Skip to content

Commit

Permalink
[Filebeat] Improve ECS categorization in iptables module (#16637) (#1…
Browse files Browse the repository at this point in the history 
…7064)

* Improve ECS categorization in iptables module

- event.action, map to accept/drop like gui
- event.category
- event.kind
- event.type
- observer.egress.zone
- observer.ingress.zone
- related.ip
- rule.id
- rule.name
- convert pipeline to yaml
- fix tcp_flags grok to get all entries
- make iptables.tcp.flags an array
- make iptables.fragment_flags an array

Closes #16166

(cherry picked from commit d9c83df)
  • Loading branch information
@leehinman
leehinman committed Mar 19, 2020
1 parent bacc249 commit 21a282b
Show file tree
Hide file tree
Showing 9 changed files with 676 additions and 277 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Improve ECS categorization, host field mappings in elasticsearch module. {issue}16160[16160] {pull}16469[16469]
- Improve ECS categorization field mappings in suricata module. {issue}16181[16181] {pull}16843[16843]
- Release ActiveMQ module as GA. {issue}17047[17047] {pull}17049[17049]
- Improve ECS categorization field mappings in iptables module. {issue}16166[16166] {pull}16637[16637]

*Heartbeat*

Expand Down
244 changes: 0 additions & 244 deletions x-pack/filebeat/module/iptables/log/ingest/pipeline.json
View file

This file was deleted.

Loading

0 comments on commit 21a282b

Please sign in to comment.