Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for intel.log zeek module #14404

Merged
merged 10 commits into from
Nov 19, 2019
Merged

Added support for intel.log zeek module #14404

merged 10 commits into from
Nov 19, 2019

Commits on Nov 18, 2019

  1. Added support for intel.log zeek module 

    Enrich the elastic#14150 supporting intel.log

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
    @garanews @dadokkio @andrewkroh
    2 people authored and andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    0383c78 View commit details
    Browse the repository at this point in the history

  2. Update fields.yml 

    Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
    @garanews @dadokkio @andrewkroh
    2 people authored and andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    4502def View commit details
    Browse the repository at this point in the history

  3. intel.log 

    example intel.log

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
    @garanews @dadokkio @andrewkroh
    2 people authored and andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    aafc39f View commit details
    Browse the repository at this point in the history

  4. added default_field: false 

    added default_field: false

Co-Authored-By: Arcuri Davide <dadokkio@gmail.com>
    @garanews @dadokkio @andrewkroh
    2 people authored and andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    fe6edbd View commit details
    Browse the repository at this point in the history

  5. Generate expected zeek/intel output event

    @andrewkroh
    andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    b9c6677 View commit details
    Browse the repository at this point in the history

  6. Add changelog entry

    @andrewkroh
    andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    8243c87 View commit details
    Browse the repository at this point in the history

  7. Update field docs

    @andrewkroh
    andrewkroh committed Nov 18, 2019
    Configuration menu
    Copy the full SHA
    17f019e View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2019

  1. Misc improvements 

    Expand dots in zeek.intel.seen
Parse ts value without dropping millisecond value
Add event.ingested timestamp
Convert ingest node pipeline to YAML
Save JSON message in event.original
    @andrewkroh
    andrewkroh committed Nov 19, 2019
    Configuration menu
    Copy the full SHA
    0e415d5 View commit details
    Browse the repository at this point in the history

  2. Updates to zeek.intel.seen 

    Expand dots of all seen.* fields
Change name of zeek.intel.seen.fa_file to zeek.intel.seen.f as documented by Zeek.
    @andrewkroh
    andrewkroh committed Nov 19, 2019
    Configuration menu
    Copy the full SHA
    1038599 View commit details
    Browse the repository at this point in the history

  3. Update field docs

    @andrewkroh
    andrewkroh committed Nov 19, 2019
    Configuration menu
    Copy the full SHA
    87a5ae3 View commit details
    Browse the repository at this point in the history