diff --git a/.ci/jobs/apm-beats-update.yml b/.ci/jobs/apm-beats-update.yml index 2ae688ffab7..8bdc322f65a 100644 --- a/.ci/jobs/apm-beats-update.yml +++ b/.ci/jobs/apm-beats-update.yml @@ -48,7 +48,7 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 3 do-not-fetch-tags: true submodule: disable: false diff --git a/.ci/jobs/beats-release-changelog.yml b/.ci/jobs/beats-release-changelog.yml new file mode 100644 index 00000000000..1cbd94c7168 --- /dev/null +++ b/.ci/jobs/beats-release-changelog.yml @@ -0,0 +1,20 @@ +--- +- job: + name: Beats/Release/beats-release-changelog + display-name: 'Prepare the Changelog for a Release' + description: 'Automate the steps to prepare the Changelog for a Release' + view: Beats + project-type: pipeline + pipeline-scm: + script-path: release_scripts/pipeline-release-changelog.groovy + scm: + - git: + url: git@github.com:elastic/ingest-dev.git + refspec: +refs/heads/*:refs/remotes/origin/* +refs/pull/*/head:refs/remotes/origin/pr/* + wipe-workspace: 'True' + name: origin + shallow-clone: true + credentials-id: f6c7695a-671e-4f4f-a331-acdce44ff9ba + reference-repo: /var/lib/jenkins/.git-references/ingest-dev.git + branches: + - master diff --git a/.ci/jobs/beats-tester.yml b/.ci/jobs/beats-tester.yml index 808123a225e..522abfa5e5c 100644 --- a/.ci/jobs/beats-tester.yml +++ b/.ci/jobs/beats-tester.yml @@ -44,7 +44,7 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 3 do-not-fetch-tags: true submodule: disable: false diff --git a/.ci/jobs/beats-windows-mbp.yml b/.ci/jobs/beats-windows-mbp.yml index 7ea26c9ba18..64efa009979 100644 --- a/.ci/jobs/beats-windows-mbp.yml +++ b/.ci/jobs/beats-windows-mbp.yml @@ -44,7 +44,7 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 4 do-not-fetch-tags: true submodule: disable: false diff --git a/.ci/jobs/beats.yml b/.ci/jobs/beats.yml index 3e4c8e50980..b075d8bbdf2 100644 --- a/.ci/jobs/beats.yml +++ b/.ci/jobs/beats.yml @@ -46,13 +46,14 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 3 do-not-fetch-tags: true submodule: disable: false recursive: true parent-credentials: true timeout: 100 + reference-repo: /var/lib/jenkins/.git-references/beats.git timeout: '15' use-author: true wipe-workspace: true diff --git a/.ci/jobs/golang-crossbuild-mbp.yml b/.ci/jobs/golang-crossbuild-mbp.yml index 45175d169f6..46303790610 100644 --- a/.ci/jobs/golang-crossbuild-mbp.yml +++ b/.ci/jobs/golang-crossbuild-mbp.yml @@ -31,7 +31,7 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 4 do-not-fetch-tags: true submodule: disable: false diff --git a/.ci/jobs/packaging.yml b/.ci/jobs/packaging.yml index fd6fb9f90c6..0dce4d4672b 100644 --- a/.ci/jobs/packaging.yml +++ b/.ci/jobs/packaging.yml @@ -44,7 +44,7 @@ before: true prune: true shallow-clone: true - depth: 10 + depth: 3 do-not-fetch-tags: true submodule: disable: false diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 223dace9e49..a96a23db9d8 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -275,6 +275,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Handle multiple upstreams in ingress-controller. {pull}21215[21215] - Provide backwards compatibility for the `append` processor when Elasticsearch is less than 7.10.0. {pull}21159[21159] - Fix checkpoint module when logs contain time field. {pull}20567[20567] +- Add field limit check for AWS Cloudtrail flattened fields. {pull}21388[21388] {issue}21382[21382] *Heartbeat* diff --git a/Jenkinsfile b/Jenkinsfile index 35ede29de22..3d5c5cba0dd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,6 +24,7 @@ pipeline { PIPELINE_LOG_LEVEL = 'INFO' PYTEST_ADDOPTS = "${params.PYTEST_ADDOPTS}" RUNBLD_DISABLE_NOTIFICATIONS = 'true' + SLACK_CHANNEL = "#beats-ci-builds" TERRAFORM_VERSION = "0.12.24" XPACK_MODULE_PATTERN = '^x-pack\\/[a-z0-9]+beat\\/module\\/([^\\/]+)\\/.*' } @@ -129,7 +130,7 @@ pipeline { runbld(stashedTestReports: stashedTestReports, project: env.REPO) } cleanup { - notifyBuildResult(prComment: true) + notifyBuildResult(prComment: true, slackComment: true) } } } diff --git a/Jenkinsfile.yml b/Jenkinsfile.yml index 88050ac0714..4bffa2f0049 100644 --- a/Jenkinsfile.yml +++ b/Jenkinsfile.yml @@ -28,11 +28,13 @@ changeset: - "^\\.ci/scripts/.*" oss: - "^go.mod" + - "^pytest.ini" - "^dev-tools/.*" - "^libbeat/.*" - "^testing/.*" xpack: - "^go.mod" + - "^pytest.ini" - "^dev-tools/.*" - "^libbeat/.*" - "^testing/.*" diff --git a/dev-tools/dependencies-report b/dev-tools/dependencies-report index a2662a4ab9a..928de5367ca 100755 --- a/dev-tools/dependencies-report +++ b/dev-tools/dependencies-report @@ -48,7 +48,7 @@ go list -m -json all $@ | go run go.elastic.co/go-licence-detector \ # name,url,version,revision,license ubi8url='https://catalog.redhat.com/software/containers/ubi8/ubi-minimal/5c359a62bed8bd75a2c3fba8' ubi8source='https://oss-dependencies.elastic.co/redhat/ubi/ubi-minimal-8-source.tar.gz' -ubilicense='Custom;https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf,https://oss-dependencies.elastic.co/redhat/ubi/ubi-minimal-8-source.tar.gz' +ubilicense='Custom;https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf' cat <> $outfile Red Hat Universal Base Image,$ubi8url,8,,$ubilicense,$ubi8source EOF diff --git a/filebeat/input/filestream/config.go b/filebeat/input/filestream/config.go new file mode 100644 index 00000000000..93b23232594 --- /dev/null +++ b/filebeat/input/filestream/config.go @@ -0,0 +1,147 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + "fmt" + "time" + + "github.com/dustin/go-humanize" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/match" + "github.com/elastic/beats/v7/libbeat/reader/readfile" +) + +// Config stores the options of a file stream. +type config struct { + Paths []string `config:"paths"` + Close closerConfig `config:"close"` + FileWatcher *common.ConfigNamespace `config:"file_watcher"` + Reader readerConfig `config:"readers"` + FileIdentity *common.ConfigNamespace `config:"file_identity"` + CleanInactive time.Duration `config:"clean_inactive" validate:"min=0"` + CleanRemoved bool `config:"clean_removed"` + HarvesterLimit uint32 `config:"harvester_limit" validate:"min=0"` + IgnoreOlder time.Duration `config:"ignore_older"` +} + +type closerConfig struct { + OnStateChange stateChangeCloserConfig `config:"on_state_change"` + Reader readerCloserConfig `config:"reader"` +} + +type readerCloserConfig struct { + AfterInterval time.Duration + Inactive time.Duration + OnEOF bool +} + +type stateChangeCloserConfig struct { + CheckInterval time.Duration + Removed bool + Renamed bool +} + +// TODO should this be inline? +type readerConfig struct { + Backoff backoffConfig `config:"backoff"` + BufferSize int `config:"buffer_size"` + Encoding string `config:"encoding"` + ExcludeLines []match.Matcher `config:"exclude_lines"` + IncludeLines []match.Matcher `config:"include_lines"` + LineTerminator readfile.LineTerminator `config:"line_terminator"` + MaxBytes int `config:"message_max_bytes" validate:"min=0,nonzero"` + Tail bool `config:"seek_to_tail"` + + Parsers []*common.ConfigNamespace `config:"parsers"` // TODO multiline, json, syslog? +} + +type backoffConfig struct { + Init time.Duration `config:"init" validate:"nonzero"` + Max time.Duration `config:"max" validate:"nonzero"` +} + +func defaultConfig() config { + return config{ + Paths: []string{}, + Close: defaultCloserConfig(), + Reader: defaultReaderConfig(), + CleanInactive: 0, + CleanRemoved: true, + HarvesterLimit: 0, + IgnoreOlder: 0, + } +} + +func defaultCloserConfig() closerConfig { + return closerConfig{ + OnStateChange: stateChangeCloserConfig{ + CheckInterval: 5 * time.Second, + Removed: true, // TODO check clean_removed option + Renamed: false, + }, + Reader: readerCloserConfig{ + OnEOF: false, + Inactive: 0 * time.Second, + AfterInterval: 0 * time.Second, + }, + } +} + +func defaultReaderConfig() readerConfig { + return readerConfig{ + Backoff: backoffConfig{ + Init: 1 * time.Second, + Max: 10 * time.Second, + }, + BufferSize: 16 * humanize.KiByte, + LineTerminator: readfile.AutoLineTerminator, + MaxBytes: 10 * humanize.MiByte, + Tail: false, + Parsers: nil, + } +} + +func (c *config) Validate() error { + if len(c.Paths) == 0 { + return fmt.Errorf("no path is configured") + } + // TODO + //if c.CleanInactive != 0 && c.IgnoreOlder == 0 { + // return fmt.Errorf("ignore_older must be enabled when clean_inactive is used") + //} + + // TODO + //if c.CleanInactive != 0 && c.CleanInactive <= c.IgnoreOlder+c.ScanFrequency { + // return fmt.Errorf("clean_inactive must be > ignore_older + scan_frequency to make sure only files which are not monitored anymore are removed") + //} + + // TODO + //if c.JSON != nil && len(c.JSON.MessageKey) == 0 && + // c.Multiline != nil { + // return fmt.Errorf("When using the JSON decoder and multiline together, you need to specify a message_key value") + //} + + //if c.JSON != nil && len(c.JSON.MessageKey) == 0 && + // (len(c.IncludeLines) > 0 || len(c.ExcludeLines) > 0) { + // return fmt.Errorf("When using the JSON decoder and line filtering together, you need to specify a message_key value") + //} + + return nil +} diff --git a/filebeat/input/filestream/filestream.go b/filebeat/input/filestream/filestream.go new file mode 100644 index 00000000000..59f26ccca1b --- /dev/null +++ b/filebeat/input/filestream/filestream.go @@ -0,0 +1,225 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + "context" + "errors" + "io" + "os" + "time" + + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/common/backoff" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/go-concert/ctxtool" + "github.com/elastic/go-concert/unison" +) + +var ( + ErrFileTruncate = errors.New("detected file being truncated") + ErrClosed = errors.New("reader closed") +) + +// logFile contains all log related data +type logFile struct { + file *os.File + log *logp.Logger + ctx context.Context + cancelReading context.CancelFunc + + closeInactive time.Duration + closeAfterInterval time.Duration + closeOnEOF bool + + offset int64 + lastTimeRead time.Time + backoff backoff.Backoff + tg unison.TaskGroup +} + +// newFileReader creates a new log instance to read log sources +func newFileReader( + log *logp.Logger, + canceler input.Canceler, + f *os.File, + config readerConfig, + closerConfig readerCloserConfig, +) (*logFile, error) { + offset, err := f.Seek(0, os.SEEK_CUR) + if err != nil { + return nil, err + } + + l := &logFile{ + file: f, + log: log, + closeInactive: closerConfig.Inactive, + closeAfterInterval: closerConfig.AfterInterval, + closeOnEOF: closerConfig.OnEOF, + offset: offset, + lastTimeRead: time.Now(), + backoff: backoff.NewExpBackoff(canceler.Done(), config.Backoff.Init, config.Backoff.Max), + tg: unison.TaskGroup{}, + } + + l.ctx, l.cancelReading = ctxtool.WithFunc(ctxtool.FromCanceller(canceler), func() { + err := l.tg.Stop() + if err != nil { + l.log.Errorf("Error while stopping filestream logFile reader: %v", err) + } + }) + + l.startFileMonitoringIfNeeded() + + return l, nil +} + +// Read reads from the reader and updates the offset +// The total number of bytes read is returned. +func (f *logFile) Read(buf []byte) (int, error) { + totalN := 0 + + for f.ctx.Err() == nil { + n, err := f.file.Read(buf) + if n > 0 { + f.offset += int64(n) + f.lastTimeRead = time.Now() + } + totalN += n + + // Read from source completed without error + // Either end reached or buffer full + if err == nil { + // reset backoff for next read + f.backoff.Reset() + return totalN, nil + } + + // Move buffer forward for next read + buf = buf[n:] + + // Checks if an error happened or buffer is full + // If buffer is full, cannot continue reading. + // Can happen if n == bufferSize + io.EOF error + err = f.errorChecks(err) + if err != nil || len(buf) == 0 { + return totalN, err + } + + f.log.Debugf("End of file reached: %s; Backoff now.", f.file.Name()) + f.backoff.Wait() + } + + return 0, ErrClosed +} + +func (f *logFile) startFileMonitoringIfNeeded() { + if f.closeInactive == 0 && f.closeAfterInterval == 0 { + return + } + + if f.closeInactive > 0 { + f.tg.Go(func(ctx unison.Canceler) error { + f.closeIfTimeout(ctx) + return nil + }) + } + + if f.closeAfterInterval > 0 { + f.tg.Go(func(ctx unison.Canceler) error { + f.closeIfInactive(ctx) + return nil + }) + } +} + +func (f *logFile) closeIfTimeout(ctx unison.Canceler) { + timer := time.NewTimer(f.closeAfterInterval) + defer timer.Stop() + + for { + select { + case <-ctx.Done(): + return + case <-timer.C: + f.cancelReading() + return + } + } +} + +func (f *logFile) closeIfInactive(ctx unison.Canceler) { + // This can be made configureble if users need a more flexible + // cheking for inactive files. + ticker := time.NewTicker(5 * time.Minute) + defer ticker.Stop() + + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + age := time.Since(f.lastTimeRead) + if age > f.closeInactive { + f.cancelReading() + return + } + } + } +} + +// errorChecks determines the cause for EOF errors, and how the EOF event should be handled +// based on the config options. +func (f *logFile) errorChecks(err error) error { + if err != io.EOF { + f.log.Error("Unexpected state reading from %s; error: %s", f.file.Name(), err) + return err + } + + return f.handleEOF() +} + +func (f *logFile) handleEOF() error { + if f.closeOnEOF { + return io.EOF + } + + // Refetch fileinfo to check if the file was truncated. + // Errors if the file was removed/rotated after reading and before + // calling the stat function + info, statErr := f.file.Stat() + if statErr != nil { + f.log.Error("Unexpected error reading from %s; error: %s", f.file.Name(), statErr) + return statErr + } + + // check if file was truncated + if info.Size() < f.offset { + f.log.Debugf("File was truncated as offset (%d) > size (%d): %s", f.offset, info.Size(), f.file.Name()) + return ErrFileTruncate + } + + return nil +} + +// Close +func (f *logFile) Close() error { + f.cancelReading() + return f.file.Close() +} diff --git a/filebeat/input/filestream/fswatch.go b/filebeat/input/filestream/fswatch.go new file mode 100644 index 00000000000..d4bc1b5ea08 --- /dev/null +++ b/filebeat/input/filestream/fswatch.go @@ -0,0 +1,375 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + "fmt" + "os" + "path/filepath" + "time" + + "github.com/elastic/beats/v7/filebeat/input/file" + loginp "github.com/elastic/beats/v7/filebeat/input/filestream/internal/input-logfile" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/match" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/go-concert/unison" +) + +const ( + recursiveGlobDepth = 8 + scannerName = "scanner" + watcherDebugKey = "file_watcher" +) + +var ( + watcherFactories = map[string]watcherFactory{ + scannerName: newScannerWatcher, + } +) + +type watcherFactory func(paths []string, cfg *common.Config) (loginp.FSWatcher, error) + +// fileScanner looks for files which match the patterns in paths. +// It is able to exclude files and symlinks. +type fileScanner struct { + paths []string + excludedFiles []match.Matcher + symlinks bool + + log *logp.Logger +} + +type fileWatcherConfig struct { + // Interval is the time between two scans. + Interval time.Duration + // Scanner is the configuration of the scanner. + Scanner fileScannerConfig +} + +// fileWatcher gets the list of files from a FSWatcher and creates events by +// comparing the files between its last two runs. +type fileWatcher struct { + interval time.Duration + prev map[string]os.FileInfo + scanner loginp.FSScanner + log *logp.Logger + events chan loginp.FSEvent +} + +func newFileWatcher(paths []string, ns *common.ConfigNamespace) (loginp.FSWatcher, error) { + if ns == nil { + return newScannerWatcher(paths, nil) + } + + watcherType := ns.Name() + f, ok := watcherFactories[watcherType] + if !ok { + return nil, fmt.Errorf("no such file watcher: %s", watcherType) + } + + return f(paths, ns.Config()) +} + +func newScannerWatcher(paths []string, c *common.Config) (loginp.FSWatcher, error) { + config := defaultFileWatcherConfig() + err := c.Unpack(&config) + if err != nil { + return nil, err + } + scanner, err := newFileScanner(paths, config.Scanner) + if err != nil { + return nil, err + } + return &fileWatcher{ + log: logp.NewLogger(watcherDebugKey), + interval: config.Interval, + prev: make(map[string]os.FileInfo, 0), + scanner: scanner, + events: make(chan loginp.FSEvent), + }, nil +} + +func defaultFileWatcherConfig() fileWatcherConfig { + return fileWatcherConfig{ + Interval: 10 * time.Second, + Scanner: defaultFileScannerConfig(), + } +} + +func (w *fileWatcher) Run(ctx unison.Canceler) { + defer close(w.events) + + ticker := time.NewTicker(w.interval) + defer ticker.Stop() + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + w.watch(ctx) + } + } +} + +func (w *fileWatcher) watch(ctx unison.Canceler) { + w.log.Info("Start next scan") + + paths := w.scanner.GetFiles() + + newFiles := make(map[string]os.FileInfo) + + for path, info := range paths { + + prevInfo, ok := w.prev[path] + if !ok { + newFiles[path] = paths[path] + continue + } + + if prevInfo.ModTime() != info.ModTime() { + select { + case <-ctx.Done(): + return + case w.events <- writeEvent(path, info): + } + } + + // delete from previous state, as we have more up to date info + delete(w.prev, path) + } + + // remaining files are in the prev map are the ones that are missing + // either because they have been deleted or renamed + for removedPath, removedInfo := range w.prev { + for newPath, newInfo := range newFiles { + if os.SameFile(removedInfo, newInfo) { + select { + case <-ctx.Done(): + return + case w.events <- renamedEvent(removedPath, newPath, newInfo): + delete(newFiles, newPath) + goto CHECK_NEXT_REMOVED + } + } + } + + select { + case <-ctx.Done(): + return + case w.events <- deleteEvent(removedPath, removedInfo): + } + CHECK_NEXT_REMOVED: + } + + // remaining files in newFiles are new + for path, info := range newFiles { + select { + case <-ctx.Done(): + return + case w.events <- createEvent(path, info): + } + + } + + w.log.Debugf("Found %d paths", len(paths)) + w.prev = paths +} + +func createEvent(path string, fi os.FileInfo) loginp.FSEvent { + return loginp.FSEvent{Op: loginp.OpCreate, OldPath: "", NewPath: path, Info: fi} +} + +func writeEvent(path string, fi os.FileInfo) loginp.FSEvent { + return loginp.FSEvent{Op: loginp.OpWrite, OldPath: path, NewPath: path, Info: fi} +} + +func renamedEvent(oldPath, path string, fi os.FileInfo) loginp.FSEvent { + return loginp.FSEvent{Op: loginp.OpRename, OldPath: oldPath, NewPath: path, Info: fi} +} + +func deleteEvent(path string, fi os.FileInfo) loginp.FSEvent { + return loginp.FSEvent{Op: loginp.OpDelete, OldPath: path, NewPath: "", Info: fi} +} + +func (w *fileWatcher) Event() loginp.FSEvent { + return <-w.events +} + +type fileScannerConfig struct { + Paths []string + ExcludedFiles []match.Matcher + Symlinks bool + RecursiveGlob bool +} + +func defaultFileScannerConfig() fileScannerConfig { + return fileScannerConfig{ + Symlinks: false, + RecursiveGlob: true, + } +} + +func newFileScanner(paths []string, cfg fileScannerConfig) (loginp.FSScanner, error) { + fs := fileScanner{ + paths: paths, + excludedFiles: cfg.ExcludedFiles, + symlinks: cfg.Symlinks, + log: logp.NewLogger(scannerName), + } + err := fs.resolveRecursiveGlobs(cfg) + if err != nil { + return nil, err + } + err = fs.normalizeGlobPatterns() + if err != nil { + return nil, err + } + + return &fs, nil +} + +// resolveRecursiveGlobs expands `**` from the globs in multiple patterns +func (s *fileScanner) resolveRecursiveGlobs(c fileScannerConfig) error { + if !c.RecursiveGlob { + s.log.Debug("recursive glob disabled") + return nil + } + + s.log.Debug("recursive glob enabled") + var paths []string + for _, path := range s.paths { + patterns, err := file.GlobPatterns(path, recursiveGlobDepth) + if err != nil { + return err + } + if len(patterns) > 1 { + s.log.Debugf("%q expanded to %#v", path, patterns) + } + paths = append(paths, patterns...) + } + s.paths = paths + return nil +} + +// normalizeGlobPatterns calls `filepath.Abs` on all the globs from config +func (s *fileScanner) normalizeGlobPatterns() error { + var paths []string + for _, path := range s.paths { + pathAbs, err := filepath.Abs(path) + if err != nil { + return fmt.Errorf("failed to get the absolute path for %s: %v", path, err) + } + paths = append(paths, pathAbs) + } + s.paths = paths + return nil +} + +// GetFiles returns a map of files and fileinfos which +// match the configured paths. +func (s *fileScanner) GetFiles() map[string]os.FileInfo { + pathInfo := map[string]os.FileInfo{} + + for _, path := range s.paths { + matches, err := filepath.Glob(path) + if err != nil { + s.log.Errorf("glob(%s) failed: %v", path, err) + continue + } + + for _, file := range matches { + if s.shouldSkipFile(file) { + continue + } + + // If symlink is enabled, it is checked that original is not part of same input + // If original is harvested by other input, states will potentially overwrite each other + if s.isOriginalAndSymlinkConfigured(file, pathInfo) { + continue + } + + fileInfo, err := os.Stat(file) + if err != nil { + s.log.Debug("stat(%s) failed: %s", file, err) + continue + } + pathInfo[file] = fileInfo + } + } + + return pathInfo +} + +func (s *fileScanner) shouldSkipFile(file string) bool { + if s.isFileExcluded(file) { + s.log.Debugf("Exclude file: %s", file) + return true + } + + fileInfo, err := os.Lstat(file) + if err != nil { + s.log.Debugf("lstat(%s) failed: %s", file, err) + return true + } + + if fileInfo.IsDir() { + s.log.Debugf("Skipping directory: %s", file) + return true + } + + isSymlink := fileInfo.Mode()&os.ModeSymlink > 0 + if isSymlink && !s.symlinks { + s.log.Debugf("File %s skipped as it is a symlink", file) + return true + } + + return false +} + +func (s *fileScanner) isOriginalAndSymlinkConfigured(file string, paths map[string]os.FileInfo) bool { + if s.symlinks { + fileInfo, err := os.Stat(file) + if err != nil { + s.log.Debugf("stat(%s) failed: %s", file, err) + return false + } + + for _, finfo := range paths { + if os.SameFile(finfo, fileInfo) { + s.log.Info("Same file found as symlink and original. Skipping file: %s (as it same as %s)", file, finfo.Name()) + return true + } + } + } + return false +} + +func (s *fileScanner) isFileExcluded(file string) bool { + return len(s.excludedFiles) > 0 && s.matchAny(s.excludedFiles, file) +} + +// matchAny checks if the text matches any of the regular expressions +func (s *fileScanner) matchAny(matchers []match.Matcher, text string) bool { + for _, m := range matchers { + if m.MatchString(text) { + return true + } + } + return false +} diff --git