From ad0731199f9e053c8d316442d34b645149d752d5 Mon Sep 17 00:00:00 2001
From: dainok <andrea.dainese@pm.me>
Date: Tue, 11 Aug 2020 01:31:39 +0200
Subject: [PATCH] [Filebeat] Fix PANW field spelling "veredict" to "verdict"
 (#18808)

Fix PANW field spelling "veredict" to "verdict" on event.action.

Co-authored-by: Andrea Dainese <andrea.dainese@gmail.com>
(cherry picked from commit 4d8354d8625a358a7db2798ef90c5d0461d0651a)
---
 CHANGELOG.next.asciidoc                               | 1 +
 x-pack/filebeat/module/panw/panos/ingest/pipeline.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index a151b7b507b..de1145cb28c 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -76,6 +76,7 @@ field. You can revert this change by configuring tags for the module and omittin
 - Adds Gsuite Groups support. {pull}19725[19725]
 - Move file metrics to dataset endpoint {pull}19977[19977]
 - Disable the option of running --machine-learning on its own. {pull}20241[20241]
+- Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml
index 7cc44f287b6..a06419467b4 100644
--- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml
+++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml
@@ -291,7 +291,7 @@ processors:
      if: 'ctx?._temp_?.message_subtype == "vulnerability"'
  - set:
      field: event.action
-     value: wildfire_veredict
+     value: wildfire_verdict
      if: 'ctx?._temp_?.message_subtype == "wildfire"'
  - set:
      field: event.action