[Filebeat] Remove space from field sophos.xg.trans_src_ ip
#25250
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
botelastic
bot
added
the
needs_team
💚 Build Succeeded
Expand to view the summary
Build stats
Trends 🧪❕ Flaky test reportNo test was executed to be analysed. |
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
removed
the
needs_team
legoguy1000
force-pushed
the
25154-sophos-field-fix
branch
from
48690b8
to
3a62c18
Compare
|
This pull request is now in conflicts. Could you fix it? 🙏 |
legoguy1000
force-pushed
the
25154-sophos-field-fix
branch
from
3a62c18
to
fccc282
Compare
|
@andrewkroh Can you take a look at this one too. Should be a quick one. |
|
This pull request is now in conflicts. Could you fix it? 🙏 |
legoguy1000
force-pushed
the
25154-sophos-field-fix
branch
from
fccc282
to
153f9ef
Compare
P1llus
approved these changes
May 3, 2021
|
run tests |
|
Could you backport this to 7.x, 7.12 and 7.13 branches @legoguy1000 ? |
legoguy1000
added a commit
to legoguy1000/beats
that referenced
this pull request
May 4, 2021
…stic#25250) (cherry picked from commit a5079ef)
This was referenced May 4, 2021
legoguy1000
added a commit
to legoguy1000/beats
that referenced
this pull request
May 4, 2021
…stic#25250) (cherry picked from commit a5079ef)
Merged
6 tasks
legoguy1000
added a commit
to legoguy1000/beats
that referenced
this pull request
May 4, 2021
…stic#25250) (cherry picked from commit a5079ef)
andrewkroh
added a commit
to andrewkroh/integrations
that referenced
this pull request
Apr 20, 2022
Sync fix from elastic/beats#25250.
4 tasks
andrewkroh
added a commit
to elastic/integrations
that referenced
this pull request
Apr 21, 2022
Remove space from sophos.xg.trans_src_ip field name in mapping. Sync fix from elastic/beats#25250. Do not modify event.original. Populate `url.*` fields based on `sophos.xg.url`. Rename `sophos.xg.reason` to `event.reason` (ECS). Normalize all `sophos.xg.*` keys to lowercase. Lowercase `network.transport` as per ECS. Format `source.mac` and `destination.mac` as per ECS. Add Sophos Firewall 18.5 log samples taken from documentation. Set the `event.code` from the message ID (and remove `sophos.xg.messageid`). Consolidate geoip enrichment Consolidate related.ip processors Consolidate lowercase network.transport/protocol Consolidate related.user processing Consolidate related.hash Consolidate network.{bytes,packets} calculations Add network.community_id Add {url,source,destination}.domain to related.hosts Set event.duration (ns) for WAF events using reponsetime (us) Remove client/server mappings. This was a large amount of duplication causing increased event sizes. Add reference link to xg syslog formats Anti-Virus - Set `destination.domain` from `sophos.xg.dstdomain` in anti-virus log. - Use `sophos.xg.dst_domainname` to set `destination.domain` for Anti-Virus SMTP events. - Use `sophos.xg.src_domainname` to set `source.domain` for Anti-Virus SMTP events. - Set `network.protocol` for anti-virus logs. Anti-Spam - Set `network.protocol` for anti-spam logs. Content Filtering - Set `network.protocol` for Content Filtering. Use the URL scheme to derive the protocol. Sandstorm - Set `file.name` for Sandstorm events (there was a typo in the if condition). - Set `url.domain`, `destination.domain`, and `destination.ip` for Sandstorm web events. - Handle sha256 Sandstorm file hashes. In 17.5 and earlier the sha1sum contained the sha1 checksum of the file being analyzed. In 18.0 and later the sha1sum contains the sha256 checksum of the file. System Health - Convert `sophos.xg.collisions`, `sophos.xg.receiveddrops`, and `sophos.xg.transmitteddrops` to float in document `_source`. Wireless Protection Change `sophos.xg.clients_conn_ssid` to a long in the mapping. * Update files [git-generate] cd packages/sophos elastic-package format elastic-package build elastic-package test pipeline -g * Add changelog * Remove null-safe operator when accessing ctx Replaces `ctx?.` with `ctx.` in all of the sophos.xg pipelines. * Sort ecs.yml and fields.yml by name
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
… `sophos.xg.trans_src_ ip` (elastic#25525) * elastic#25154: Remove space from field `sophos.xg.trans_src_ ip` (elastic#25250) (cherry picked from commit 0d955a0) * Update CHANGELOG.next.asciidoc Co-authored-by: Marius Iversen <marius.iversen@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Removes the space in
sophos.xg.trans_src_ ip->sophos.xg.trans_src_ipWhy is it important?
Field has an invalid space
Checklist
CHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Author's Checklist
How to test this PR locally
Related issues
Use cases
Screenshots
Logs