a/filebeat/input/filestream/fswatch_test.go b/filebeat/input/filestream/fswatch_test.go new file mode 100644 index 00000000000..5e63987c868 --- /dev/null +++ b/filebeat/input/filestream/fswatch_test.go @@ -0,0 +1,300 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + "context" + "os" + "path/filepath" + "testing" + "time" + + "github.com/stretchr/testify/assert" + + loginp "github.com/elastic/beats/v7/filebeat/input/filestream/internal/input-logfile" + "github.com/elastic/beats/v7/libbeat/common/match" + "github.com/elastic/beats/v7/libbeat/logp" +) + +func TestFileScanner(t *testing.T) { + testCases := map[string]struct { + paths []string + excludedFiles []match.Matcher + symlinks bool + expectedFiles []string + }{ + "select all files": { + paths: []string{ + filepath.Join("testdata", "excluded_file"), + filepath.Join("testdata", "included_file"), + }, + expectedFiles: []string{ + mustAbsPath(filepath.Join("testdata", "excluded_file")), + mustAbsPath(filepath.Join("testdata", "included_file")), + }, + }, + "skip excluded files": { + paths: []string{ + filepath.Join("testdata", "excluded_file"), + filepath.Join("testdata", "included_file"), + }, + excludedFiles: []match.Matcher{ + match.MustCompile(filepath.Join("testdata", "excluded_file")), + }, + expectedFiles: []string{ + mustAbsPath(filepath.Join("testdata", "included_file")), + }, + }, + // covers test_input.py/test_skip_symlinks + "skip symlinks": { + paths: []string{ + filepath.Join("testdata", "symlink_to_included_file"), + filepath.Join("testdata", "included_file"), + }, + symlinks: false, + expectedFiles: []string{ + mustAbsPath(filepath.Join("testdata", "included_file")), + }, + }, + "return a file once if symlinks are enabled": { + paths: []string{ + filepath.Join("testdata", "symlink_to_included_file"), + filepath.Join("testdata", "included_file"), + }, + symlinks: true, + expectedFiles: []string{ + mustAbsPath(filepath.Join("testdata", "included_file")), + }, + }, + "skip directories": { + paths: []string{ + filepath.Join("testdata", "unharvestable_dir"), + }, + expectedFiles: []string{}, + }, + } + + for name, test := range testCases { + test := test + + t.Run(name, func(t *testing.T) { + cfg := fileScannerConfig{ + ExcludedFiles: test.excludedFiles, + Symlinks: test.symlinks, + RecursiveGlob: false, + } + fs, err := newFileScanner(test.paths, cfg) + if err != nil { + t.Fatal(err) + } + files := fs.GetFiles() + paths := make([]string, 0) + for p, _ := range files { + paths = append(paths, p) + } + assert.Equal(t, test.expectedFiles, paths) + }) + } +} + +func TestFileWatchNewDeleteModified(t *testing.T) { + oldTs := time.Now() + newTs := oldTs.Add(5 * time.Second) + testCases := map[string]struct { + prevFiles map[string]os.FileInfo + nextFiles map[string]os.FileInfo + expectedEvents []loginp.FSEvent + }{ + "one new file": { + prevFiles: map[string]os.FileInfo{}, + nextFiles: map[string]os.FileInfo{ + "new_path": testFileInfo{"new_path", 5, oldTs}, + }, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpCreate, OldPath: "", NewPath: "new_path", Info: testFileInfo{"new_path", 5, oldTs}}, + }, + }, + "one deleted file": { + prevFiles: map[string]os.FileInfo{ + "old_path": testFileInfo{"old_path", 5, oldTs}, + }, + nextFiles: map[string]os.FileInfo{}, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpDelete, OldPath: "old_path", NewPath: "", Info: testFileInfo{"old_path", 5, oldTs}}, + }, + }, + "one modified file": { + prevFiles: map[string]os.FileInfo{ + "path": testFileInfo{"path", 5, oldTs}, + }, + nextFiles: map[string]os.FileInfo{ + "path": testFileInfo{"path", 10, newTs}, + }, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpWrite, OldPath: "path", NewPath: "path", Info: testFileInfo{"path", 10, newTs}}, + }, + }, + "two modified files": { + prevFiles: map[string]os.FileInfo{ + "path1": testFileInfo{"path1", 5, oldTs}, + "path2": testFileInfo{"path2", 5, oldTs}, + }, + nextFiles: map[string]os.FileInfo{ + "path1": testFileInfo{"path1", 10, newTs}, + "path2": testFileInfo{"path2", 10, newTs}, + }, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpWrite, OldPath: "path1", NewPath: "path1", Info: testFileInfo{"path1", 10, newTs}}, + loginp.FSEvent{Op: loginp.OpWrite, OldPath: "path2", NewPath: "path2", Info: testFileInfo{"path2", 10, newTs}}, + }, + }, + "one modified file, one new file": { + prevFiles: map[string]os.FileInfo{ + "path1": testFileInfo{"path1", 5, oldTs}, + }, + nextFiles: map[string]os.FileInfo{ + "path1": testFileInfo{"path1", 10, newTs}, + "path2": testFileInfo{"path2", 10, newTs}, + }, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpWrite, OldPath: "path1", NewPath: "path1", Info: testFileInfo{"path1", 10, newTs}}, + loginp.FSEvent{Op: loginp.OpCreate, OldPath: "", NewPath: "path2", Info: testFileInfo{"path2", 10, newTs}}, + }, + }, + "one new file, one deleted file": { + prevFiles: map[string]os.FileInfo{ + "path_deleted": testFileInfo{"path_deleted", 5, oldTs}, + }, + nextFiles: map[string]os.FileInfo{ + "path_new": testFileInfo{"path_new", 10, newTs}, + }, + expectedEvents: []loginp.FSEvent{ + loginp.FSEvent{Op: loginp.OpDelete, OldPath: "path_deleted", NewPath: "", Info: testFileInfo{"path_deleted", 5, oldTs}}, + loginp.FSEvent{Op: loginp.OpCreate, OldPath: "", NewPath: "path_new", Info: testFileInfo{"path_new", 10, newTs}}, + }, + }, + } + + for name, test := range testCases { + test := test + + t.Run(name, func(t *testing.T) { + w := fileWatcher{ + log: logp.L(), + prev: test.prevFiles, + scanner: &mockScanner{test.nextFiles}, + events: make(chan loginp.FSEvent), + } + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + go w.watch(ctx) + + for _, expectedEvent := range test.expectedEvents { + evt := w.Event() + assert.Equal(t, expectedEvent, evt) + } + }) + } +} + +func TestFileWatcherRenamedFile(t *testing.T) { + testPath := mustAbsPath(filepath.Join("testdata", "first_name")) + renamedPath := mustAbsPath(filepath.Join("testdata", "renamed")) + + f, err := os.Create(testPath) + if err != nil { + t.Fatal(err) + } + f.Close() + fi, err := os.Stat(testPath) + if err != nil { + t.Fatal(err) + } + + cfg := fileScannerConfig{ + ExcludedFiles: nil, + Symlinks: false, + RecursiveGlob: false, + } + scanner, err := newFileScanner([]string{testPath, renamedPath}, cfg) + if err != nil { + t.Fatal(err) + } + w := fileWatcher{ + log: logp.L(), + scanner: scanner, + events: make(chan loginp.FSEvent), + } + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + go w.watch(ctx) + assert.Equal(t, loginp.FSEvent{Op: loginp.OpCreate, OldPath: "", NewPath: testPath, Info: fi}, w.Event()) + + err = os.Rename(testPath, renamedPath) + if err != nil { + t.Fatal(err) + } + defer os.Remove(renamedPath) + fi, err = os.Stat(renamedPath) + if err != nil { + t.Fatal(err) + } + + go w.watch(ctx) + assert.Equal(t, loginp.FSEvent{Op: loginp.OpRename, OldPath: testPath, NewPath: renamedPath, Info: fi}, w.Event()) +} + +type mockScanner struct { + files map[string]os.FileInfo +} + +func (m *mockScanner) GetFiles() map[string]os.FileInfo { + return m.files +} + +type testFileInfo struct { + path string + size int64 + time time.Time +} + +func (t testFileInfo) Name() string { return t.path } +func (t testFileInfo) Size() int64 { return t.size } +func (t testFileInfo) Mode() os.FileMode { return 0 } +func (t testFileInfo) ModTime() time.Time { return t.time } +func (t testFileInfo) IsDir() bool { return false } +func (t testFileInfo) Sys() interface{} { return nil } + +func mustAbsPath(path string) string { + p, err := filepath.Abs(path) + if err != nil { + panic(err) + } + return p +} + +func mustDuration(durStr string) time.Duration { + dur, err := time.ParseDuration(durStr) + if err != nil { + panic(err) + } + return dur +} diff --git a/filebeat/input/filestream/input.go b/filebeat/input/filestream/input.go new file mode 100644 index 00000000000..487a5f01c2a --- /dev/null +++ b/filebeat/input/filestream/input.go @@ -0,0 +1,68 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + loginp "github.com/elastic/beats/v7/filebeat/input/filestream/internal/input-logfile" + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/feature" + "github.com/elastic/beats/v7/libbeat/logp" +) + +// filestream is the input for reading from files which +// are actively written by other applications. +type filestream struct{} + +const pluginName = "filestream" + +// Plugin creates a new filestream input plugin for creating a stateful input. +func Plugin(log *logp.Logger, store loginp.StateStore) input.Plugin { + return input.Plugin{ + Name: pluginName, + Stability: feature.Experimental, + Deprecated: false, + Info: "filestream input", + Doc: "The filestream input collects logs from the local filestream service", + Manager: &loginp.InputManager{ + Logger: log, + StateStore: store, + Type: pluginName, + Configure: configure, + }, + } +} + +func configure(cfg *common.Config) (loginp.Prospector, loginp.Harvester, error) { + panic("TODO: implement me") +} + +func (inp *filestream) Name() string { return pluginName } + +func (inp *filestream) Test(src loginp.Source, ctx input.TestContext) error { + panic("TODO: implement me") +} + +func (inp *filestream) Run( + ctx input.Context, + src loginp.Source, + cursor loginp.Cursor, + publisher loginp.Publisher, +) error { + panic("TODO: implement me") +} diff --git a/filebeat/input/filestream/internal/input-logfile/clean.go b/filebeat/input/filestream/internal/input-logfile/clean.go new file mode 100644 index 00000000000..d738dabbc55 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/clean.go @@ -0,0 +1,124 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "time" + + "github.com/elastic/go-concert/timed" + "github.com/elastic/go-concert/unison" + + "github.com/elastic/beats/v7/libbeat/logp" +) + +// cleaner removes finished entries from the registry file. +type cleaner struct { + log *logp.Logger +} + +// run starts a loop that tries to clean entries from the registry. +// The cleaner locks the store, such that no new states can be created +// during the cleanup phase. Only resources that are finished and whos TTL +// (clean_timeout setting) has expired will be removed. +// +// Resources are considered "Finished" if they do not have a current owner (active input), and +// if they have no pending updates that still need to be written to the registry file after associated +// events have been ACKed by the outputs. +// The event acquisition timestamp is used as reference to clean resources. If a resources was blocked +// for a long time, and the life time has been exhausted, then the resource will be removed immediately +// once the last event has been ACKed. +func (c *cleaner) run(canceler unison.Canceler, store *store, interval time.Duration) { + started := time.Now() + timed.Periodic(canceler, interval, func() error { + gcStore(c.log, started, store) + return nil + }) +} + +// gcStore looks for resources to remove and deletes these. `gcStore` receives +// the start timestamp of the cleaner as reference. If we have entries without +// updates in the registry, that are older than `started`, we will use `started +// + ttl` to decide if an entry will be removed. This way old entries are not +// removed immediately on startup if the Beat is down for a longer period of +// time. +func gcStore(log *logp.Logger, started time.Time, store *store) { + log.Debugf("Start store cleanup") + defer log.Debugf("Done store cleanup") + + states := store.ephemeralStore + states.mu.Lock() + defer states.mu.Unlock() + + keys := gcFind(states.table, started, time.Now()) + if len(keys) == 0 { + log.Debug("No entries to remove were found") + return + } + + if err := gcClean(store, keys); err != nil { + log.Errorf("Failed to remove all entries from the registry: %+v", err) + } +} + +// gcFind searches the store of resources that can be removed. A set of keys to delete is returned. +func gcFind(table map[string]*resource, started, now time.Time) map[string]struct{} { + keys := map[string]struct{}{} + for key, resource := range table { + clean := checkCleanResource(started, now, resource) + if !clean { + // do not clean the resource if it is still live or not serialized to the persistent store yet. + continue + } + keys[key] = struct{}{} + } + + return keys +} + +// gcClean removes key value pairs in the removeSet from the store. +// If deletion in the persistent store fails the entry is kept in memory and +// eventually cleaned up later. +func gcClean(store *store, removeSet map[string]struct{}) error { + for key := range removeSet { + if err := store.persistentStore.Remove(key); err != nil { + return err + } + delete(store.ephemeralStore.table, key) + } + return nil +} + +// checkCleanResource returns true for a key-value pair is assumed to be old, +// if is not in use and there are no more pending updates that still need to be +// written to the persistent store anymore. +func checkCleanResource(started, now time.Time, resource *resource) bool { + if !resource.Finished() { + return false + } + + resource.stateMutex.Lock() + defer resource.stateMutex.Unlock() + + ttl := resource.internalState.TTL + reference := resource.internalState.Updated + if started.After(reference) { + reference = started + } + + return reference.Add(ttl).Before(now) && resource.stored +} diff --git a/filebeat/input/filestream/internal/input-logfile/clean_test.go b/filebeat/input/filestream/internal/input-logfile/clean_test.go new file mode 100644 index 00000000000..83e5bff412f --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/clean_test.go @@ -0,0 +1,162 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "testing" + "time" + + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/logp" +) + +func TestGCStore(t *testing.T) { + t.Run("empty store", func(t *testing.T) { + started := time.Now() + + backend := createSampleStore(t, nil) + store := testOpenStore(t, "test", backend) + defer store.Release() + + gcStore(logp.NewLogger("test"), started, store) + + want := map[string]state{} + checkEqualStoreState(t, want, backend.snapshot()) + }) + + t.Run("state is still alive", func(t *testing.T) { + started := time.Now() + const ttl = 60 * time.Second + + initState := map[string]state{ + "test::key": { + TTL: ttl, + Updated: started.Add(-ttl / 2), + }, + } + + backend := createSampleStore(t, initState) + store := testOpenStore(t, "test", backend) + defer store.Release() + + gcStore(logp.NewLogger("test"), started, store) + + checkEqualStoreState(t, initState, backend.snapshot()) + }) + + t.Run("old state can be removed", func(t *testing.T) { + const ttl = 60 * time.Second + started := time.Now().Add(-5 * ttl) // cleanup process is running for a while already + + initState := map[string]state{ + "test::key": { + TTL: ttl, + Updated: started.Add(-ttl), + }, + } + + backend := createSampleStore(t, initState) + store := testOpenStore(t, "test", backend) + defer store.Release() + + gcStore(logp.NewLogger("test"), started, store) + + want := map[string]state{} + checkEqualStoreState(t, want, backend.snapshot()) + }) + + t.Run("old state is not removed if cleanup is not active long enough", func(t *testing.T) { + const ttl = 60 * time.Minute + started := time.Now() + + initState := map[string]state{ + "test::key": { + TTL: ttl, + Updated: started.Add(-2 * ttl), + }, + } + + backend := createSampleStore(t, initState) + store := testOpenStore(t, "test", backend) + defer store.Release() + + gcStore(logp.NewLogger("test"), started, store) + + checkEqualStoreState(t, initState, backend.snapshot()) + }) + + t.Run("old state but resource is accessed", func(t *testing.T) { + const ttl = 60 * time.Second + started := time.Now().Add(-5 * ttl) // cleanup process is running for a while already + + initState := map[string]state{ + "test::key": { + TTL: ttl, + Updated: started.Add(-ttl), + }, + } + + backend := createSampleStore(t, initState) + store := testOpenStore(t, "test", backend) + defer store.Release() + + // access resource and check it is not gc'ed + res := store.Get("test::key") + gcStore(logp.NewLogger("test"), started, store) + checkEqualStoreState(t, initState, backend.snapshot()) + + // release resource and check it gets gc'ed + res.Release() + want := map[string]state{} + gcStore(logp.NewLogger("test"), started, store) + checkEqualStoreState(t, want, backend.snapshot()) + }) + + t.Run("old state but resource has pending updates", func(t *testing.T) { + const ttl = 60 * time.Second + started := time.Now().Add(-5 * ttl) // cleanup process is running for a while already + + initState := map[string]state{ + "test::key": { + TTL: ttl, + Updated: started.Add(-ttl), + }, + } + + backend := createSampleStore(t, initState) + store := testOpenStore(t, "test", backend) + defer store.Release() + + // create pending update operation + res := store.Get("test::key") + op, err := createUpdateOp(store, res, "test-state-update") + require.NoError(t, err) + res.Release() + + // cleanup fails + gcStore(logp.NewLogger("test"), started, store) + checkEqualStoreState(t, initState, backend.snapshot()) + + // cancel operation (no more pending operations) and try to gc again + op.done(1) + gcStore(logp.NewLogger("test"), started, store) + want := map[string]state{} + checkEqualStoreState(t, want, backend.snapshot()) + }) +} diff --git a/filebeat/input/filestream/internal/input-logfile/cursor.go b/filebeat/input/filestream/internal/input-logfile/cursor.go new file mode 100644 index 00000000000..37de24fe56c --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/cursor.go @@ -0,0 +1,43 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +// Cursor allows the input to check if cursor status has been stored +// in the past and unpack the status into a custom structure. +type Cursor struct { + store *store + resource *resource +} + +func makeCursor(store *store, res *resource) Cursor { + return Cursor{store: store, resource: res} +} + +// IsNew returns true if no cursor information has been stored +// for the current Source. +func (c Cursor) IsNew() bool { return c.resource.IsNew() } + +// Unpack deserialized the cursor state into to. Unpack fails if no pointer is +// given, or if the structure to points to is not compatible with the document +// stored. +func (c Cursor) Unpack(to interface{}) error { + if c.IsNew() { + return nil + } + return c.resource.UnpackCursor(to) +} diff --git a/filebeat/input/filestream/internal/input-logfile/cursor_test.go b/filebeat/input/filestream/internal/input-logfile/cursor_test.go new file mode 100644 index 00000000000..db2ff0c3a30 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/cursor_test.go @@ -0,0 +1,124 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestCursor_IsNew(t *testing.T) { + t.Run("true if key is not in store", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + + cursor := makeCursor(store, store.Get("test::key")) + require.True(t, cursor.IsNew()) + }) + + t.Run("true if key is in store but without cursor value", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: nil}, + })) + defer store.Release() + + cursor := makeCursor(store, store.Get("test::key")) + require.True(t, cursor.IsNew()) + }) + + t.Run("false if key with cursor value is in persistent store", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: "test"}, + })) + defer store.Release() + + cursor := makeCursor(store, store.Get("test::key")) + require.False(t, cursor.IsNew()) + }) + + t.Run("false if key with cursor value is in memory store only", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: nil}, + })) + defer store.Release() + + res := store.Get("test::key") + op, err := createUpdateOp(store, res, "test-state-update") + require.NoError(t, err) + defer op.done(1) + + cursor := makeCursor(store, res) + require.False(t, cursor.IsNew()) + }) +} + +func TestCursor_Unpack(t *testing.T) { + t.Run("nothing to unpack if key is new", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + + var st string + cursor := makeCursor(store, store.Get("test::key")) + + require.NoError(t, cursor.Unpack(&st)) + require.Equal(t, "", st) + }) + + t.Run("unpack fails if types are not compatible", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: "test"}, + })) + defer store.Release() + + var st struct{ A uint } + cursor := makeCursor(store, store.Get("test::key")) + require.Error(t, cursor.Unpack(&st)) + }) + + t.Run("unpack from state in persistent store", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: "test"}, + })) + defer store.Release() + + var st string + cursor := makeCursor(store, store.Get("test::key")) + + require.NoError(t, cursor.Unpack(&st)) + require.Equal(t, "test", st) + }) + + t.Run("unpack from in memory state if updates are pending", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": {Cursor: "test"}, + })) + defer store.Release() + + res := store.Get("test::key") + op, err := createUpdateOp(store, res, "test-state-update") + require.NoError(t, err) + defer op.done(1) + + var st string + cursor := makeCursor(store, store.Get("test::key")) + + require.NoError(t, cursor.Unpack(&st)) + require.Equal(t, "test-state-update", st) + }) +} diff --git a/filebeat/input/filestream/internal/input-logfile/doc.go b/filebeat/input/filestream/internal/input-logfile/doc.go new file mode 100644 index 00000000000..cf318d4bfed --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/doc.go @@ -0,0 +1,58 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// Package cursor provides an InputManager for use with the v2 API, that is +// capable of storing an internal cursor state between restarts. +// +// The InputManager requires authors to Implement a configuration function and +// the cursor.Input interface. The configuration function returns a slice of +// sources ([]Source) that it has read from the configuration object, and the +// actual Input that will be used to collect events from each configured +// source. +// When Run a go-routine will be started per configured source. If two inputs have +// configured the same source, only one will be active, while the other waits +// for the resource to become free. +// The manager keeps track of the state per source. When publishing an event a +// new cursor value can be passed as well. Future instance of the input can +// read the last published cursor state. +// +// For each source an in-memory and a persitent state are tracked. Internal +// meta updates by the input manager can not be read by Inputs, and will be +// written to the persistent store immediately. Cursor state updates are read +// and update by the input. Cursor updates are written to the persistent store +// only after the events have been ACKed by the output. Internally the