.sh
[2020-07-23T04:09:53.936Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20177/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20177/runs/2 FAILURE 3937227
[2020-07-23T04:09:53.936Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20177/runs/2/steps/?limit=10000 -o steps-info.json
[2020-07-23T04:09:54.487Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20177/runs/2/tests/?status=FAILED -o tests-errors.json
[2020-07-23T04:09:55.037Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-20177/runs/2/log/ -o pipeline-log.txt

@andrewstucki andrewstucki merged commit 2bd1d45 into elastic:7.9 Jul 23, 2020
@andrewstucki andrewstucki deleted the backport_20138_7.9 branch July 23, 2020 18:29
v1v added a commit to v1v/beats that referenced this pull request Jul 29, 2020
@v1v
Merge remote-tracking branch 'upstream/7.9' into backport/7.9/pr-19960
59a6124 
* upstream/7.9: (32 commits)
  feat(ci): support storing artifacts for PRs in separate dirs (elastic#20282) (elastic#20301)
  Cisco ASA: Fix message 106100 (elastic#20245) (elastic#20277)
  [CI] Change upstream reference (elastic#20296) (elastic#20297)
  [docs] Fix Windows download link for agent (elastic#20258) (elastic#20290)
  Cherry-pick to 7.9: [docs] Rename release highlights to what's new (elastic#20255) (elastic#20285)
  Elastic agent on k8s (elastic#19727) (elastic#20262)
  [Filebeat Module] Defender ATP - Adding dashboard (elastic#20058) (elastic#20093)
  fix: use a fixed worker type for tests (elastic#20130) (elastic#20247)
  [Elastic Agent] Fix Windows powershell install service script (elastic#20203) (elastic#20252)
  [Ingest Manager] Fixed unzip on older windows  (elastic#20088) (elastic#20109)
  adding possibility to override content-type checks, it was breaking certain webhooks that is not able to set content-headers at all. Still defaults to application/json (elastic#20232) (elastic#20237)
  [Filebeat][Gsuite] Make GSuite docs more clear (elastic#19981) (elastic#20067)
  Increase index.max_docvalue_fields_search to 200 (elastic#20218) (elastic#20221)
  Call host parser only once when building light metricsets (elastic#20149) (elastic#20190)
  [Metricbeat] Use MySQL Host Parser in Query metricset (elastic#20191) (elastic#20212)
  [Filebeat] Ignore cylance.protect timestamps while testing (elastic#20207) (elastic#20217)
  [libbeat] Fix write error in ensureWriter.Write (elastic#20112) (elastic#20145)
  Cherry-pick elastic#20127 to 7.9: Fix failing unit tests on windows  (elastic#20180)
  Remove f5/firepass rsa2elk fileset (elastic#20160) (elastic#20206)
  Cherry-pick elastic#20138 to 7.9: [Filebeat] Update crowdstrike module (elastic#20177)
  ...
@zube zube bot removed the [zube]: Done label Oct 22, 2020
leweafan pushed a commit to leweafan/beats that referenced this pull request Apr 28, 2023
Cherry-pick elastic#20138 to 7.9: [Filebeat] Update crowdstrike module (
037bca5 
elastic#20177)

* [Filebeat] Update crowdstrike module (elastic#20138)

* Update crowdstrike module

(cherry picked from commit aa58f2e)

* Fix up changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrewstucki @elasticmachine @andrewkroh