input +// manager keeps track of already ACKed updates and pending ACKs. +// In order to guarantee progress even if the pbulishing is slow or blocked, all cursor +// updates are written to the in-memory state immediately. Source without any +// pending updates are in-sync (in-memory state == persistet state). All +// updates are ordered, but we allow the in-memory state to be ahead of the +// persistent state. +// When an input is started, the cursor state is read from the in-memory state. +// This way a new input instance can continue where other inputs have been +// stopped, even if we still have in-flight events from older input instances. +// The coordination between inputs guarantees that all updates are always in +// order. +// +// When a shutdown signal is received, the publisher is directly disconnected +// from the outputs. As all coordination is directly handled by the +// InputManager, shutdown will be immediate (once the input itself has +// returned), and can not be blocked by the outputs. +// +// An input that is about to collect a source that is already collected by +// another input will wait until the other input has returned or the current +// input did receive a shutdown signal. +package input_logfile diff --git a/filebeat/input/filestream/internal/input-logfile/fswatch.go b/filebeat/input/filestream/internal/input-logfile/fswatch.go new file mode 100644 index 00000000000..685b54253a4 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/fswatch.go @@ -0,0 +1,65 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "os" + + "github.com/elastic/go-concert/unison" +) + +const ( + OpDone Operation = iota + OpCreate + OpWrite + OpDelete + OpRename +) + +// Operation describes what happened to a file. +type Operation uint8 + +// FSEvent returns inforamation about file system changes. +type FSEvent struct { + // NewPath is the new path of the file. + NewPath string + // OldPath is the previous path to the file, is it was + // deleted or renamed. + OldPath string + // Op is the file system event: create, write, rename, remove + Op Operation + // Info describes the file in the event. + Info os.FileInfo +} + +// FSScanner retrieves a list of files from the file system. +type FSScanner interface { + // GetFiles returns the list of monitored files. + // The keys of the map are the paths to the files and + // the values are the FileInfos describing the file. + GetFiles() map[string]os.FileInfo +} + +// FSWatcher returns file events of the monitored files. +type FSWatcher interface { + // Run is the event loop which watchers for changes + // in the file system and returns events based on the data. + Run(unison.Canceler) + // Event returns the next event captured by FSWatcher. + Event() FSEvent +} diff --git a/filebeat/input/filestream/internal/input-logfile/harvester.go b/filebeat/input/filestream/internal/input-logfile/harvester.go new file mode 100644 index 00000000000..d2f184cac7b --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/harvester.go @@ -0,0 +1,125 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "context" + "fmt" + "runtime/debug" + "time" + + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/go-concert/ctxtool" + "github.com/elastic/go-concert/unison" +) + +// Harvester is the reader which collects the lines from +// the configured source. +type Harvester interface { + // Name returns the type of the Harvester + Name() string + // Test checks if the Harvester can be started with the given configuration. + Test(Source, input.TestContext) error + // Run is the event loop which reads from the source + // and forwards it to the publisher. + Run(input.Context, Source, Cursor, Publisher) error +} + +// HarvesterGroup is responsible for running the +// Harvesters started by the Prospector. +type HarvesterGroup struct { + manager *InputManager + readers map[string]context.CancelFunc + pipeline beat.PipelineConnector + harvester Harvester + cleanTimeout time.Duration + store *store + tg unison.TaskGroup +} + +// Run starts the Harvester for a Source. +func (hg *HarvesterGroup) Run(ctx input.Context, s Source) error { + log := ctx.Logger.With("source", s.Name()) + log.Debug("Starting harvester for file") + + harvesterCtx, cancelHarvester := context.WithCancel(ctxtool.FromCanceller(ctx.Cancelation)) + ctx.Cancelation = harvesterCtx + + resource, err := hg.manager.lock(ctx, s.Name()) + if err != nil { + cancelHarvester() + return err + } + + if _, ok := hg.readers[s.Name()]; ok { + cancelHarvester() + log.Debug("A harvester is already running for file") + return nil + } + hg.readers[s.Name()] = cancelHarvester + + hg.store.UpdateTTL(resource, hg.cleanTimeout) + + client, err := hg.pipeline.ConnectWith(beat.ClientConfig{ + CloseRef: ctx.Cancelation, + ACKHandler: newInputACKHandler(ctx.Logger), + }) + if err != nil { + cancelHarvester() + return err + } + + cursor := makeCursor(hg.store, resource) + publisher := &cursorPublisher{canceler: ctx.Cancelation, client: client, cursor: &cursor} + + go func(cancel context.CancelFunc) { + defer client.Close() + defer log.Debug("Stopped harvester for file") + defer cancel() + defer releaseResource(resource) + defer delete(hg.readers, s.Name()) + + defer func() { + if v := recover(); v != nil { + err := fmt.Errorf("harvester panic with: %+v\n%s", v, debug.Stack()) + ctx.Logger.Errorf("Harvester crashed with: %+v", err) + } + }() + + err := hg.harvester.Run(ctx, s, cursor, publisher) + if err != nil { + log.Errorf("Harvester stopped: %v", err) + } + }(cancelHarvester) + return nil +} + +// Cancel stops the running Harvester for a given Source. +func (hg *HarvesterGroup) Cancel(s Source) error { + if cancel, ok := hg.readers[s.Name()]; ok { + cancel() + return nil + } + return fmt.Errorf("no such harvester %s", s.Name()) +} + +func releaseResource(resource *resource) { + resource.lock.Unlock() + resource.Release() +} diff --git a/filebeat/input/filestream/internal/input-logfile/input.go b/filebeat/input/filestream/internal/input-logfile/input.go new file mode 100644 index 00000000000..7084315b0c1 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/input.go @@ -0,0 +1,106 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "context" + "time" + + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common/acker" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/go-concert/ctxtool" + "github.com/elastic/go-concert/unison" +) + +type managedInput struct { + manager *InputManager + prospector Prospector + harvester Harvester + cleanTimeout time.Duration +} + +// Name is required to implement the v2.Input interface +func (inp *managedInput) Name() string { return inp.harvester.Name() } + +// Test runs the Test method for each configured source. +func (inp *managedInput) Test(ctx input.TestContext) error { + return inp.prospector.Test() +} + +// Run +func (inp *managedInput) Run( + ctx input.Context, + pipeline beat.PipelineConnector, +) (err error) { + // Setup cancellation using a custom cancel context. All workers will be + // stopped if one failed badly by returning an error. + cancelCtx, cancel := context.WithCancel(ctxtool.FromCanceller(ctx.Cancelation)) + defer cancel() + ctx.Cancelation = cancelCtx + + store := inp.manager.store + store.Retain() + defer store.Release() + + hg := &HarvesterGroup{ + pipeline: pipeline, + readers: make(map[string]context.CancelFunc), + manager: inp.manager, + cleanTimeout: inp.cleanTimeout, + harvester: inp.harvester, + store: store, + tg: unison.TaskGroup{}, + } + + stateStore, err := inp.manager.StateStore.Access() + if err != nil { + return err + } + defer stateStore.Close() + + inp.prospector.Run(ctx, stateStore, hg) + + return nil +} + +func newInputACKHandler(log *logp.Logger) beat.ACKer { + return acker.EventPrivateReporter(func(acked int, private []interface{}) { + var n uint + var last int + for i := 0; i < len(private); i++ { + current := private[i] + if current == nil { + continue + } + + if _, ok := current.(*updateOp); !ok { + continue + } + + n++ + last = i + } + + if n == 0 { + return + } + private[last].(*updateOp).Execute(n) + }) +} diff --git a/filebeat/input/filestream/internal/input-logfile/manager.go b/filebeat/input/filestream/internal/input-logfile/manager.go new file mode 100644 index 00000000000..db3c600d2bc --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/manager.go @@ -0,0 +1,199 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "errors" + "sync" + "time" + + "github.com/urso/sderr" + + "github.com/elastic/go-concert/unison" + + input "github.com/elastic/beats/v7/filebeat/input/v2" + v2 "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/statestore" +) + +// InputManager is used to create, manage, and coordinate stateful inputs and +// their persistent state. +// The InputManager ensures that only one input can be active for a unique source. +// If two inputs have overlapping sources, both can still collect data, but +// only one input will collect from the common source. +// +// The InputManager automatically cleans up old entries without an active +// input, and without any pending update operations for the persistent store. +// +// The Type field is used to create the key name in the persistent store. Users +// are allowed to add a custome per input configuration ID using the `id` +// setting, to collect the same source multiple times, but with different +// state. The key name in the persistent store becomes -[]- +type InputManager struct { + Logger *logp.Logger + + // StateStore gives the InputManager access to the persitent key value store. + StateStore StateStore + + // Type must contain the name of the input type. It is used to create the key name + // for all sources the inputs collect from. + Type string + + // DefaultCleanTimeout configures the key/value garbage collection interval. + // The InputManager will only collect keys for the configured 'Type' + DefaultCleanTimeout time.Duration + + // Configure returns an array of Sources, and a configured Input instances + // that will be used to collect events from each source. + Configure func(cfg *common.Config) (Prospector, Harvester, error) + + initOnce sync.Once + initErr error + store *store +} + +// Source describe a source the input can collect data from. +// The `Name` method must return an unique name, that will be used to identify +// the source in the persistent state store. +type Source interface { + Name() string +} + +var errNoSourceConfigured = errors.New("no source has been configured") +var errNoInputRunner = errors.New("no input runner available") + +// StateStore interface and configurations used to give the Manager access to the persistent store. +type StateStore interface { + Access() (*statestore.Store, error) + CleanupInterval() time.Duration +} + +func (cim *InputManager) init() error { + cim.initOnce.Do(func() { + if cim.DefaultCleanTimeout <= 0 { + cim.DefaultCleanTimeout = 30 * time.Minute + } + + log := cim.Logger.With("input_type", cim.Type) + var store *store + store, cim.initErr = openStore(log, cim.StateStore, cim.Type) + if cim.initErr != nil { + return + } + + cim.store = store + }) + + return cim.initErr +} + +// Init starts background processes for deleting old entries from the +// persistent store if mode is ModeRun. +func (cim *InputManager) Init(group unison.Group, mode v2.Mode) error { + if mode != v2.ModeRun { + return nil + } + + if err := cim.init(); err != nil { + return err + } + + log := cim.Logger.With("input_type", cim.Type) + + store := cim.store + cleaner := &cleaner{log: log} + store.Retain() + err := group.Go(func(canceler unison.Canceler) error { + defer cim.shutdown() + defer store.Release() + interval := cim.StateStore.CleanupInterval() + if interval <= 0 { + interval = 5 * time.Minute + } + cleaner.run(canceler, store, interval) + return nil + }) + if err != nil { + store.Release() + cim.shutdown() + return sderr.Wrap(err, "Can not start registry cleanup process") + } + + return nil +} + +func (cim *InputManager) shutdown() { + cim.store.Release() +} + +// Create builds a new v2.Input using the provided Configure function. +// The Input will run a go-routine per source that has been configured. +func (cim *InputManager) Create(config *common.Config) (input.Input, error) { + if err := cim.init(); err != nil { + return nil, err + } + + settings := struct { + ID string `config:"id"` + CleanTimeout time.Duration `config:"clean_timeout"` + }{ID: "", CleanTimeout: cim.DefaultCleanTimeout} + if err := config.Unpack(&settings); err != nil { + return nil, err + } + + prospector, harvester, err := cim.Configure(config) + if err != nil { + return nil, err + } + if harvester == nil { + return nil, errNoInputRunner + } + + return &managedInput{ + manager: cim, + prospector: prospector, + harvester: harvester, + cleanTimeout: settings.CleanTimeout, + }, nil +} + +// Lock locks a key for exclusive access and returns an resource that can be used to modify +// the cursor state and unlock the key. +func (cim *InputManager) lock(ctx input.Context, key string) (*resource, error) { + resource := cim.store.Get(key) + err := lockResource(ctx.Logger, resource, ctx.Cancelation) + if err != nil { + resource.Release() + return nil, err + } + return resource, nil +} + +func lockResource(log *logp.Logger, resource *resource, canceler input.Canceler) error { + if !resource.lock.TryLock() { + log.Infof("Resource '%v' currently in use, waiting...", resource.key) + err := resource.lock.LockContext(canceler) + if err != nil { + log.Infof("Input for resource '%v' has been stopped while waiting", resource.key) + return err + } + } + return nil +} diff --git a/filebeat/input/filestream/internal/input-logfile/prospector.go b/filebeat/input/filestream/internal/input-logfile/prospector.go new file mode 100644 index 00000000000..9488596eb2c --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/prospector.go @@ -0,0 +1,35 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/statestore" +) + +// Prospector is responsible for starting, stopping harvesters +// based on the retrieved information about the configured paths. +// It also updates the statestore with the meta data of the running harvesters. +type Prospector interface { + // Run starts the event loop and handles the incoming events + // either by starting/stopping a harvester, or updating the statestore. + Run(input.Context, *statestore.Store, *HarvesterGroup) + // Test checks if the Prospector is able to run the configuration + // specified by the user. + Test() error +} diff --git a/filebeat/input/filestream/internal/input-logfile/publish.go b/filebeat/input/filestream/internal/input-logfile/publish.go new file mode 100644 index 00000000000..547a82c479f --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/publish.go @@ -0,0 +1,153 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "time" + + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common/transform/typeconv" + "github.com/elastic/beats/v7/libbeat/statestore" +) + +// Publisher is used to publish an event and update the cursor in a single call to Publish. +// Inputs are allowed to pass `nil` as cursor state. In this case the state is not updated, but the +// event will still be published as is. +type Publisher interface { + Publish(event beat.Event, cursor interface{}) error +} + +// cursorPublisher implements the Publisher interface and used internally by the managedInput. +// When publishing an event with cursor state updates, the cursorPublisher +// updates the in memory state and create an updateOp that is used to schedule +// an update for the persistent store. The updateOp is run by the inputs ACK +// handler, persisting the pending update. +type cursorPublisher struct { + canceler input.Canceler + client beat.Client + cursor *Cursor +} + +// updateOp keeps track of pending updates that are not written to the persistent store yet. +// Update operations are ordered. The input manager guarantees that only one +// input can create update operation for a source, such that new input +// instances can add update operations to be executed after already pending +// update operations from older inputs instances that have been shutdown. +type updateOp struct { + store *store + resource *resource + + // state updates to persist + timestamp time.Time + ttl time.Duration + delta interface{} +} + +// Publish publishes an event. Publish returns false if the inputs cancellation context has been marked as done. +// If cursorUpdate is not nil, Publish updates the in memory state and create and updateOp for the pending update. +// It overwrite event.Private with the update operation, before finally sending the event. +// The ACK ordering in the publisher pipeline guarantees that update operations +// will be ACKed and executed in the correct order. +func (c *cursorPublisher) Publish(event beat.Event, cursorUpdate interface{}) error { + if cursorUpdate == nil { + return c.forward(event) + } + + op, err := createUpdateOp(c.cursor.store, c.cursor.resource, cursorUpdate) + if err != nil { + return err + } + + event.Private = op + return c.forward(event) +} + +func (c *cursorPublisher) forward(event beat.Event) error { + c.client.Publish(event) + if c.canceler == nil { + return nil + } + return c.canceler.Err() +} + +func createUpdateOp(store *store, resource *resource, updates interface{}) (*updateOp, error) { + ts := time.Now() + + resource.stateMutex.Lock() + defer resource.stateMutex.Unlock() + + cursor := resource.pendingCursor + if resource.activeCursorOperations == 0 { + var tmp interface{} + typeconv.Convert(&tmp, cursor) + resource.pendingCursor = tmp + cursor = tmp + } + if err := typeconv.Convert(&cursor, updates); err != nil { + return nil, err + } + resource.pendingCursor = cursor + + resource.Retain() + resource.activeCursorOperations++ + return &updateOp{ + resource: resource, + store: store, + timestamp: ts, + delta: updates, + }, nil +} + +// done releases resources held by the last N updateOps. +func (op *updateOp) done(n uint) { + op.resource.UpdatesReleaseN(n) + op.resource = nil + *op = updateOp{} +} + +// Execute updates the persistent store with the scheduled changes and releases the resource. +func (op *updateOp) Execute(n uint) { + resource := op.resource + defer op.done(n) + + resource.stateMutex.Lock() + defer resource.stateMutex.Unlock() + + resource.activeCursorOperations -= n + if resource.activeCursorOperations == 0 { + resource.cursor = resource.pendingCursor + resource.pendingCursor = nil + } else { + typeconv.Convert(&resource.cursor, op.delta) + } + + if resource.internalState.Updated.Before(op.timestamp) { + resource.internalState.Updated = op.timestamp + } + + err := op.store.persistentStore.Set(resource.key, resource.inSyncStateSnapshot()) + if err != nil { + if !statestore.IsClosed(err) { + op.store.log.Errorf("Failed to update state in the registry for '%v'", resource.key) + } + } else { + resource.internalInSync = true + resource.stored = true + } +} diff --git a/filebeat/input/filestream/internal/input-logfile/publish_test.go b/filebeat/input/filestream/internal/input-logfile/publish_test.go new file mode 100644 index 00000000000..ede25670a95 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/publish_test.go @@ -0,0 +1,158 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/beat" + pubtest "github.com/elastic/beats/v7/libbeat/publisher/testing" +) + +func TestPublish(t *testing.T) { + t.Run("event with cursor state creates update operation", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + cursor := makeCursor(store, store.Get("test::key")) + + var actual beat.Event + client := &pubtest.FakeClient{ + PublishFunc: func(event beat.Event) { actual = event }, + } + publisher := cursorPublisher{nil, client, &cursor} + publisher.Publish(beat.Event{}, "test") + + require.NotNil(t, actual.Private) + }) + + t.Run("event without cursor creates no update operation", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + cursor := makeCursor(store, store.Get("test::key")) + + var actual beat.Event + client := &pubtest.FakeClient{ + PublishFunc: func(event beat.Event) { actual = event }, + } + publisher := cursorPublisher{nil, client, &cursor} + publisher.Publish(beat.Event{}, nil) + require.Nil(t, actual.Private) + }) + + t.Run("publish returns error if context has been cancelled", func(t *testing.T) { + ctx, cancel := context.WithCancel(context.TODO()) + cancel() + + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + cursor := makeCursor(store, store.Get("test::key")) + + publisher := cursorPublisher{ctx, &pubtest.FakeClient{}, &cursor} + err := publisher.Publish(beat.Event{}, nil) + require.Equal(t, context.Canceled, err) + }) +} + +func TestOp_Execute(t *testing.T) { + t.Run("applying final op marks the key as finished", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + res := store.Get("test::key") + + // create op and release resource. The 'resource' must still be active + op := mustCreateUpdateOp(t, store, res, "test-updated-cursor-state") + res.Release() + require.False(t, res.Finished()) + + // this was the last op, the resource should become inactive + op.Execute(1) + require.True(t, res.Finished()) + + // validate state: + inSyncCursor := storeInSyncSnapshot(store)["test::key"].Cursor + inMemCursor := storeMemorySnapshot(store)["test::key"].Cursor + want := "test-updated-cursor-state" + assert.Equal(t, want, inSyncCursor) + assert.Equal(t, want, inMemCursor) + }) + + t.Run("acking multiple ops applies the latest update and marks key as finished", func(t *testing.T) { + // when acking N events, intermediate updates are dropped in favor of the latest update operation. + // This test checks that the resource is correctly marked as finished. + + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + res := store.Get("test::key") + + // create update operations and release resource. The 'resource' must still be active + mustCreateUpdateOp(t, store, res, "test-updated-cursor-state-dropped") + op := mustCreateUpdateOp(t, store, res, "test-updated-cursor-state-final") + res.Release() + require.False(t, res.Finished()) + + // this was the last op, the resource should become inactive + op.Execute(2) + require.True(t, res.Finished()) + + // validate state: + inSyncCursor := storeInSyncSnapshot(store)["test::key"].Cursor + inMemCursor := storeMemorySnapshot(store)["test::key"].Cursor + want := "test-updated-cursor-state-final" + assert.Equal(t, want, inSyncCursor) + assert.Equal(t, want, inMemCursor) + }) + + t.Run("ACK only subset of pending ops will only update up to ACKed state", func(t *testing.T) { + // when acking N events, intermediate updates are dropped in favor of the latest update operation. + // This test checks that the resource is correctly marked as finished. + + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + res := store.Get("test::key") + + // create update operations and release resource. The 'resource' must still be active + op1 := mustCreateUpdateOp(t, store, res, "test-updated-cursor-state-intermediate") + op2 := mustCreateUpdateOp(t, store, res, "test-updated-cursor-state-final") + res.Release() + require.False(t, res.Finished()) + + defer op2.done(1) // cleanup after test + + // this was the intermediate op, the resource should still be active + op1.Execute(1) + require.False(t, res.Finished()) + + // validate state (in memory state is always up to data to most recent update): + inSyncCursor := storeInSyncSnapshot(store)["test::key"].Cursor + inMemCursor := storeMemorySnapshot(store)["test::key"].Cursor + assert.Equal(t, "test-updated-cursor-state-intermediate", inSyncCursor) + assert.Equal(t, "test-updated-cursor-state-final", inMemCursor) + }) +} + +func mustCreateUpdateOp(t *testing.T, store *store, resource *resource, updates interface{}) *updateOp { + op, err := createUpdateOp(store, resource, updates) + if err != nil { + t.Fatalf("Failed to create update op: %v", err) + } + return op +} diff --git a/filebeat/input/filestream/internal/input-logfile/store.go b/filebeat/input/filestream/internal/input-logfile/store.go new file mode 100644 index 00000000000..8267565f551 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/store.go @@ -0,0 +1,324 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "strings" + "sync" + "time" + + "github.com/elastic/beats/v7/libbeat/common/atomic" + "github.com/elastic/beats/v7/libbeat/common/cleanup" + "github.com/elastic/beats/v7/libbeat/common/transform/typeconv" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/statestore" + "github.com/elastic/go-concert" + "github.com/elastic/go-concert/unison" +) + +// store encapsulates the persistent store and the in memory state store, that +// can be ahead of the the persistent store. +// The store lifetime is managed by a reference counter. Once all owners (the +// session, and the resource cleaner) have dropped ownership, backing resources +// will be released and closed. +type store struct { + log *logp.Logger + refCount concert.RefCount + persistentStore *statestore.Store + ephemeralStore *states +} + +// states stores resource states in memory. When a cursor for an input is updated, +// it's state is updated first. The entry in the persistent store 'follows' the internal state. +// As long as a resources stored in states is not 'Finished', the in memory +// store is assumed to be ahead (in memory and persistent state are out of +// sync). +type states struct { + mu sync.Mutex + table map[string]*resource +} + +// resource holds the in memory state and keeps track of pending updates and inputs collecting +// event for the resource its key. +// A resource is assumed active for as long as at least one input has (or tries +// to) acuired the lock, and as long as there are pending updateOp instances in +// the pipeline not ACKed yet. The key can not gc'ed by the cleaner, as long as the resource is active. +// +// State chagnes and writes to the persistent store are protected using the +// stateMutex, to ensure full consistency between direct writes and updates +// after ACK. +type resource struct { + // pending counts the number of Inputs and outstanding registry updates. + // as long as pending is > 0 the resource is in used and must not be garbage collected. + pending atomic.Uint64 + + // lock guarantees only one input create updates for this entry + lock unison.Mutex + + // key of the resource as used for the registry. + key string + + // stateMutex is used to lock the resource when it is update/read from + // multiple go-routines like the ACK handler or the input publishing an + // event. + // stateMutex is used to access the fields 'stored', 'state' and 'internalInSync' + stateMutex sync.Mutex + + // stored indicates that the state is available in the registry file. It is false for new entries. + stored bool + + // internalInSync is true if all 'Internal' metadata like TTL or update timestamp are in sync. + // Normally resources are added when being created. But if operations failed we will retry inserting + // them on each update operation until we eventually succeeded + internalInSync bool + + activeCursorOperations uint + internalState stateInternal + + // cursor states. The cursor holds the state as it is currently known to the + // persistent store, while pendingCursor contains the most recent update + // (in-memory state), that still needs to be synced to the persistent store. + // The pendingCursor is nil if there are no pending updates. + // When processing update operations on ACKs, the state is applied to cursor + // first, which is finally written to the persistent store. This ensures that + // we always write the complete state of the key/value pair. + cursor interface{} + pendingCursor interface{} +} + +type ( + // state represents the full document as it is stored in the registry. + // + // The TTL and Update fields are for internal use only. + // + // The `Cursor` namespace is used to store the cursor information that are + // required to continue processing from the last known position. Cursor + // updates in the registry file are only executed after events have been + // ACKed by the outputs. Therefore the cursor MUST NOT include any + // information that are require to identify/track the source we are + // collecting from. + state struct { + TTL time.Duration + Updated time.Time + Cursor interface{} + } + + stateInternal struct { + TTL time.Duration + Updated time.Time + } +) + +// hook into store close for testing purposes +var closeStore = (*store).close + +func openStore(log *logp.Logger, statestore StateStore, prefix string) (*store, error) { + ok := false + + persistentStore, err := statestore.Access() + if err != nil { + return nil, err + } + defer cleanup.IfNot(&ok, func() { persistentStore.Close() }) + + states, err := readStates(log, persistentStore, prefix) + if err != nil { + return nil, err + } + + ok = true + return &store{ + log: log, + persistentStore: persistentStore, + ephemeralStore: states, + }, nil +} + +func (s *store) Retain() { s.refCount.Retain() } +func (s *store) Release() { + if s.refCount.Release() { + closeStore(s) + } +} + +func (s *store) close() { + if err := s.persistentStore.Close(); err != nil { + s.log.Errorf("Closing registry store did report an error: %+v", err) + } +} + +// Get returns the resource for the key. +// A new shared resource is generated if the key is not known. The generated +// resource is not synced to disk yet. +func (s *store) Get(key string) *resource { + return s.ephemeralStore.Find(key, true) +} + +// UpdateTTL updates the time-to-live of a resource. Inactive resources with expired TTL are subject to removal. +// The TTL value is part of the internal state, and will be written immediately to the persistent store. +// On update the resource its `cursor` state is used, to keep the cursor state in sync with the current known +// on disk store state. +func (s *store) UpdateTTL(resource *resource, ttl time.Duration) { + resource.stateMutex.Lock() + defer resource.stateMutex.Unlock() + if resource.stored && resource.internalState.TTL == ttl { + return + } + + resource.internalState.TTL = ttl + if resource.internalState.Updated.IsZero() { + resource.internalState.Updated = time.Now() + } + + err := s.persistentStore.Set(resource.key, state{ + TTL: resource.internalState.TTL, + Updated: resource.internalState.Updated, + Cursor: resource.cursor, + }) + if err != nil { + s.log.Errorf("Failed to update resource management fields for '%v'", resource.key) + resource.internalInSync = false + } else { + resource.stored = true + resource.internalInSync = true + } +} + +// Find returns the resource for a given key. If the key is unknown and create is set to false nil will be returned. +// The resource returned by Find is marked as active. (*resource).Release must be called to mark the resource as inactive again. +func (s *states) Find(key string, create bool) *resource { + s.mu.Lock() + defer s.mu.Unlock() + + if resource := s.table[key]; resource != nil { + resource.Retain() + return resource + } + + if !create { + return nil + } + + // resource is owned by table(session) and input that uses the resource. + resource := &resource{ + stored: false, + key: key, + lock: unison.MakeMutex(), + } + s.table[key] = resource + resource.Retain() + return resource +} + +// IsNew returns true if we have no state recorded for the current resource. +func (r *resource) IsNew() bool { + r.stateMutex.Lock() + defer r.stateMutex.Unlock() + return r.pendingCursor == nil && r.cursor == nil +} + +// Retain is used to indicate that 'resource' gets an additional 'owner'. +// Owners of an resource can be active inputs or pending update operations +// not yet written to disk. +func (r *resource) Retain() { r.pending.Inc() } + +// Release reduced the owner ship counter of the resource. +func (r *resource) Release() { r.pending.Dec() } + +// UpdatesReleaseN is used to release ownership of N pending update operations. +func (r *resource) UpdatesReleaseN(n uint) { + r.pending.Sub(uint64(n)) +} + +// Finished returns true if the resource is not in use and if there are no pending updates +// that still need to be written to the registry. +func (r *resource) Finished() bool { return r.pending.Load() == 0 } + +// UnpackCursor deserializes the in memory state. +func (r *resource) UnpackCursor(to interface{}) error { + r.stateMutex.Lock() + defer r.stateMutex.Unlock() + if r.activeCursorOperations == 0 { + return typeconv.Convert(to, r.cursor) + } + return typeconv.Convert(to, r.pendingCursor) +} + +// syncStateSnapshot returns the current insync state based on already ACKed update operations. +func (r *resource) inSyncStateSnapshot() state { + return state{ + TTL: r.internalState.TTL, + Updated: r.internalState.Updated, + Cursor: r.cursor, + } +} + +// stateSnapshot returns the current in memory state, that already contains state updates +// not yet ACKed. +func (r *resource) stateSnapshot() state { + cursor := r.pendingCursor + if r.activeCursorOperations == 0 { + cursor = r.cursor + } + + return state{ + TTL: r.internalState.TTL, + Updated: r.internalState.Updated, + Cursor: cursor, + } +} + +func readStates(log *logp.Logger, store *statestore.Store, prefix string) (*states, error) { + keyPrefix := prefix + "::" + states := &states{ + table: map[string]*resource{}, + } + + err := store.Each(func(key string, dec statestore.ValueDecoder) (bool, error) { + if !strings.HasPrefix(string(key), keyPrefix) { + return true, nil + } + + var st state + if err := dec.Decode(&st); err != nil { + log.Errorf("Failed to read regisry state for '%v', cursor state will be ignored. Error was: %+v", + key, err) + return true, nil + } + + resource := &resource{ + key: key, + stored: true, + lock: unison.MakeMutex(), + internalInSync: true, + internalState: stateInternal{ + TTL: st.TTL, + Updated: st.Updated, + }, + cursor: st.Cursor, + } + states.table[resource.key] = resource + + return true, nil + }) + + if err != nil { + return nil, err + } + return states, nil +} diff --git a/filebeat/input/filestream/internal/input-logfile/store_test.go b/filebeat/input/filestream/internal/input-logfile/store_test.go new file mode 100644 index 00000000000..71ea41298b2 --- /dev/null +++ b/filebeat/input/filestream/internal/input-logfile/store_test.go @@ -0,0 +1,351 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package input_logfile + +import ( + "errors" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/libbeat/statestore" + "github.com/elastic/beats/v7/libbeat/statestore/storetest" +) + +type testStateStore struct { + Store *statestore.Store + GCPeriod time.Duration +} + +func TestStore_OpenClose(t *testing.T) { + t.Run("releasing store closes", func(t *testing.T) { + var closed bool + cleanup := closeStoreWith(func(s *store) { + closed = true + s.close() + }) + defer cleanup() + + store := testOpenStore(t, "test", nil) + store.Release() + + require.True(t, closed) + }) + + t.Run("fail if persistent store can not be accessed", func(t *testing.T) { + _, err := openStore(logp.NewLogger("test"), testStateStore{}, "test") + require.Error(t, err) + }) + + t.Run("load from empty", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + require.Equal(t, 0, len(storeMemorySnapshot(store))) + require.Equal(t, 0, len(storeInSyncSnapshot(store))) + }) + + t.Run("already available state is loaded", func(t *testing.T) { + states := map[string]state{ + "test::key0": {Cursor: "1"}, + "test::key1": {Cursor: "2"}, + } + + store := testOpenStore(t, "test", createSampleStore(t, states)) + defer store.Release() + + checkEqualStoreState(t, states, storeMemorySnapshot(store)) + checkEqualStoreState(t, states, storeInSyncSnapshot(store)) + }) + + t.Run("ignore entries with wrong index on open", func(t *testing.T) { + states := map[string]state{ + "test::key0": {Cursor: "1"}, + "other::key": {Cursor: "2"}, + } + + store := testOpenStore(t, "test", createSampleStore(t, states)) + defer store.Release() + + want := map[string]state{ + "test::key0": {Cursor: "1"}, + } + checkEqualStoreState(t, want, storeMemorySnapshot(store)) + checkEqualStoreState(t, want, storeInSyncSnapshot(store)) + }) +} + +func TestStore_Get(t *testing.T) { + t.Run("find existing resource", func(t *testing.T) { + cursorState := state{Cursor: "1"} + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key0": cursorState, + })) + defer store.Release() + + res := store.Get("test::key0") + require.NotNil(t, res) + defer res.Release() + + // check in memory state matches matches original persistent state + require.Equal(t, cursorState, res.stateSnapshot()) + // check assumed in-sync state matches matches original persistent state + require.Equal(t, cursorState, res.inSyncStateSnapshot()) + }) + + t.Run("access unknown resource", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + + res := store.Get("test::key") + require.NotNil(t, res) + defer res.Release() + + // new resource has empty state + require.Equal(t, state{}, res.stateSnapshot()) + }) + + t.Run("same resource is returned", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + + res1 := store.Get("test::key") + require.NotNil(t, res1) + defer res1.Release() + + res2 := store.Get("test::key") + require.NotNil(t, res2) + defer res2.Release() + + assert.Equal(t, res1, res2) + }) +} + +func TestStore_UpdateTTL(t *testing.T) { + t.Run("add TTL for new entry to store", func(t *testing.T) { + // when creating a resource we set the TTL and insert a new key value pair without cursor value into the store: + store := testOpenStore(t, "test", createSampleStore(t, nil)) + defer store.Release() + + res := store.Get("test::key") + store.UpdateTTL(res, 60*time.Second) + + want := map[string]state{ + "test::key": { + TTL: 60 * time.Second, + Updated: res.internalState.Updated, + Cursor: nil, + }, + } + + checkEqualStoreState(t, want, storeMemorySnapshot(store)) + checkEqualStoreState(t, want, storeInSyncSnapshot(store)) + }) + + t.Run("update TTL for in-sync resource does not overwrite state", func(t *testing.T) { + store := testOpenStore(t, "test", createSampleStore(t, map[string]state{ + "test::key": { + TTL: 1 * time.Second, + Cursor: "test", + }, + })) + defer store.Release() + + res := store.Get("test::key") + store.UpdateTTL(res, 60*time.Second) + want := map[string]state{ + "test::key": { + Updated: res.internalState.Updated, + TTL: 60 * time.Second, + Cursor: "test", + }, + } + + checkEqualStoreState(t, want, storeMemorySnapshot(store)) + checkEqualStoreState(t, want, storeInSyncSnapshot(store)) + }) + + t.Run("update TTL for resource with pending updates", func(t *testing.T) { + // This test updates the resource TTL while update operations are still + // pending, but not synced to the persistent store yet. + // UpdateTTL changes the state in the persistent store immediately, and must therefore + // serialize the old in-sync state with update meta-data. + + // create store + backend := createSampleStore(t, map[string]state{ + "test::key": { + TTL: 1 * time.Second, + Cursor: "test", + }, + }) + store := testOpenStore(t, "test", backend) + defer store.Release() + + // create pending update operation + res := store.Get("test::key") + op, err := createUpdateOp(store, res, "test-state-update") + require.NoError(t, err) + defer op.done(1) + + // Update key/value pair TTL. This will update the internal state in the + // persistent store only, not modifying the old cursor state yet. + store.UpdateTTL(res, 60*time.Second) + + // validate + wantMemoryState := state{ + Updated: res.internalState.Updated, + TTL: 60 * time.Second, + Cursor: "test-state-update", + } + wantInSyncState := state{ + Updated: res.internalState.Updated, + TTL: 60 * time.Second, + Cursor: "test", + } + + checkEqualStoreState(t, map[string]state{"test::key": wantMemoryState}, storeMemorySnapshot(store)) + checkEqualStoreState(t, map[string]state{"test::key": wantInSyncState}, storeInSyncSnapshot(store)) + checkEqualStoreState(t, map[string]state{"test::key": wantInSyncState}, backend.snapshot()) + }) +} + +func closeStoreWith(fn func(s *store)) func() { + old := closeStore + closeStore = fn + return func() { + closeStore = old + } +} + +func testOpenStore(t *testing.T, prefix string, persistentStore StateStore) *store { + if persistentStore == nil { + persistentStore = createSampleStore(t, nil) + } + + store, err := openStore(logp.NewLogger("test"), persistentStore, prefix) + if err != nil { + t.Fatalf("failed to open the store") + } + return store +} + +func createSampleStore(t *testing.T, data map[string]state) testStateStore { + storeReg := statestore.NewRegistry(storetest.NewMemoryStoreBackend()) + store, err := storeReg.Get("test") + if err != nil { + t.Fatalf("Failed to access store: %v", err) + } + + for k, v := range data { + if err := store.Set(k, v); err != nil { + t.Fatalf("Error when populating the sample store: %v", err) + } + } + + return testStateStore{ + Store: store, + } +} + +func (ts testStateStore) WithGCPeriod(d time.Duration) testStateStore { ts.GCPeriod = d; return ts } +func (ts testStateStore) CleanupInterval() time.Duration { return ts.GCPeriod } +func (ts testStateStore) Access() (*statestore.Store, error) { + if ts.Store == nil { + return nil, errors.New("no store configured") + } + return ts.Store, nil +} + +// snapshot copies all key/value pairs from the persistent store into a table for inspection. +func (ts testStateStore) snapshot() map[string]state { + states := map[string]state{} + err := ts.Store.Each(func(key string, dec statestore.ValueDecoder) (bool, error) { + var st state + if err := dec.Decode(&st); err != nil { + return false, err + } + states[key] = st + return true, nil + }) + + if err != nil { + panic("unexpected decode error from persistent test store") + } + return states +} + +// storeMemorySnapshot copies all key/value pairs into a table for inspection. +// The state returned reflects the in memory state, which can be ahead of the +// persistent state. +// +// Note: The state returned by storeMemorySnapshot is always ahead of the state returned by storeInSyncSnapshot. +// All key value pairs are fully in-sync, if both snapshot functions return the same state. +func storeMemorySnapshot(store *store) map[string]state { + store.ephemeralStore.mu.Lock() + defer store.ephemeralStore.mu.Unlock() + + states := map[string]state{} + for k, res := range store.ephemeralStore.table { + states[k] = res.stateSnapshot() + } + return states +} + +// storeInSyncSnapshot copies all key/value pairs into the table for inspection. +// The state returned reflects the current state that the in-memory tables assumed to be +// written to the persistent store already. + +// Note: The state returned by storeMemorySnapshot is always ahead of the state returned by storeInSyncSnapshot. +// All key value pairs are fully in-sync, if both snapshot functions return the same state. +func storeInSyncSnapshot(store *store) map[string]state { + store.ephemeralStore.mu.Lock() + defer store.ephemeralStore.mu.Unlock() + + states := map[string]state{} + for k, res := range store.ephemeralStore.table { + states[k] = res.inSyncStateSnapshot() + } + return states +} + +// checkEqualStoreState compares 2 store snapshot tables for equality. The test +// fails with Errorf if the state differ. +// +// Note: testify is too strict when comparing timestamp, better use checkEqualStoreState. +func checkEqualStoreState(t *testing.T, want, got map[string]state) bool { + if d := cmp.Diff(want, got); d != "" { + t.Errorf("store state mismatch (-want +got):\n%s", d) + return false + } + return true +} + +// requireEqualStoreState compares 2 store snapshot tables for equality. The test +// fails with Fatalf if the state differ. +// +// Note: testify is too strict when comparing timestamp, better use checkEqualStoreState. +func requireEqualStoreState(t *testing.T, want, got map[string]state) bool { + if d := cmp.Diff(want, got); d != "" { + t.Fatalf("store state mismatch (-want +got):\n%s", d) + return false + } + return true +} diff --git a/filebeat/input/filestream/prospector.go b/filebeat/input/filestream/prospector.go new file mode 100644 index 00000000000..257574b9ca1 --- /dev/null +++ b/filebeat/input/filestream/prospector.go @@ -0,0 +1,38 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package filestream + +import ( + loginp "github.com/elastic/beats/v7/filebeat/input/filestream/internal/input-logfile" + input "github.com/elastic/beats/v7/filebeat/input/v2" + "github.com/elastic/beats/v7/libbeat/statestore" +) + +// fileProspector implements the Prospector interface. +// It contains a file scanner which returns file system events. +// The FS events then trigger either new Harvester runs or updates +// the statestore. +type fileProspector struct{} + +func (p *fileProspector) Run(ctx input.Context, s *statestore.Store, hg *loginp.HarvesterGroup) { + panic("TODO: implement me") +} + +func (p *fileProspector) Test() error { + panic("TODO: implement me") +} diff --git a/filebeat/input/filestream/testdata/excluded_file b/filebeat/input/filestream/testdata/excluded_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/filebeat/input/filestream/testdata/included_file b/filebeat/input/filestream/testdata/included_file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/filebeat/input/filestream/testdata/symlink_to_included_file b/filebeat/input/filestream/testdata/symlink_to_included_file new file mode 120000 index 00000000000..40824f3f7d3 --- /dev/null +++ b/filebeat/input/filestream/testdata/symlink_to_included_file @@ -0,0 +1 @@ +filebeat/input/filestream/testdata/included_file \ No newline at end of file diff --git a/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json b/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json index 9c61a6065af..1f3600f2e09 100644 --- a/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json +++ b/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json @@ -76,6 +76,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -105,6 +106,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -134,6 +136,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", diff --git a/filebeat/module/apache/access/test/ssl-request.log-expected.json b/filebeat/module/apache/access/test/ssl-request.log-expected.json index 9898d82cef0..3eb3e283b19 100644 --- a/filebeat/module/apache/access/test/ssl-request.log-expected.json +++ b/filebeat/module/apache/access/test/ssl-request.log-expected.json @@ -38,6 +38,7 @@ "source.address": "11.19.0.217", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "11.19.0.217", diff --git a/filebeat/module/apache/error/test/test.log-expected.json b/filebeat/module/apache/error/test/test.log-expected.json index fbc9605ef38..d9f470db46a 100644 --- a/filebeat/module/apache/error/test/test.log-expected.json +++ b/filebeat/module/apache/error/test/test.log-expected.json @@ -56,6 +56,7 @@ "source.geo.city_name": "Newnan", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 33.3708, "source.geo.location.lon": -84.8154, "source.geo.region_iso_code": "US-GA", @@ -84,6 +85,7 @@ "source.geo.city_name": "Beijing", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 39.9288, "source.geo.location.lon": 116.3889, "source.geo.region_iso_code": "CN-BJ", diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index f58515d6172..4da9bc98f17 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -30,6 +30,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index 474b7a5e5d3..b33e80ab073 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -47,6 +47,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index adb56a2eadd..786333c1379 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -34,6 +34,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -127,6 +128,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", diff --git a/filebeat/module/iis/error/test/iis_error_url.log-expected.json b/filebeat/module/iis/error/test/iis_error_url.log-expected.json index 0cb2fb038b4..8adb2e6d1d0 100644 --- a/filebeat/module/iis/error/test/iis_error_url.log-expected.json +++ b/filebeat/module/iis/error/test/iis_error_url.log-expected.json @@ -30,6 +30,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -67,6 +68,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -104,6 +106,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -141,6 +144,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -178,6 +182,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -215,6 +220,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -252,6 +258,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", @@ -289,6 +296,7 @@ "source.address": "149.42.83.135", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "149.42.83.135", diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index 50ec549dd6b..506ee6ba2ed 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -66,6 +66,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -108,6 +109,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -146,6 +148,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", diff --git a/filebeat/module/nginx/access/test/access.log-expected.json b/filebeat/module/nginx/access/test/access.log-expected.json index 92519cc1e81..7981a316c95 100644 --- a/filebeat/module/nginx/access/test/access.log-expected.json +++ b/filebeat/module/nginx/access/test/access.log-expected.json @@ -32,6 +32,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -80,6 +81,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -127,6 +129,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -174,6 +177,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -222,6 +226,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -269,6 +274,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -316,6 +322,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", @@ -363,6 +370,7 @@ "source.geo.city_name": "Germersheim", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.2231, "source.geo.location.lon": 8.3639, "source.geo.region_iso_code": "DE-RP", diff --git a/filebeat/module/nginx/access/test/test-with-host.log-expected.json b/filebeat/module/nginx/access/test/test-with-host.log-expected.json index a1968695184..e07836ce520 100644 --- a/filebeat/module/nginx/access/test/test-with-host.log-expected.json +++ b/filebeat/module/nginx/access/test/test-with-host.log-expected.json @@ -115,6 +115,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -164,6 +165,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -216,6 +218,7 @@ "source.geo.city_name": "Springfield", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 39.7647, "source.geo.location.lon": -89.7379, "source.geo.region_iso_code": "US-IL", @@ -260,6 +263,7 @@ "source.address": "2a03:0000:10ff:f00f:0000:0000:0:8000", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PT", + "source.geo.country_name": "Portugal", "source.geo.location.lat": 39.5, "source.geo.location.lon": -8.0, "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 75caf6cf9f8..b27c9ccf19b 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -112,6 +112,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -159,6 +160,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -209,6 +211,7 @@ "source.geo.city_name": "Springfield", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 39.7647, "source.geo.location.lon": -89.7379, "source.geo.region_iso_code": "US-IL", @@ -251,6 +254,7 @@ "source.address": "2a03:0000:10ff:f00f:0000:0000:0:8000", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PT", + "source.geo.country_name": "Portugal", "source.geo.location.lat": 39.5, "source.geo.location.lon": -8.0, "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", diff --git a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json index e8b09bc1abd..89c37b4a38e 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json +++ b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json @@ -1322,4 +1322,4 @@ "user_agent.os.version": "10.14", "user_agent.version": "72.0." } -] +] \ No newline at end of file diff --git a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json index 7d8ece1d7f2..50134594bfc 100644 --- a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json +++ b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json @@ -33,6 +33,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -94,6 +95,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -155,6 +157,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -284,6 +287,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -345,6 +349,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -406,6 +411,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -467,6 +473,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -528,6 +535,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -691,6 +699,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -752,6 +761,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -813,6 +823,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -874,6 +885,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -935,6 +947,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -996,6 +1009,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -1074,6 +1088,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1135,6 +1150,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1264,6 +1280,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1325,6 +1342,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1386,6 +1404,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1447,6 +1466,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1508,6 +1528,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1637,6 +1658,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1698,6 +1720,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1759,6 +1782,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1820,6 +1844,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -1881,6 +1906,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2010,6 +2036,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -2071,6 +2098,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -2132,6 +2160,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -2244,6 +2273,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2305,6 +2335,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2366,6 +2397,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2427,6 +2459,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2488,6 +2521,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", @@ -2617,6 +2651,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 28.55, "source.geo.location.lon": 115.9333, "source.geo.region_iso_code": "CN-JX", diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index 88d32188bb7..dc677ebb58c 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -140,6 +140,7 @@ "source.as.organization.name": "CHINANET Guangdong province network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 23.1167, "source.geo.location.lon": 113.25, "source.geo.region_iso_code": "CN-GD", @@ -196,6 +197,7 @@ "source.geo.city_name": "Hangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 30.294, "source.geo.location.lon": 120.1619, "source.geo.region_iso_code": "CN-ZJ", diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index a5723ed5c27..631673fe351 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -69,6 +69,7 @@ "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 52.4473, "source.geo.location.lon": 13.4531, "source.geo.region_iso_code": "DE-BE", @@ -116,6 +117,7 @@ "source.geo.city_name": "Ottawa", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "CA", + "source.geo.country_name": "Canada", "source.geo.location.lat": 45.2691, "source.geo.location.lon": -75.7518, "source.geo.region_iso_code": "CA-ON", @@ -203,6 +205,7 @@ "source.geo.city_name": "Warsaw", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 52.25, "source.geo.location.lon": 21.0, "source.geo.region_iso_code": "PL-14", @@ -249,6 +252,7 @@ "source.geo.city_name": "Gda\u0144sk", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 54.3605, "source.geo.location.lon": 18.649, "source.geo.region_iso_code": "PL-22", diff --git a/libbeat/processors/script/javascript/module/include.go b/libbeat/processors/script/javascript/module/include.go index f30e423e7a2..b498dc90e21 100644 --- a/libbeat/processors/script/javascript/module/include.go +++ b/libbeat/processors/script/javascript/module/include.go @@ -24,4 +24,5 @@ import ( _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/path" _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/processor" _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/require" + _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/windows" ) diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/doc.go b/libbeat/processors/script/javascript/module/windows/doc.go similarity index 82% rename from winlogbeat/processors/script/javascript/module/winlogbeat/doc.go rename to libbeat/processors/script/javascript/module/windows/doc.go index fc782636d09..bca46a94340 100644 --- a/winlogbeat/processors/script/javascript/module/winlogbeat/doc.go +++ b/libbeat/processors/script/javascript/module/windows/doc.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -// Package winlogbeat registers the winlogbeat module with the javascript script -// processor. The module has utilities specific to Winlogbeat like parsing +// Package windows registers the windows module with the javascript script +// processor. The module has utilities specific to Windows like parsing // Windows command lines. -package winlogbeat +package windows diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go b/libbeat/processors/script/javascript/module/windows/windows.go similarity index 87% rename from winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go rename to libbeat/processors/script/javascript/module/windows/windows.go index dc9439c5c67..2bbe7817fad 100644 --- a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat.go +++ b/libbeat/processors/script/javascript/module/windows/windows.go @@ -17,7 +17,7 @@ // +build windows -package winlogbeat +package windows import ( "syscall" @@ -60,11 +60,11 @@ func commandLineToArgvW(in string) ([]string, error) { return args, nil } -// Require registers the winlogbeat module that has utilities specific to -// Winlogbeat like parsing Windows command lines. It can be accessed using: +// Require registers the windows module that has utilities specific to +// Windows like parsing Windows command lines. It can be accessed using: // // // javascript -// var winlogbeat = require('winlogbeat'); +// var windows = require('windows'); // func Require(vm *goja.Runtime, module *goja.Object) { o := module.Get("exports").(*goja.Object) @@ -74,9 +74,11 @@ func Require(vm *goja.Runtime, module *goja.Object) { // Enable adds path to the given runtime. func Enable(runtime *goja.Runtime) { + runtime.Set("windows", require.Require(runtime, "windows")) runtime.Set("winlogbeat", require.Require(runtime, "winlogbeat")) } func init() { + require.RegisterNativeModule("windows", Require) require.RegisterNativeModule("winlogbeat", Require) } diff --git a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go b/libbeat/processors/script/javascript/module/windows/windows_test.go similarity index 99% rename from winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go rename to libbeat/processors/script/javascript/module/windows/windows_test.go index 45c339cc1f2..be213a79ba8 100644 --- a/winlogbeat/processors/script/javascript/module/winlogbeat/winlogbeat_test.go +++ b/libbeat/processors/script/javascript/module/windows/windows_test.go @@ -17,7 +17,7 @@ // +build windows -package winlogbeat +package windows import ( "testing" diff --git a/metricbeat/docs/modules/sql.asciidoc b/metricbeat/docs/modules/sql.asciidoc index 69726a1fe7d..6e944cf5c13 100644 --- a/metricbeat/docs/modules/sql.asciidoc +++ b/metricbeat/docs/modules/sql.asciidoc @@ -8,24 +8,45 @@ This file is generated! See scripts/mage/docs_collector.go beta[] -The SQL module allows to execute custom queries against an SQL database and store the results to Elasticsearch. +The SQL module allows you to execute custom queries against an SQL database and +store the results in {es}. -The currently supported databases are the ones already included in Metricbeat, which are: -- PostgreSQL -- MySQL -- Oracle -- Microsoft SQL -- CockroachDB +This module supports the databases that you can monitor with {metricbeat}, +including: -== Quickstart +* PostgreSQL +* MySQL +* Oracle +* Microsoft SQL +* CockroachDB -You can setup the module by activating it first running +To enable the module, run: - metricbeat module enable sql +[source,shell] +---- +metricbeat module enable sql +---- + +After enabling the module, open `modules.d/sql.yml` and set the required +fields: + +`driver`:: The driver can be any driver that has a {metricbeat} module, such as +`mssql` or `postgres`. +`sql_query`:: The single query you want to run. +`sql_response_format`:: Either `variables` or `table`: +`variables`::: Expects a two-column table that looks like a key/value result. +The left column is considered a key and the right column the value. This mode +generates a single event on each fetch operation. +`table`::: Expects any number of columns. This mode generates a single event for +each row. + +[float] +=== Example: capture Innodb-related metrics -Once it is activated, open `modules.d/sql.yml` and fill the required fields. This is an example that captures Innodb related metrics from the result of the query `SHOW GLOBAL STATUS LIKE 'Innodb_system%'` in a MySQL database: +This `sql.yml` configuration shows how to capture Innodb-related metrics that +result from the query `SHOW GLOBAL STATUS LIKE 'Innodb_system%'` in a MySQL +database: -.sql.yml [source,yaml] ---- - module: sql @@ -39,7 +60,8 @@ Once it is activated, open `modules.d/sql.yml` and fill the required fields. Thi sql_response_format: variables ---- -.SHOW GLOBAL STATUS LIKE 'Innodb_system%' +The `SHOW GLOBAL STATUS` query results in this table: + |==== |Variable_name|Value @@ -49,18 +71,11 @@ Once it is activated, open `modules.d/sql.yml` and fill the required fields. Thi |Innodb_system_rows_updated|315 |==== +Results are grouped by type in the result event for convenient mapping in +{es}. For example, `strings` values are grouped into `sql.strings`, `numeric` +into `sql.numeric`, and so on. -Keys in the YAML are defined as follow: - -- `driver`: The drivers currently supported are those which already have a Metricbeat module like `mssql` or `postgres`. -- `sql_query`: Is the single query you want to run -- `sql_response_format`: You have 2 options here: - - `variables`: Expects a table which looks like a key/value result. With 2 columns, left column will be considered a key and the right column the value. This mode generates a single event on each fetch operation. - - `table`: Table mode can contain any number of columns and a single event will be generated for each row. - -Results will be grouped by type in the result event for convenient mapping in Elasticsearch. So `strings` values will be grouped into `sql.strings`, `numeric` into `sql.numeric` and so on and so forth. - -The event generated with the example above looks like this: +The example shown earlier generates this event: [source,json] ---- @@ -112,9 +127,13 @@ The event generated with the example above looks like this: } ---- -In this example, we are querying PostgreSQL and generate a "table" result, hence a single event for each row returned +[float] +=== Example: query PostgreSQL and generate a "table" result + +This `sql.yml` configuration shows how to query PostgreSQL and generate +a "table" result. This configuration generates a single event for each row +returned: -.sql.yml [source,yaml] ---- - module: sql @@ -128,7 +147,8 @@ In this example, we are querying PostgreSQL and generate a "table" result, hence sql_response_format: table ---- -.SELECT datid, datname, blks_read, blks_hit, tup_returned, tup_fetched, stats_reset FROM pg_stat_database +The SELECT query results in this table: + |==== |datid|datname|blks_read|blks_hit|tup_returned|tup_fetched|stats_reset @@ -137,7 +157,8 @@ In this example, we are querying PostgreSQL and generate a "table" result, hence |13407|template0|0|0|0|0| |==== -With 3 rows on the table, three events will be generated with the contents of each row. As an example, below you can see the event created for the first row: +Because the table contains three rows, three events are generated, one event +for each row. For example, this event is created for the first row: [source,json] ---- @@ -194,14 +215,11 @@ With 3 rows on the table, three events will be generated with the contents of ea } ---- +[float] +=== Example: get the buffer catch hit ratio in Oracle -== More examples - -=== Oracle: - -Get the buffer cache hit ratio: +This `sql.yml` configuration shows how to get the buffer cache hit ratio: -.sql.yml [source,yaml] ---- - module: sql @@ -215,6 +233,7 @@ Get the buffer cache hit ratio: sql_response_format: table ---- +The example generates this event: [source,json] ---- @@ -269,11 +288,11 @@ Get the buffer cache hit ratio: } ---- -=== MSSQL +[float] +=== Example: get the buffer cache hit ratio for MSSQL -Get the buffer cache hit ratio: +This `sql.yml` configuration gets the buffer cache hit ratio: -.sql.yml [source,yaml] ---- - module: sql @@ -287,6 +306,8 @@ Get the buffer cache hit ratio: sql_response_format: table ---- +The example generates this event: + [source,json] ---- { @@ -338,11 +359,12 @@ Get the buffer cache hit ratio: } ---- -=== Two or more queries +[float] +=== Example: launch two or more queries -If you want to launch two or more queries, you need to specify them with their full configuration for each query. For example: +To launch two or more queries, specify the full configuration for each query. +For example: -.sql.yml [source,yaml] ---- - module: sql diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go index 7e25e717813..2cd26a9fe8e 100644 --- a/winlogbeat/cmd/root.go +++ b/winlogbeat/cmd/root.go @@ -30,7 +30,6 @@ import ( // Import processors and supporting modules. _ "github.com/elastic/beats/v7/libbeat/processors/script" _ "github.com/elastic/beats/v7/libbeat/processors/timestamp" - _ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat" ) const ( diff --git a/x-pack/auditbeat/Jenkinsfile.yml b/x-pack/auditbeat/Jenkinsfile.yml index fd73c10a1c5..3bb96fbbc64 100644 --- a/x-pack/auditbeat/Jenkinsfile.yml +++ b/x-pack/auditbeat/Jenkinsfile.yml @@ -5,11 +5,11 @@ when: - "@ci" ## special token regarding the changeset for the ci - "@xpack" ## special token regarding the changeset for the xpack comments: ## when PR comment contains any of those entries - - "/test auditbeat" + - "/test x-pack/auditbeat" labels: ## when PR labels matches any of those entries - - "auditbeat" + - "x-pack-auditbeat" parameters: ## when parameter was selected in the UI. - - "auditbeat" + - "x-pack-auditbeat" tags: true ## for all the tags platform: "linux && ubuntu-18" ## default label for all the stages stages: @@ -22,7 +22,7 @@ stages: - "macosx" when: ## Override the top-level when. comments: - - "/test auditbeat for macos" + - "/test x-pack/auditbeat for macos" labels: - "macOS" parameters: diff --git a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker.go b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker.go index 3a6a7843b72..4f9e753ba94 100644 --- a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker.go +++ b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker.go @@ -5,7 +5,6 @@ package filters import ( - "fmt" "strings" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" @@ -47,11 +46,7 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { if nsNode, found := inputNode.Find("data_stream.namespace"); found { nsKey, ok := nsNode.(*transpiler.Key) if ok { - newNamespace := nsKey.Value().(transpiler.Node).String() - if !isValid(newNamespace) { - return ErrInvalidNamespace - } - namespace = newNamespace + namespace = nsKey.Value().(transpiler.Node).String() } } else { dsNode, found := inputNode.Find("data_stream") @@ -63,17 +58,17 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { if found { nsKey, ok := nsNode.(*transpiler.Key) if ok { - newNamespace := nsKey.Value().(transpiler.Node).String() - if !isValid(newNamespace) { - return ErrInvalidNamespace - } - namespace = newNamespace + namespace = nsKey.Value().(transpiler.Node).String() } } } } } + if !matchesNamespaceContraints(namespace) { + return ErrInvalidNamespace + } + // get the type, longest type for now is metrics datasetType := "metrics" if nsNode, found := inputNode.Find("data_stream.type"); found { @@ -100,6 +95,10 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { } } + if !matchesTypeConstraints(datasetType) { + return ErrInvalidIndex + } + streamsNode, ok := inputNode.Find("streams") if ok { streamsList, ok := streamsNode.Value().(*transpiler.List) @@ -119,11 +118,8 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { if dsNameNode, found := streamMap.Find("data_stream.dataset"); found { dsKey, ok := dsNameNode.(*transpiler.Key) if ok { - newDataset := dsKey.Value().(transpiler.Node).String() - if !isValid(newDataset) { - return ErrInvalidDataset - } - datasetName = newDataset + datasetName = dsKey.Value().(transpiler.Node).String() + break } } else { datasetNode, found := streamMap.Find("data_stream") @@ -137,11 +133,8 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { if found { dsKey, ok := dsNameNode.(*transpiler.Key) if ok { - newDataset := dsKey.Value().(transpiler.Node).String() - if !isValid(newDataset) { - return ErrInvalidDataset - } - datasetName = newDataset + datasetName = dsKey.Value().(transpiler.Node).String() + break } } } @@ -149,49 +142,65 @@ func StreamChecker(log *logger.Logger, ast *transpiler.AST) error { } } } - - if indexName := fmt.Sprintf("%s-%s-%s", datasetType, datasetName, namespace); !matchesIndexContraints(indexName) { - return ErrInvalidIndex + if !matchesDatasetConstraints(datasetName) { + return ErrInvalidDataset } } return nil } -// The only two requirement are that it has only characters allowed in an Elasticsearch index name -// and does NOT contain a `-`. -func isValid(namespace string) bool { - return matchesIndexContraints(namespace) && !strings.Contains(namespace, "-") -} - // The only two requirement are that it has only characters allowed in an Elasticsearch index name // Index names must meet the following criteria: +// Not longer than 100 bytes // Lowercase only // Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # +func matchesNamespaceContraints(namespace string) bool { + // length restriction is in bytes, not characters + if len(namespace) <= 0 || len(namespace) > 100 { + return false + } + + return isCharactersetValid(namespace) +} + +// matchesTypeConstraints fails for following rules. As type is first element of resulting index prefix restrictions need to be applied. +// Not longer than 20 bytes +// Lowercase only // Cannot start with -, _, + -// Cannot be . or .. -func matchesIndexContraints(namespace string) bool { - // Cannot be . or .. - if namespace == "." || namespace == ".." { +// Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # +func matchesTypeConstraints(dsType string) bool { + // length restriction is in bytes, not characters + if len(dsType) <= 0 || len(dsType) > 20 { return false } - if len(namespace) <= 0 || len(namespace) > 255 { + if strings.HasPrefix(dsType, "-") || strings.HasPrefix(dsType, "_") || strings.HasPrefix(dsType, "+") { return false } - // Lowercase only - if strings.ToLower(namespace) != namespace { + return isCharactersetValid(dsType) +} + +// matchesDatasetConstraints fails for following rules +// Not longer than 100 bytes +// Lowercase only +// Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # +func matchesDatasetConstraints(dataset string) bool { + // length restriction is in bytes, not characters + if len(dataset) <= 0 || len(dataset) > 100 { return false } - // Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # - if strings.ContainsAny(namespace, "\\/*?\"<>| ,#") { + return isCharactersetValid(dataset) +} + +func isCharactersetValid(input string) bool { + if strings.ToLower(input) != input { return false } - // Cannot start with -, _, + - if strings.HasPrefix(namespace, "-") || strings.HasPrefix(namespace, "_") || strings.HasPrefix(namespace, "+") { + if strings.ContainsAny(input, "\\/*?\"<>| ,#:") { return false } diff --git a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go index 1daa14a1ad6..5750734c477 100644 --- a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go @@ -93,25 +93,6 @@ func TestStreamCheck(t *testing.T) { }, result: ErrInvalidDataset, }, - - { - name: "dataset invalid dot - compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{ - {"streams": []map[string]interface{}{{"data_stream.dataset": "."}}}, - }, - }, - result: ErrInvalidDataset, - }, - { - name: "dataset invalid dotdot- compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{ - {"streams": []map[string]interface{}{{"data_stream.dataset": ".."}}}, - }, - }, - result: ErrInvalidDataset, - }, { name: "dataset invalid uppercase - compact", configMap: map[string]interface{}{ @@ -139,16 +120,6 @@ func TestStreamCheck(t *testing.T) { }, result: ErrInvalidDataset, }, - { - name: "dataset invalid invalid prefix- compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{ - {"streams": []map[string]interface{}{{"data_stream.dataset": "_isthisvalid"}}}, - }, - }, - result: ErrInvalidDataset, - }, - { name: "namespace invalid - compact", configMap: map[string]interface{}{ @@ -156,22 +127,6 @@ func TestStreamCheck(t *testing.T) { }, result: ErrInvalidNamespace, }, - { - name: "namespace invalid name 1 - compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{ - {"data_stream.namespace": "."}, - }, - }, - result: ErrInvalidNamespace, - }, - { - name: "namespace invalid name 2 - compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{{"data_stream.namespace": ".."}}, - }, - result: ErrInvalidNamespace, - }, { name: "namespace invalid name uppercase - compact", configMap: map[string]interface{}{ @@ -193,13 +148,6 @@ func TestStreamCheck(t *testing.T) { }, result: ErrInvalidNamespace, }, - { - name: "namespace invalid name invalid prefix - compact", - configMap: map[string]interface{}{ - "inputs": []map[string]interface{}{{"data_stream.namespace": "+isitok"}}, - }, - result: ErrInvalidNamespace, - }, { name: "namespace invalid - long", configMap: map[string]interface{}{ @@ -274,6 +222,33 @@ func TestStreamCheck(t *testing.T) { }, result: nil, }, + { + name: "type invalid prefix _", + configMap: map[string]interface{}{ + "inputs": []map[string]interface{}{ + {"data_stream.type": "_type"}, + }, + }, + result: ErrInvalidIndex, + }, + { + name: "type invalid prefix -", + configMap: map[string]interface{}{ + "inputs": []map[string]interface{}{ + {"data_stream.type": "-type"}, + }, + }, + result: ErrInvalidIndex, + }, + { + name: "type invalid prefix +", + configMap: map[string]interface{}{ + "inputs": []map[string]interface{}{ + {"data_stream.type": "+type"}, + }, + }, + result: ErrInvalidIndex, + }, } log, err := logger.New("") diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go index c98f9b8e015..c5712646cfb 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go @@ -10,6 +10,7 @@ import ( "runtime" "strings" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/install" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" "github.com/elastic/go-sysinfo" "github.com/elastic/go-sysinfo/types" @@ -33,6 +34,12 @@ type AgentECSMeta struct { ID string `json:"id"` // Version specifies current version of an agent. Version string `json:"version"` + // Snapshot is a flag specifying that the agent used is a snapshot build. + Snapshot bool `json:"snapshot"` + // BuildOriginal is an extended build information for the agent. + BuildOriginal string `json:"build.original"` + // Upgradeable is a flag specifying if it is possible for agent to be upgraded. + Upgradeable bool `json:"upgradeable"` } // SystemECSMeta is a collection of operating system metadata in ECS compliant object form. @@ -126,8 +133,13 @@ func (i *AgentInfo) ECSMetadata() (*ECSMeta, error) { return &ECSMeta{ Elastic: &ElasticECSMeta{ Agent: &AgentECSMeta{ - ID: i.agentID, - Version: release.Version(), + ID: i.agentID, + Version: release.Version(), + Snapshot: release.Snapshot(), + BuildOriginal: release.Info().String(), + // only upgradeable if running from Agent installer and running under the + // control of the system supervisor (or built specifically with upgrading enabled) + Upgradeable: release.Upgradeable() || (install.RunningInstalled() && install.RunningUnderSupervisor()), }, }, Host: &HostECSMeta{ diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/step_unpack.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/step_unpack.go index ae3d05edd16..8efb2de2140 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/step_unpack.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/step_unpack.go @@ -23,8 +23,8 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" ) -// untar unpacks archive correctly, skips root (symlink, config...) unpacks data/* -func (u *Upgrader) unpack(ctx context.Context, version, sourceURI, archivePath string) (string, error) { +// unpack unpacks archive correctly, skips root (symlink, config...) unpacks data/* +func (u *Upgrader) unpack(ctx context.Context, version, archivePath string) (string, error) { // unpack must occur in directory that holds the installation directory // or the extraction will be double nested var hash string diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go index 9c2c4f02286..cac36ef7922 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/upgrade.go @@ -33,12 +33,12 @@ const ( // Upgrader performs an upgrade type Upgrader struct { - settings *artifact.Config - log *logger.Logger - closers []context.CancelFunc - reexec reexecManager - acker acker - upgradable bool + settings *artifact.Config + log *logger.Logger + closers []context.CancelFunc + reexec reexecManager + acker acker + upgradeable bool } type reexecManager interface { @@ -53,34 +53,35 @@ type acker interface { // NewUpgrader creates an upgrader which is capable of performing upgrade operation func NewUpgrader(settings *artifact.Config, log *logger.Logger, closers []context.CancelFunc, reexec reexecManager, a acker) *Upgrader { return &Upgrader{ - settings: settings, - log: log, - closers: closers, - reexec: reexec, - acker: a, - upgradable: getUpgradable(), + settings: settings, + log: log, + closers: closers, + reexec: reexec, + acker: a, + upgradeable: getUpgradable(), } } -// Upgradable returns true if the Elastic Agent can be upgraded. -func (u *Upgrader) Upgradable() bool { - return u.upgradable +// Upgradeable returns true if the Elastic Agent can be upgraded. +func (u *Upgrader) Upgradeable() bool { + return u.upgradeable } // Upgrade upgrades running agent func (u *Upgrader) Upgrade(ctx context.Context, a *fleetapi.ActionUpgrade) error { - if !u.upgradable { + if !u.upgradeable { return fmt.Errorf( "cannot be upgraded; must be installed with install sub-command and " + "running under control of the systems supervisor") } - archivePath, err := u.downloadArtifact(ctx, a.Version, a.SourceURI) + sourceURI, err := u.sourceURI(a.Version, a.SourceURI) + archivePath, err := u.downloadArtifact(ctx, a.Version, sourceURI) if err != nil { return err } - newHash, err := u.unpack(ctx, a.Version, a.SourceURI, archivePath) + newHash, err := u.unpack(ctx, a.Version, archivePath) if err != nil { return err } @@ -147,15 +148,25 @@ func (u *Upgrader) Ack(ctx context.Context) error { return ioutil.WriteFile(markerFile, markerBytes, 0600) } +func (u *Upgrader) sourceURI(version, retrievedURI string) (string, error) { + if strings.HasSuffix(version, "-SNAPSHOT") && retrievedURI == "" { + return "", errors.New("snapshot upgrade requires source uri", errors.TypeConfig) + } + if retrievedURI != "" { + return retrievedURI, nil + } + + return u.settings.SourceURI, nil +} func rollbackInstall(hash string) { os.RemoveAll(filepath.Join(paths.Data(), fmt.Sprintf("%s-%s", agentName, hash))) } func getUpgradable() bool { - // only upgradable if running from Agent installer and running under the + // only upgradeable if running from Agent installer and running under the // control of the system supervisor (or built specifically with upgrading enabled) - return release.Upgradable() || (install.RunningInstalled() && install.RunningUnderSupervisor()) + return release.Upgradeable() || (install.RunningInstalled() && install.RunningUnderSupervisor()) } func copyActionStore(newHash string) error { diff --git a/x-pack/elastic-agent/pkg/fleetapi/action.go b/x-pack/elastic-agent/pkg/fleetapi/action.go index d53b7fdfcfb..2329546629c 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/action.go +++ b/x-pack/elastic-agent/pkg/fleetapi/action.go @@ -97,7 +97,7 @@ type ActionUpgrade struct { ActionID string `json:"id" yaml:"id"` ActionType string `json:"type" yaml:"type"` Version string `json:"version" yaml:"version"` - SourceURI string `json:"source_uri" yaml:"source_uri"` + SourceURI string `json:"source_uri,omitempty" yaml:"source_uri,omitempty"` } func (a *ActionUpgrade) String() string { diff --git a/x-pack/elastic-agent/pkg/release/upgrade.go b/x-pack/elastic-agent/pkg/release/upgrade.go index ac1e8552dd2..2e63eb47ad5 100644 --- a/x-pack/elastic-agent/pkg/release/upgrade.go +++ b/x-pack/elastic-agent/pkg/release/upgrade.go @@ -4,7 +4,7 @@ package release -// Upgradable return true when release is built specifically for upgrading. -func Upgradable() bool { +// Upgradeable return true when release is built specifically for upgrading. +func Upgradeable() bool { return allowUpgrade == "true" } diff --git a/x-pack/elastic-agent/pkg/release/version.go b/x-pack/elastic-agent/pkg/release/version.go index dae609a6733..05f0063afdf 100644 --- a/x-pack/elastic-agent/pkg/release/version.go +++ b/x-pack/elastic-agent/pkg/release/version.go @@ -76,7 +76,7 @@ func Info() VersionInfo { } // String returns the string format for the version information. -func (v *VersionInfo) String() string { +func (v VersionInfo) String() string { var sb strings.Builder sb.WriteString(v.Version) diff --git a/x-pack/elastic-agent/spec/apm-server.yml.disabled b/x-pack/elastic-agent/spec/apm-server.yml.disabled new file mode 100644 index 00000000000..c84405dfadd --- /dev/null +++ b/x-pack/elastic-agent/spec/apm-server.yml.disabled @@ -0,0 +1,16 @@ +name: APM-Server +cmd: apm-server +artifact: apm-server +args: ["-E", "management.enabled=true", "-E", "management.mode=x-pack-fleet"] +rules: + - fix_stream: {} + - filter_values: + selector: inputs + key: type + values: + - apm + - filter: + selectors: + - inputs + - output +when: length(${inputs}) > 0 and hasKey(${output}, 'elasticsearch') diff --git a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml index 8421e12d7f0..8ceec6ff100 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/ingest/pipeline.yml @@ -146,37 +146,36 @@ processors: field: "json.errorMessage" target_field: "aws.cloudtrail.error_message" ignore_failure: true - - rename: - field: json.requestParameters - target_field: "aws.cloudtrail.flattened.request_parameters" - if: ctx?.json?.requestParameters != null - script: lang: painless source: | - if (ctx.aws.cloudtrail.flattened.request_parameters != null) { - ctx.aws.cloudtrail.request_parameters = ctx.aws.cloudtrail.flattened.request_parameters.toString(); + if (ctx.aws.cloudtrail?.flattened == null) { + Map map = new HashMap(); + ctx.aws.cloudtrail.put("flattened", map); + } + if (ctx.json.requestParameters != null) { + ctx.aws.cloudtrail.request_parameters = ctx.json.requestParameters.toString(); + if (ctx.aws.cloudtrail.request_parameters.length() < 32766) { + ctx.aws.cloudtrail.flattened.put("request_parameters", ctx.json.requestParameters); + } } - ignore_failure: true - - rename: - field: json.responseElements - target_field: "aws.cloudtrail.flattened.response_elements" - if: ctx?.json?.responseElements != null - - script: - lang: painless - source: | - if (ctx.aws.cloudtrail.flattened.response_elements != null) { - ctx.aws.cloudtrail.response_elements = ctx.aws.cloudtrail.flattened.response_elements.toString(); + if (ctx.json.responseElements != null) { + ctx.aws.cloudtrail.response_elements = ctx.json.responseElements.toString(); + if (ctx.aws.cloudtrail.response_elements.length() < 32766) { + ctx.aws.cloudtrail.flattened.put("response_elements", ctx.json.responseElements); + } } - ignore_failure: true - - rename: - field: json.additionalEventData - target_field: "aws.cloudtrail.flattened.additional_eventdata" - if: ctx?.json?.additionalEventData != null - - script: - lang: painless - source: | - if (ctx.aws.cloudtrail.flattened.additional_eventdata != null) { - ctx.aws.cloudtrail.additional_eventdata = ctx.aws.cloudtrail.flattened.additional_eventdata.toString(); + if (ctx.json.additionalEventData != null) { + ctx.aws.cloudtrail.additional_eventdata = ctx.json.additionalEventData.toString(); + if (ctx.aws.cloudtrail.additional_eventdata.length() < 32766) { + ctx.aws.cloudtrail.flattened.put("additional_eventdata", ctx.json.additionalEventData); + } + } + if (ctx.json.serviceEventDetails != null) { + ctx.aws.cloudtrail.service_event_details = ctx.json.serviceEventDetails.toString(); + if (ctx.aws.cloudtrail.service_event_details.length() < 32766) { + ctx.aws.cloudtrail.flattened.put("service_event_details", ctx.json.serviceEventDetails); + } } ignore_failure: true - rename: @@ -219,17 +218,6 @@ processors: field: "json.recipientAccountId" target_field: "aws.cloudtrail.recipient_account_id" ignore_failure: true - - rename: - field: json.serviceEventDetails - target_field: "aws.cloudtrail.flattened.service_event_details" - if: ctx?.json?.serviceEventDetails != null - - script: - lang: painless - source: | - if (ctx.aws.cloudtrail.flattened.service_event_details != null) { - ctx.aws.cloudtrail.service_event_details = ctx.aws.cloudtrail.flattened.service_event_details.toString(); - } - ignore_failure: true - rename: field: "json.sharedEventId" target_field: "aws.cloudtrail.shared_event_id" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json index 3bdb628e7fb..47691a242dc 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json @@ -63,6 +63,7 @@ "source.as.organization.name": "CHINA UNICOM China169 Backbone", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 29.5569, "source.geo.location.lon": 106.5531, "source.geo.region_iso_code": "CN-CQ", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json index 5783ade81ed..41cca74d099 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -39,6 +39,7 @@ "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 39.0481, "source.geo.location.lon": -77.4728, "source.geo.region_iso_code": "US-VA", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json index c9ee01ef238..1531a7c1e5a 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -32,6 +32,7 @@ "source.geo.city_name": "Boardman", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 45.8491, "source.geo.location.lon": -119.7143, "source.geo.region_iso_code": "US-OR", diff --git a/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json b/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json index a566b2f9478..28e1564e928 100644 --- a/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json @@ -35,6 +35,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -83,6 +84,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -131,6 +133,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -179,6 +182,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -227,6 +231,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -275,6 +280,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -323,6 +329,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -375,6 +382,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -427,6 +435,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -479,6 +488,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", diff --git a/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json b/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json index c1916fd1ec2..48701c8a985 100644 --- a/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json @@ -31,6 +31,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", @@ -74,6 +75,7 @@ "source.geo.city_name": "Mytishchi", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.9089, "source.geo.location.lon": 37.7339, "source.geo.region_iso_code": "RU-MOS", @@ -117,6 +119,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -160,6 +163,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -203,6 +207,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", diff --git a/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json b/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json index 8b394e2b07e..e960e211763 100644 --- a/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json @@ -25,6 +25,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -61,6 +62,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -97,6 +99,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -133,6 +136,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -169,6 +173,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", @@ -205,6 +210,7 @@ "source.geo.city_name": "Teruel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.3456, "source.geo.location.lon": -1.1065, "source.geo.region_iso_code": "ES-TE", diff --git a/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json b/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json index e9564154424..b5db726de69 100644 --- a/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json @@ -30,6 +30,7 @@ "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 39.0481, "source.geo.location.lon": -77.4728, "source.geo.region_iso_code": "US-VA", diff --git a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json index 273b1512556..187f7f33589 100644 --- a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -33,6 +33,7 @@ "geo.city_name": "Ashburn", "geo.continent_name": "North America", "geo.country_iso_code": "US", + "geo.country_name": "United States", "geo.location.lat": 39.0481, "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", @@ -95,6 +96,7 @@ "geo.city_name": "Ashburn", "geo.continent_name": "North America", "geo.country_iso_code": "US", + "geo.country_name": "United States", "geo.location.lat": 39.0481, "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", @@ -158,6 +160,7 @@ "geo.city_name": "Ashburn", "geo.continent_name": "North America", "geo.country_iso_code": "US", + "geo.country_name": "United States", "geo.location.lat": 39.0481, "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", @@ -220,6 +223,7 @@ "geo.city_name": "Ashburn", "geo.continent_name": "North America", "geo.country_iso_code": "US", + "geo.country_name": "United States", "geo.location.lat": 39.0481, "geo.location.lon": -77.4728, "geo.region_iso_code": "US-VA", @@ -279,6 +283,7 @@ "geo.city_name": "Teruel", "geo.continent_name": "Europe", "geo.country_iso_code": "ES", + "geo.country_name": "Spain", "geo.location.lat": 40.3456, "geo.location.lon": -1.1065, "geo.region_iso_code": "ES-TE", @@ -331,6 +336,7 @@ "geo.city_name": "Denver", "geo.continent_name": "North America", "geo.country_iso_code": "US", + "geo.country_name": "United States", "geo.location.lat": 39.7044, "geo.location.lon": -105.0023, "geo.region_iso_code": "US-CO", diff --git a/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json index 170b8851ec9..1f1b3e061b2 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json @@ -13,6 +13,7 @@ "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "ES", + "destination.geo.country_name": "Spain", "destination.geo.location.lat": 40.4172, "destination.geo.location.lon": -3.684, "destination.ip": "158.109.0.1", @@ -47,6 +48,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", @@ -72,6 +74,7 @@ "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "ES", + "destination.geo.country_name": "Spain", "destination.geo.location.lat": 40.4172, "destination.geo.location.lon": -3.684, "destination.ip": "158.109.0.1", @@ -106,6 +109,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", diff --git a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json index 6b7b788ac97..ba0293752ca 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json @@ -49,6 +49,7 @@ "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", + "source.geo.country_name": "Ireland", "source.geo.location.lat": 53.3338, "source.geo.location.lon": -6.2488, "source.geo.region_iso_code": "IE-L", diff --git a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json index 4c0e8d4701a..3f86faee084 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/activitylogs.log-expected.json @@ -47,6 +47,7 @@ "fileset.name": "activitylogs", "geo.continent_name": "Europe", "geo.country_iso_code": "GB", + "geo.country_name": "United Kingdom", "geo.location.lat": 51.4964, "geo.location.lon": -0.1224, "input.type": "log", @@ -55,6 +56,7 @@ "service.type": "azure", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", "source.geo.location.lat": 51.4964, "source.geo.location.lon": -0.1224, "source.ip": "51.251.141.41", diff --git a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json index db962bd4df6..5f14108e4c4 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json @@ -52,6 +52,7 @@ "fileset.name": "activitylogs", "geo.continent_name": "Asia", "geo.country_iso_code": "JP", + "geo.country_name": "Japan", "geo.location.lat": 35.69, "geo.location.lon": 139.69, "input.type": "log", @@ -62,6 +63,7 @@ "source.as.organization.name": "KDDI CORPORATION", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "JP", + "source.geo.country_name": "Japan", "source.geo.location.lat": 35.69, "source.geo.location.lon": 139.69, "source.ip": "111.111.111.11", diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json index 6a0f96ae261..db0643ccf25 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -66,6 +66,7 @@ "source.geo.city_name": "Farnham Royal", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", "source.geo.location.lat": 51.5333, "source.geo.location.lon": -0.6167, "source.geo.region_iso_code": "GB-BKM", @@ -145,6 +146,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "8.8.8.8", diff --git a/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json b/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json index ff70486fab5..ed4c2bb4d7f 100644 --- a/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json +++ b/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json @@ -496,8 +496,8 @@ "observer.type": "Anti-Virus", "observer.vendor": "Barracuda", "related.ip": [ - "10.18.165.35", - "10.110.109.5" + "10.110.109.5", + "10.18.165.35" ], "rsa.internal.messageid": "outbound/smtp", "rsa.investigations.event_cat": 1901000000, diff --git a/x-pack/filebeat/module/cef/log/test/cef.log-expected.json b/x-pack/filebeat/module/cef/log/test/cef.log-expected.json index ca0127defbd..d2902dc24b6 100644 --- a/x-pack/filebeat/module/cef/log/test/cef.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/cef.log-expected.json @@ -45,6 +45,7 @@ "service.type": "cef", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "6.7.8.9", @@ -77,6 +78,7 @@ "destination.geo.city_name": "Moscow", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7527, "destination.geo.location.lon": 37.6172, "destination.geo.region_iso_code": "RU-MOW", @@ -114,6 +116,7 @@ "service.type": "cef", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "6.7.8.9", diff --git a/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json b/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json index 8d027229032..eefe063490d 100644 --- a/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json @@ -48,6 +48,7 @@ "destination.geo.city_name": "Des Moines", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 41.6006, "destination.geo.location.lon": -93.6112, "destination.geo.region_iso_code": "US-IA", diff --git a/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json b/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json index fd07aa51eca..30fc5952b01 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json +++ b/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json @@ -150,6 +150,7 @@ "destination.geo.city_name": "Tel Aviv", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", + "destination.geo.country_name": "Israel", "destination.geo.location.lat": 32.0678, "destination.geo.location.lon": 34.7647, "destination.geo.region_iso_code": "IL-TA", @@ -270,6 +271,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -388,6 +390,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -506,6 +509,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -624,6 +628,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.81.142.43", @@ -742,6 +747,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -860,6 +866,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -978,6 +985,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -1096,6 +1104,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -1214,6 +1223,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -1332,6 +1342,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -1450,6 +1461,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -1568,6 +1580,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -1686,6 +1699,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -1804,6 +1818,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -1922,6 +1937,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -2040,6 +2056,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -2206,6 +2223,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -2298,6 +2316,7 @@ "destination.geo.city_name": "Tel Aviv", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", + "destination.geo.country_name": "Israel", "destination.geo.location.lat": 32.0678, "destination.geo.location.lon": 34.7647, "destination.geo.region_iso_code": "IL-TA", @@ -2526,6 +2545,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -2644,6 +2664,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -2762,6 +2783,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -2880,6 +2902,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -2998,6 +3021,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -3116,6 +3140,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -3282,6 +3307,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -3400,6 +3426,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -3518,6 +3545,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -3636,6 +3664,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -3754,6 +3783,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -3818,6 +3848,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -3990,6 +4021,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -4108,6 +4140,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -4254,6 +4287,7 @@ "destination.geo.city_name": "Tel Aviv", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", + "destination.geo.country_name": "Israel", "destination.geo.location.lat": 32.0678, "destination.geo.location.lon": 34.7647, "destination.geo.region_iso_code": "IL-TA", @@ -4428,6 +4462,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.81.142.43", @@ -4546,6 +4581,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -4664,6 +4700,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -4782,6 +4819,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -4900,6 +4938,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -5018,6 +5057,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", @@ -5136,6 +5176,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -5254,6 +5295,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.41", @@ -5372,6 +5414,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.36", @@ -5490,6 +5533,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.99.234.45", @@ -5608,6 +5652,7 @@ "destination.as.organization.name": "Sucuri", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "192.124.249.31", diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 73d42d43af7..66cc3da4b0c 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -1136,6 +1136,7 @@ "destination.geo.city_name": "Thousand Oaks", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 34.197, "destination.geo.location.lon": -118.8199, "destination.geo.region_iso_code": "US-CA", @@ -2417,6 +2418,7 @@ "destination.geo.city_name": "Clermont-Ferrand", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 45.7838, "destination.geo.location.lon": 3.0966, "destination.geo.region_iso_code": "FR-63", @@ -2467,6 +2469,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", @@ -2542,6 +2545,7 @@ "destination.geo.city_name": "Riga", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "LV", + "destination.geo.country_name": "Latvia", "destination.geo.location.lat": 56.9496, "destination.geo.location.lon": 24.0978, "destination.geo.region_iso_code": "LV-RIX", @@ -2927,6 +2931,7 @@ "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", "source.geo.location.lat": 51.5888, "source.geo.location.lon": -0.0247, "source.geo.region_iso_code": "GB-ENG", @@ -2946,6 +2951,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5888, "destination.geo.location.lon": -0.0247, "destination.geo.region_iso_code": "GB-ENG", @@ -3029,6 +3035,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "8.8.8.8", @@ -3075,6 +3082,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "8.8.8.8", @@ -3093,6 +3101,7 @@ "destination.geo.city_name": "Stoke Newington", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5638, "destination.geo.location.lon": -0.0765, "destination.geo.region_iso_code": "GB-HCK", @@ -3139,6 +3148,7 @@ "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", + "source.geo.country_name": "Ireland", "source.geo.location.lat": 53.3338, "source.geo.location.lon": -6.2488, "source.geo.region_iso_code": "IE-L", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index 94f2b616d27..a57299252ca 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -509,6 +509,7 @@ "destination.address": "1.2.33.40", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "CN", + "destination.geo.country_name": "China", "destination.geo.location.lat": 23.1167, "destination.geo.location.lon": 113.25, "destination.geo.region_iso_code": "CN-GD", diff --git a/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json index bb691462f78..e86dd81aead 100644 --- a/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json @@ -35,6 +35,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", diff --git a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json index 37efb99f483..b7b065dea1c 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json @@ -39,6 +39,7 @@ "destination.bytes": 145, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -147,6 +148,7 @@ "destination.bytes": 193, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -253,6 +255,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -361,6 +364,7 @@ "destination.bytes": 200, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -468,6 +472,7 @@ "destination.bytes": 193, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -574,6 +579,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -683,6 +689,7 @@ "destination.bytes": 199, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -789,6 +796,7 @@ "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -896,6 +904,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1004,6 +1013,7 @@ "destination.bytes": 722, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1111,6 +1121,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6109, "destination.geo.location.lon": -122.3303, "destination.geo.region_iso_code": "US-WA", @@ -1217,6 +1228,7 @@ "destination.bytes": 313, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1322,6 +1334,7 @@ "destination.bytes": 180, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 48.8582, "destination.geo.location.lon": 2.3387, "destination.ip": "9.9.9.9", @@ -1428,6 +1441,7 @@ "destination.bytes": 108, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 48.8582, "destination.geo.location.lon": 2.3387, "destination.ip": "9.9.9.9", @@ -1535,6 +1549,7 @@ "destination.bytes": 162, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 48.8582, "destination.geo.location.lon": 2.3387, "destination.ip": "9.9.9.9", @@ -1643,6 +1658,7 @@ "destination.bytes": 199, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1749,6 +1765,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1855,6 +1872,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1961,6 +1979,7 @@ "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2066,6 +2085,7 @@ "destination.bytes": 131, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2173,6 +2193,7 @@ "destination.bytes": 722, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json index 3cef5df9a0f..7490bc1ac57 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -217,6 +217,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -321,6 +322,7 @@ "destination.bytes": 314, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -422,6 +424,7 @@ "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 50.1188, "destination.geo.location.lon": 8.6843, "destination.geo.region_iso_code": "DE-HE", @@ -526,6 +529,7 @@ "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 50.1188, "destination.geo.location.lon": 8.6843, "destination.geo.region_iso_code": "DE-HE", @@ -633,6 +637,7 @@ "destination.geo.city_name": "Magdeburg", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 52.1333, "destination.geo.location.lon": 11.6167, "destination.geo.region_iso_code": "DE-ST", @@ -736,6 +741,7 @@ "destination.geo.city_name": "Magdeburg", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 52.1333, "destination.geo.location.lon": 11.6167, "destination.geo.region_iso_code": "DE-ST", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json index 8ab3e55fc87..135a2979210 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json @@ -581,6 +581,7 @@ "destination.geo.city_name": "Magdeburg", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 52.1333, "destination.geo.location.lon": 11.6167, "destination.geo.region_iso_code": "DE-ST", @@ -763,6 +764,7 @@ "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 50.1188, "destination.geo.location.lon": 8.6843, "destination.geo.region_iso_code": "DE-HE", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json index 73ab6378da1..0b669eb5dff 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json @@ -44,6 +44,7 @@ "destination.bytes": 246, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 48.8582, "destination.geo.location.lon": 2.3387, "destination.ip": "2.2.2.2", @@ -102,6 +103,7 @@ "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 47.6348, "source.geo.location.lon": -122.3451, "source.geo.region_iso_code": "US-WA", diff --git a/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json b/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json index 3485b3ff583..0695d3730aa 100644 --- a/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json +++ b/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json @@ -331,6 +331,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.10.46", @@ -828,6 +829,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.10.46", @@ -1022,6 +1024,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.10.46", @@ -1122,6 +1125,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1210,6 +1214,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "8.8.8.8", @@ -1296,6 +1301,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.10.46", @@ -1537,6 +1543,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.10.46", diff --git a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json index beeffa9b5eb..93b25705912 100644 --- a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json @@ -122,8 +122,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.155.236.240", - "10.112.46.169" + "10.112.46.169", + "10.155.236.240" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -345,8 +345,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.134.0.141", - "10.210.213.18" + "10.210.213.18", + "10.134.0.141" ], "rsa.internal.event_desc": "atquovosecurity_event iumto", "rsa.internal.messageid": "security_event", @@ -519,8 +519,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.85.10.165", - "10.53.150.119" + "10.53.150.119", + "10.85.10.165" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -623,8 +623,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.205.47.51", - "10.219.84.37" + "10.219.84.37", + "10.205.47.51" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -831,8 +831,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.31.77.157", - "10.12.182.70" + "10.12.182.70", + "10.31.77.157" ], "rsa.internal.event_desc": "uiac security_event epte", "rsa.internal.messageid": "security_event", @@ -896,8 +896,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.135.217.12", - "10.93.68.231" + "10.93.68.231", + "10.135.217.12" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -960,8 +960,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.247.30.212", - "10.66.89.5" + "10.66.89.5", + "10.247.30.212" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -1064,8 +1064,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.54.37.86", - "10.58.64.108" + "10.58.64.108", + "10.54.37.86" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -1142,8 +1142,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.183.44.198", - "10.0.200.27" + "10.0.200.27", + "10.183.44.198" ], "rsa.internal.event_desc": "uradi security_event tot", "rsa.internal.messageid": "security_event", @@ -1177,8 +1177,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.148.124.84", - "10.28.144.180" + "10.28.144.180", + "10.148.124.84" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -1215,8 +1215,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.98.194.212", - "10.204.230.166" + "10.204.230.166", + "10.98.194.212" ], "rsa.counters.dclass_r1": "enimadmi", "rsa.internal.messageid": "events", @@ -1312,8 +1312,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.150.245.88", - "10.242.77.170" + "10.242.77.170", + "10.150.245.88" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -1447,8 +1447,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.230.6.127", - "10.111.157.56" + "10.111.157.56", + "10.230.6.127" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -1486,8 +1486,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.179.40.170", - "10.193.219.34" + "10.193.219.34", + "10.179.40.170" ], "rsa.counters.dclass_r1": "emip", "rsa.internal.messageid": "events", @@ -1638,8 +1638,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.124.63.4", - "10.90.99.245" + "10.90.99.245", + "10.124.63.4" ], "rsa.internal.event_desc": "etconsec", "rsa.internal.messageid": "security_event", @@ -1733,8 +1733,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.196.96.162", - "10.81.234.34" + "10.81.234.34", + "10.196.96.162" ], "rsa.internal.event_desc": "Utenima security_event iqua", "rsa.internal.messageid": "security_event", @@ -1903,8 +1903,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.86.188.179", - "10.201.168.116" + "10.201.168.116", + "10.86.188.179" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -2011,8 +2011,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.120.4.9", - "10.97.46.16" + "10.97.46.16", + "10.120.4.9" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2084,8 +2084,8 @@ "uames4985.mail.localdomain" ], "related.ip": [ - "10.150.163.151", - "10.144.57.239" + "10.144.57.239", + "10.150.163.151" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -2126,8 +2126,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.54.44.231", - "10.52.202.158" + "10.52.202.158", + "10.54.44.231" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2252,8 +2252,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.2.110.73", - "10.103.49.129" + "10.103.49.129", + "10.2.110.73" ], "rsa.counters.dclass_r1": "orumS", "rsa.internal.messageid": "events", @@ -2292,8 +2292,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.132.176.96", - "10.158.61.228" + "10.158.61.228", + "10.132.176.96" ], "rsa.counters.dclass_r1": "eserun", "rsa.internal.messageid": "events", @@ -2333,8 +2333,8 @@ "lors2232.api.example" ], "related.ip": [ - "10.46.217.155", - "10.105.136.146" + "10.105.136.146", + "10.46.217.155" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -2374,8 +2374,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.123.62.215", - "10.245.199.23" + "10.245.199.23", + "10.123.62.215" ], "rsa.db.index": "iusmodt", "rsa.internal.messageid": "flows", @@ -2480,8 +2480,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.246.152.72", - "10.34.62.190" + "10.34.62.190", + "10.246.152.72" ], "rsa.internal.event_desc": "Nem", "rsa.internal.messageid": "security_event", @@ -2758,8 +2758,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.65.0.157", - "10.17.111.91" + "10.17.111.91", + "10.65.0.157" ], "rsa.db.index": "nostrum", "rsa.internal.messageid": "flows", @@ -2893,8 +2893,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.199.103.185", - "10.51.121.223" + "10.51.121.223", + "10.199.103.185" ], "rsa.internal.event_desc": "dipi security_event ecatc", "rsa.internal.messageid": "security_event", @@ -2988,8 +2988,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.113.152.241", - "10.121.37.244" + "10.121.37.244", + "10.113.152.241" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -3067,8 +3067,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.200.98.243", - "10.101.13.122" + "10.101.13.122", + "10.200.98.243" ], "rsa.counters.dclass_r1": "uteirur", "rsa.internal.messageid": "events", @@ -3143,8 +3143,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.147.165.30", - "10.195.90.73" + "10.195.90.73", + "10.147.165.30" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -3206,8 +3206,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.162.202.14", - "10.137.166.97" + "10.137.166.97", + "10.162.202.14" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -3330,8 +3330,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.75.122.111", - "10.85.59.172" + "10.85.59.172", + "10.75.122.111" ], "rsa.counters.dclass_r1": "sequat", "rsa.internal.messageid": "events", diff --git a/x-pack/filebeat/module/citrix/netscaler/test/generated.log-expected.json b/x-pack/filebeat/module/citrix/netscaler/test/generated.log-expected.json index cb772d91268..837f7b744a7 100644 --- a/x-pack/filebeat/module/citrix/netscaler/test/generated.log-expected.json +++ b/x-pack/filebeat/module/citrix/netscaler/test/generated.log-expected.json @@ -101,8 +101,8 @@ "observer.type": "Firewall", "observer.vendor": "Citrix", "related.ip": [ - "10.72.11.247", - "10.134.175.248" + "10.134.175.248", + "10.72.11.247" ], "rsa.counters.dclass_c1": 1279, "rsa.db.index": "antium", @@ -185,10 +185,10 @@ "observer.vendor": "Citrix", "related.ip": [ "10.96.119.12", + "10.156.210.168", "10.21.92.218", - "10.83.234.60", "10.109.68.21", - "10.156.210.168" + "10.83.234.60" ], "related.user": [ "picia" @@ -1332,11 +1332,11 @@ "observer.type": "Firewall", "observer.vendor": "Citrix", "related.ip": [ - "10.45.114.111", - "10.180.83.140", - "10.243.226.122", "10.117.94.131", - "10.3.23.172" + "10.180.83.140", + "10.3.23.172", + "10.45.114.111", + "10.243.226.122" ], "related.user": [ "ehender" @@ -2085,8 +2085,8 @@ "observer.vendor": "Citrix", "related.ip": [ "10.225.146.5", - "10.41.65.89", - "10.80.5.101" + "10.80.5.101", + "10.41.65.89" ], "related.user": [ "picia" @@ -2209,8 +2209,8 @@ "observer.vendor": "Citrix", "related.ip": [ "10.33.231.173", - "10.183.26.222", - "10.22.34.206" + "10.22.34.206", + "10.183.26.222" ], "related.user": [ "abill" @@ -2585,10 +2585,10 @@ "observer.vendor": "Citrix", "related.ip": [ "10.148.244.55", + "10.76.129.136", "10.133.153.174", - "10.8.82.22", "10.113.135.78", - "10.76.129.136" + "10.8.82.22" ], "related.user": [ "asiar" @@ -2662,8 +2662,8 @@ "rsa.db.index": "aturE", "rsa.internal.messageid": "APPFW_REFERER_HEADER", "rsa.misc.action": [ - "remip", - "cancel" + "cancel", + "remip" ], "rsa.misc.policy_name": "oNemoeni", "rsa.misc.rule": "citation", @@ -2938,9 +2938,9 @@ "observer.vendor": "Citrix", "related.ip": [ "10.29.202.248", - "10.161.218.47", + "10.206.5.50", "10.247.251.223", - "10.206.5.50" + "10.161.218.47" ], "rsa.internal.event_desc": "A Server side and a Client side TCP connection is delinked. This is not tracked by Netscaler", "rsa.internal.messageid": "TCP_OTHERCONN_DELINK", @@ -3076,8 +3076,8 @@ "observer.type": "Firewall", "observer.vendor": "Citrix", "related.ip": [ - "10.148.72.78", - "10.37.99.189" + "10.37.99.189", + "10.148.72.78" ], "rsa.crypto.cipher_src": "ritatis", "rsa.crypto.ssl_ver_src": "ugitsed", diff --git a/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json b/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json index 2bf31b06a52..4056ed473ca 100644 --- a/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json @@ -20,9 +20,9 @@ "10.208.15.216" ], "related.user": [ - "quasiarc", "itv", - "utl" + "utl", + "quasiarc" ], "rsa.db.index": "nes", "rsa.internal.event_desc": "pexe", @@ -71,9 +71,9 @@ "10.175.75.18" ], "related.user": [ + "dolore", "nnumqu", - "orev", - "dolore" + "orev" ], "rsa.db.database": "umdo", "rsa.db.index": "vol", @@ -130,8 +130,8 @@ "anti4454.api.example" ], "related.ip": [ - "10.51.132.10", - "10.46.185.46" + "10.46.185.46", + "10.51.132.10" ], "related.user": [ "incid", @@ -197,9 +197,9 @@ "10.53.192.140" ], "related.user": [ - "psumquia", + "atcup", "ptass", - "atcup" + "psumquia" ], "rsa.db.database": "aperi", "rsa.db.index": "llumd", @@ -253,9 +253,9 @@ "10.81.199.122" ], "related.user": [ - "oremips", + "eos", "giatq", - "eos" + "oremips" ], "rsa.db.index": "tempo", "rsa.internal.event_desc": "uian", @@ -300,13 +300,13 @@ "temq1198.internal.example" ], "related.ip": [ - "10.139.186.201", - "10.172.14.142" + "10.172.14.142", + "10.139.186.201" ], "related.user": [ + "uam", "tcupida", - "aboris", - "uam" + "aboris" ], "rsa.db.database": "isiu", "rsa.db.index": "iatisu", @@ -363,13 +363,13 @@ "tenbyCic5882.api.home" ], "related.ip": [ - "10.104.111.129", - "10.47.76.251" + "10.47.76.251", + "10.104.111.129" ], "related.user": [ - "ele", "etconsec", - "ipis" + "ipis", + "ele" ], "rsa.db.database": "riat", "rsa.db.index": "umdolor", @@ -423,9 +423,9 @@ "10.116.120.216" ], "related.user": [ + "quiratio", "umdo", - "animi", - "quiratio" + "animi" ], "rsa.db.index": "oll", "rsa.internal.event_desc": "rumet", @@ -474,9 +474,9 @@ "10.62.54.220" ], "related.user": [ - "taevi", "psum", - "rnatura" + "rnatura", + "taevi" ], "rsa.db.database": "emeumfug", "rsa.db.index": "omn", @@ -530,9 +530,9 @@ "10.74.237.180" ], "related.user": [ - "tnon", "ema", - "cup" + "cup", + "tnon" ], "rsa.db.index": "remeumf", "rsa.internal.event_desc": "lup", @@ -574,8 +574,8 @@ "10.18.165.35" ], "related.user": [ - "modocons", "remeum", + "modocons", "lor" ], "rsa.db.index": "etM", @@ -618,9 +618,9 @@ "10.74.253.127" ], "related.user": [ + "onproide", "icab", - "tema", - "onproide" + "tema" ], "rsa.db.index": "mqui", "rsa.internal.event_desc": "eomnisis", @@ -664,8 +664,8 @@ "tlabo6088.www.localdomain" ], "related.ip": [ - "10.92.8.15", - "10.189.109.245" + "10.189.109.245", + "10.92.8.15" ], "related.user": [ "inima", @@ -722,9 +722,9 @@ "10.21.78.128" ], "related.user": [ - "upt", + "giatquov", "taut", - "giatquov" + "upt" ], "rsa.db.index": "iadese", "rsa.internal.event_desc": "deFinibu", @@ -766,9 +766,9 @@ "10.18.109.121" ], "related.user": [ - "pida", "hil", - "tatn" + "tatn", + "pida" ], "rsa.db.index": "quip", "rsa.internal.event_desc": "ecillu", @@ -813,13 +813,13 @@ "iavolu5352.localhost" ], "related.ip": [ - "10.63.37.192", - "10.225.115.13" + "10.225.115.13", + "10.63.37.192" ], "related.user": [ "iunt", - "reetd", - "equep" + "equep", + "reetd" ], "rsa.db.database": "aliqu", "rsa.db.index": "mipsumd", @@ -876,13 +876,13 @@ "estiae3750.api.corp" ], "related.ip": [ - "10.47.202.102", - "10.95.64.124" + "10.95.64.124", + "10.47.202.102" ], "related.user": [ "run", - "ice", - "ntor" + "ntor", + "ice" ], "rsa.db.database": "ite", "rsa.db.index": "iquipex", @@ -999,13 +999,13 @@ "etMalor4236.www5.host" ], "related.ip": [ - "10.53.168.235", - "10.125.160.129" + "10.125.160.129", + "10.53.168.235" ], "related.user": [ "abi", - "one", - "ione" + "ione", + "one" ], "rsa.db.database": "sperna", "rsa.db.index": "estia", @@ -1066,9 +1066,9 @@ "10.227.177.121" ], "related.user": [ - "iduntu", "liqui", - "tasuntex" + "tasuntex", + "iduntu" ], "rsa.db.database": "rvel", "rsa.db.index": "onsecte", @@ -1129,8 +1129,8 @@ "nsecte3304.mail.corp" ], "related.ip": [ - "10.98.182.220", - "10.167.85.181" + "10.167.85.181", + "10.98.182.220" ], "related.user": [ "fde", @@ -1189,9 +1189,9 @@ "10.89.208.95" ], "related.user": [ + "iciadese", "icabo", - "sintoc", - "iciadese" + "sintoc" ], "rsa.db.index": "eni", "rsa.internal.event_desc": "rcitati", @@ -1236,13 +1236,13 @@ "nevo4284.internal.local" ], "related.ip": [ - "10.72.148.32", - "10.214.191.180" + "10.214.191.180", + "10.72.148.32" ], "related.user": [ + "uteirure", "tDuisaut", - "luptatev", - "uteirure" + "luptatev" ], "rsa.db.database": "uamest", "rsa.db.index": "uae", @@ -1299,13 +1299,13 @@ "itas981.mail.domain" ], "related.ip": [ - "10.252.124.150", - "10.136.190.236" + "10.136.190.236", + "10.252.124.150" ], "related.user": [ - "ipsumd", + "com", "litessec", - "com" + "ipsumd" ], "rsa.db.database": "tasn", "rsa.db.index": "squirati", @@ -1424,12 +1424,12 @@ "rQuisau5300.www5.example" ], "related.ip": [ - "10.154.4.197", - "10.216.84.30" + "10.216.84.30", + "10.154.4.197" ], "related.user": [ - "untu", - "intoc" + "intoc", + "untu" ], "rsa.db.database": "oditem", "rsa.db.index": "borios", @@ -1529,13 +1529,13 @@ "uamei2389.internal.example" ], "related.ip": [ - "10.65.175.9", - "10.193.83.81" + "10.193.83.81", + "10.65.175.9" ], "related.user": [ - "umqu", "ritatise", - "essequam" + "essequam", + "umqu" ], "rsa.db.database": "ender", "rsa.db.index": "entorev", @@ -1589,9 +1589,9 @@ "10.205.72.243" ], "related.user": [ - "umdolo", "isiuta", - "tatn" + "tatn", + "umdolo" ], "rsa.db.index": "proide", "rsa.internal.event_desc": "ameiusm", @@ -1633,8 +1633,8 @@ "10.107.9.163" ], "related.user": [ - "mquisno", "sit", + "mquisno", "mac" ], "rsa.db.index": "sit", @@ -1677,9 +1677,9 @@ "10.80.101.72" ], "related.user": [ - "asiarc", + "umSe", "quidexea", - "umSe" + "asiarc" ], "rsa.db.index": "veli", "rsa.internal.event_desc": "quatu", @@ -1728,8 +1728,8 @@ "10.39.10.155" ], "related.user": [ - "aboreetd", "urExcept", + "aboreetd", "ptass" ], "rsa.db.database": "teirured", @@ -1828,9 +1828,9 @@ "10.71.238.250" ], "related.user": [ - "reseo", + "moenimi", "aec", - "moenimi" + "reseo" ], "rsa.db.index": "mac", "rsa.internal.event_desc": "quamest", @@ -1875,13 +1875,13 @@ "rum5798.home" ], "related.ip": [ - "10.226.101.180", - "10.226.20.199" + "10.226.20.199", + "10.226.101.180" ], "related.user": [ + "ritt", "rationev", - "veniamqu", - "ritt" + "veniamqu" ], "rsa.db.database": "conse", "rsa.db.index": "imveniam", @@ -1944,8 +1944,8 @@ ], "related.user": [ "quaUten", - "cab", - "utaliqu" + "utaliqu", + "cab" ], "rsa.db.database": "isciv", "rsa.db.index": "nofd", @@ -2002,9 +2002,9 @@ "10.70.147.120" ], "related.user": [ + "cidunt", "tten", - "emqu", - "cidunt" + "emqu" ], "rsa.db.index": "eaqu", "rsa.internal.event_desc": "quidol", @@ -2049,12 +2049,12 @@ "tesse1089.www.host" ], "related.ip": [ - "10.178.242.100", - "10.24.111.229" + "10.24.111.229", + "10.178.242.100" ], "related.user": [ - "loi", "dqu", + "loi", "idid" ], "rsa.db.database": "tenatuse", @@ -2110,8 +2110,8 @@ ], "related.user": [ "ritati", - "mmodoc", - "untincul" + "untincul", + "mmodoc" ], "rsa.db.index": "emvele", "rsa.internal.event_desc": "oluptas", @@ -2153,9 +2153,9 @@ "10.30.243.163" ], "related.user": [ + "illu", "mven", - "dolore", - "illu" + "dolore" ], "rsa.db.index": "idol", "rsa.internal.event_desc": "lore", @@ -2204,9 +2204,9 @@ "10.6.79.159" ], "related.user": [ - "midestl", + "amvo", "quid", - "amvo" + "midestl" ], "rsa.db.database": "urExce", "rsa.db.index": "ectiono", @@ -2263,13 +2263,13 @@ "aecatcup2241.www5.test" ], "related.ip": [ - "10.237.170.202", - "10.70.147.46" + "10.70.147.46", + "10.237.170.202" ], "related.user": [ "liquide", - "atDu", - "rcit" + "rcit", + "atDu" ], "rsa.db.database": "taedict", "rsa.db.index": "loremeu", @@ -2326,13 +2326,13 @@ "mad5185.www5.localhost" ], "related.ip": [ - "10.228.118.81", - "10.179.50.138" + "10.179.50.138", + "10.228.118.81" ], "related.user": [ "emoe", - "itasper", - "tatemU" + "tatemU", + "itasper" ], "rsa.db.database": "toditaut", "rsa.db.index": "ugit", @@ -2393,9 +2393,9 @@ "10.234.165.130" ], "related.user": [ + "henderit", "emip", - "iuntNequ", - "henderit" + "iuntNequ" ], "rsa.db.database": "veniamqu", "rsa.db.index": "atquo", @@ -2449,8 +2449,8 @@ "10.199.5.49" ], "related.user": [ - "turadipi", "emip", + "turadipi", "olorema" ], "rsa.db.index": "ataevi", @@ -2544,9 +2544,9 @@ "10.120.167.217" ], "related.user": [ - "animid", "dolorem", - "rsp" + "rsp", + "animid" ], "rsa.db.database": "tsuntinc", "rsa.db.index": "quovo", @@ -2603,13 +2603,13 @@ "mporainc2064.home" ], "related.ip": [ - "10.117.137.159", - "10.141.213.219" + "10.141.213.219", + "10.117.137.159" ], "related.user": [ "accusa", - "ate", - "atev" + "atev", + "ate" ], "rsa.db.database": "nibus", "rsa.db.index": "ser", @@ -2671,8 +2671,8 @@ ], "related.user": [ "eavol", - "rem", - "etconsec" + "etconsec", + "rem" ], "rsa.db.database": "oditempo", "rsa.db.index": "deF", @@ -2735,8 +2735,8 @@ "10.38.28.151" ], "related.user": [ - "tiumto", "incidid", + "tiumto", "mipsumqu" ], "rsa.db.database": "abor", @@ -2796,13 +2796,13 @@ "dolori6232.api.invalid" ], "related.ip": [ - "10.255.28.56", - "10.214.245.95" + "10.214.245.95", + "10.255.28.56" ], "related.user": [ "umdolors", - "uptatem", - "rerepre" + "rerepre", + "uptatem" ], "rsa.db.database": "odt", "rsa.db.index": "riosa", @@ -2856,8 +2856,8 @@ "10.45.35.180" ], "related.user": [ - "mip", "Utenima", + "mip", "qui" ], "rsa.db.index": "boree", @@ -2900,9 +2900,9 @@ "10.141.200.133" ], "related.user": [ - "enim", "iame", - "ess" + "ess", + "enim" ], "rsa.db.index": "nofdeFi", "rsa.internal.event_desc": "isnostru", @@ -2944,9 +2944,9 @@ "10.83.238.145" ], "related.user": [ - "ugi", + "runtmo", "illoi", - "runtmo" + "ugi" ], "rsa.db.index": "eetdo", "rsa.internal.event_desc": "quaer", @@ -2995,9 +2995,9 @@ "10.39.143.155" ], "related.user": [ + "sedquiac", "tem", - "tperspic", - "sedquiac" + "tperspic" ], "rsa.db.database": "radipis", "rsa.db.index": "nse", @@ -3059,8 +3059,8 @@ ], "related.user": [ "minim", - "unt", - "CSe" + "CSe", + "unt" ], "rsa.db.database": "atu", "rsa.db.index": "roi", @@ -3117,13 +3117,13 @@ "olu5333.www.domain" ], "related.ip": [ - "10.168.132.175", - "10.210.61.109" + "10.210.61.109", + "10.168.132.175" ], "related.user": [ + "eursinto", "giatquov", - "iamea", - "eursinto" + "iamea" ], "rsa.db.database": "ici", "rsa.db.index": "iquaUt", @@ -3223,8 +3223,8 @@ ], "related.user": [ "oeni", - "etquasia", - "xplic" + "xplic", + "etquasia" ], "rsa.db.index": "hend", "rsa.internal.event_desc": "piscivel", @@ -3271,8 +3271,8 @@ ], "related.user": [ "rsitvol", - "iati", - "Nemoenim" + "Nemoenim", + "iati" ], "rsa.db.index": "eFini", "rsa.internal.event_desc": "acom", @@ -3322,8 +3322,8 @@ ], "related.user": [ "orissu", - "eufug", - "ine" + "ine", + "eufug" ], "rsa.db.database": "stquidol", "rsa.db.index": "imadmini", @@ -3377,9 +3377,9 @@ "10.70.83.200" ], "related.user": [ - "ihilmole", + "metco", "riat", - "metco" + "ihilmole" ], "rsa.db.index": "urQuis", "rsa.internal.event_desc": "iutaliq", @@ -3491,9 +3491,9 @@ "10.52.150.104" ], "related.user": [ - "texplica", "eritq", - "oinBCSed" + "oinBCSed", + "texplica" ], "rsa.db.database": "lit", "rsa.db.index": "ritati", @@ -3554,9 +3554,9 @@ "10.61.175.217" ], "related.user": [ + "runtm", "ntexpl", - "tat", - "runtm" + "tat" ], "rsa.db.database": "rere", "rsa.db.index": "nonn", @@ -3610,9 +3610,9 @@ "10.150.30.95" ], "related.user": [ - "atnonpr", + "mini", "uisnos", - "mini" + "atnonpr" ], "rsa.db.index": "smod", "rsa.internal.event_desc": "isn", @@ -3654,8 +3654,8 @@ "10.98.71.45" ], "related.user": [ - "CSe", "fugitse", + "CSe", "onse" ], "rsa.db.index": "Dui", @@ -3698,9 +3698,9 @@ "10.252.251.143" ], "related.user": [ + "nonn", "remq", - "rspic", - "nonn" + "rspic" ], "rsa.db.index": "nre", "rsa.internal.event_desc": "tev", @@ -3742,8 +3742,8 @@ "10.197.203.167" ], "related.user": [ - "uta", "iumdo", + "uta", "eserun" ], "rsa.db.index": "smo", @@ -3786,9 +3786,9 @@ "10.187.170.23" ], "related.user": [ + "ibusBo", "sectetu", - "enima", - "ibusBo" + "enima" ], "rsa.db.index": "uido", "rsa.internal.event_desc": "lab", @@ -3833,13 +3833,13 @@ "involu1450.www.localhost" ], "related.ip": [ - "10.250.248.215", - "10.123.62.215" + "10.123.62.215", + "10.250.248.215" ], "related.user": [ "aevitaed", - "quaeratv", - "tinculpa" + "tinculpa", + "quaeratv" ], "rsa.db.database": "lica", "rsa.db.index": "uisnos", @@ -3997,9 +3997,9 @@ "10.154.172.82" ], "related.user": [ + "onnumqua", "nesci", - "tetura", - "onnumqua" + "tetura" ], "rsa.db.index": "oinBCSed", "rsa.internal.event_desc": "ntor", @@ -4041,9 +4041,9 @@ "10.47.63.70" ], "related.user": [ - "expl", "tpers", - "midestl" + "midestl", + "expl" ], "rsa.db.index": "olu", "rsa.internal.event_desc": "odocons", @@ -4085,9 +4085,9 @@ "10.178.160.245" ], "related.user": [ + "fdeFinib", "turQuis", - "olupta", - "fdeFinib" + "olupta" ], "rsa.db.index": "rsint", "rsa.internal.event_desc": "odico", @@ -4195,13 +4195,13 @@ "nimve2787.mail.test" ], "related.ip": [ - "10.222.32.183", - "10.65.207.234" + "10.65.207.234", + "10.222.32.183" ], "related.user": [ + "eve", "itame", - "eruntmo", - "eve" + "eruntmo" ], "rsa.db.database": "udexerc", "rsa.db.index": "volup", @@ -4255,8 +4255,8 @@ "10.16.181.60" ], "related.user": [ - "oinven", "gnama", + "oinven", "olore" ], "rsa.db.index": "uatu", @@ -4299,9 +4299,9 @@ "10.91.213.82" ], "related.user": [ - "illoin", "amnis", - "uianon" + "uianon", + "illoin" ], "rsa.db.index": "ons", "rsa.internal.event_desc": "temaccus", @@ -4343,9 +4343,9 @@ "10.204.214.98" ], "related.user": [ + "porissus", "tdolo", - "eprehe", - "porissus" + "eprehe" ], "rsa.db.index": "abo", "rsa.internal.event_desc": "ecte", @@ -4388,8 +4388,8 @@ ], "related.user": [ "etc", - "moenimip", - "evel" + "evel", + "moenimip" ], "rsa.db.index": "iarchit", "rsa.internal.event_desc": "apari", @@ -4434,13 +4434,13 @@ "ama6820.mail.example" ], "related.ip": [ - "10.26.33.181", - "10.26.137.126" + "10.26.137.126", + "10.26.33.181" ], "related.user": [ - "audant", + "taevit", "ati", - "taevit" + "audant" ], "rsa.db.database": "com", "rsa.db.index": "mveni", @@ -4497,13 +4497,13 @@ "olupt966.www5.corp" ], "related.ip": [ - "10.142.161.116", - "10.148.195.208" + "10.148.195.208", + "10.142.161.116" ], "related.user": [ - "mpori", "isi", - "quaerat" + "quaerat", + "mpori" ], "rsa.db.database": "squamest", "rsa.db.index": "pteu", @@ -4560,13 +4560,13 @@ "lit4112.www.localhost" ], "related.ip": [ - "10.10.174.253", - "10.107.24.54" + "10.107.24.54", + "10.10.174.253" ], "related.user": [ - "hend", + "itinvo", "uptasn", - "itinvo" + "hend" ], "rsa.db.database": "lup", "rsa.db.index": "isau", @@ -4621,8 +4621,8 @@ "10.87.92.17" ], "related.user": [ - "tamr", "luptate", + "tamr", "eeufug" ], "rsa.db.index": "oreeufug", @@ -4672,13 +4672,13 @@ "dictasun3408.internal.invalid" ], "related.ip": [ - "10.161.51.135", - "10.231.51.136" + "10.231.51.136", + "10.161.51.135" ], "related.user": [ "Finibus", - "asper", - "accus" + "accus", + "asper" ], "rsa.db.database": "litani", "rsa.db.index": "arch", @@ -4732,9 +4732,9 @@ "10.51.17.32" ], "related.user": [ + "itten", "mquido", - "llum", - "itten" + "llum" ], "rsa.db.index": "uscipit", "rsa.internal.event_desc": "llitani", @@ -4776,9 +4776,9 @@ "10.108.123.148" ], "related.user": [ - "cusa", + "ollita", "mmodicon", - "ollita" + "cusa" ], "rsa.db.index": "ercitati", "rsa.internal.event_desc": "pteurs", @@ -4828,8 +4828,8 @@ "10.198.187.144" ], "related.user": [ - "rsitamet", "equatD", + "rsitamet", "ons" ], "rsa.db.database": "periam", @@ -4888,9 +4888,9 @@ "10.61.140.120" ], "related.user": [ - "naaliq", "loru", - "equa" + "equa", + "naaliq" ], "rsa.db.index": "umfugiat", "rsa.internal.event_desc": "ora", @@ -4939,9 +4939,9 @@ "10.93.24.151" ], "related.user": [ - "sequamn", "ite", - "nven" + "nven", + "sequamn" ], "rsa.db.database": "fugi", "rsa.db.index": "nesciu", @@ -4995,9 +4995,9 @@ "10.101.45.225" ], "related.user": [ - "cipitla", "emi", - "uinesc" + "uinesc", + "cipitla" ], "rsa.db.index": "caecat", "rsa.internal.event_desc": "tsunt", @@ -5088,9 +5088,9 @@ "10.33.112.100" ], "related.user": [ - "ptatemse", "aliqu", - "enimad" + "enimad", + "ptatemse" ], "rsa.db.index": "Except", "rsa.internal.event_desc": "cons", @@ -5135,12 +5135,12 @@ "isno4595.local" ], "related.ip": [ - "10.151.110.250", - "10.94.152.238" + "10.94.152.238", + "10.151.110.250" ], "related.user": [ - "tla", "neavol", + "tla", "pidatatn" ], "rsa.db.database": "itaedict", @@ -5198,13 +5198,13 @@ "tatemse5403.home" ], "related.ip": [ - "10.146.61.5", - "10.77.9.17" + "10.77.9.17", + "10.146.61.5" ], "related.user": [ - "tevel", "umS", - "alorumwr" + "alorumwr", + "tevel" ], "rsa.db.database": "amremap", "rsa.db.index": "aqu", @@ -5305,8 +5305,8 @@ "reprehe650.www.corp" ], "related.ip": [ - "10.200.162.248", - "10.31.86.83" + "10.31.86.83", + "10.200.162.248" ], "related.user": [ "onnu", diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json index e6ca9516ad0..483625d8bea 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json @@ -7,6 +7,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json index 1c9482cefdb..703b5e977b3 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json @@ -140,6 +140,7 @@ "destination.as.organization.name": "Fastly", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "151.101.66.217", diff --git a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json index d1729062282..13fe3560c05 100644 --- a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json @@ -24,10 +24,10 @@ "tatemac3541.api.corp" ], "related.ip": [ + "10.208.121.85", "10.165.201.71", - "10.228.193.207", "10.11.196.142", - "10.208.121.85" + "10.228.193.207" ], "related.user": [ "billoi" @@ -93,9 +93,9 @@ ], "related.ip": [ "10.51.132.10", - "10.162.9.235", + "10.92.202.200", "10.94.67.230", - "10.92.202.200" + "10.162.9.235" ], "related.user": [ "byC" @@ -228,9 +228,9 @@ ], "related.ip": [ "10.12.44.169", - "10.202.66.28", + "10.131.233.27", "10.50.112.141", - "10.131.233.27" + "10.202.66.28" ], "related.user": [ "elits" @@ -296,9 +296,9 @@ ], "related.ip": [ "10.159.182.171", + "10.206.197.113", "10.151.111.38", - "10.96.35.212", - "10.206.197.113" + "10.96.35.212" ], "related.user": [ "mol" @@ -365,8 +365,8 @@ "related.ip": [ "10.126.177.162", "10.213.113.28", - "10.169.144.147", - "10.89.163.114" + "10.89.163.114", + "10.169.144.147" ], "related.user": [ "ist" @@ -430,10 +430,10 @@ "ittenbyC7838.api.localdomain" ], "related.ip": [ - "10.101.223.43", - "10.18.124.28", + "10.146.88.52", "10.103.107.47", - "10.146.88.52" + "10.101.223.43", + "10.18.124.28" ], "related.user": [ "rudexerc" @@ -498,8 +498,8 @@ "ume465.corp" ], "related.ip": [ - "10.150.220.75", "10.189.109.245", + "10.150.220.75", "10.69.57.206", "10.110.99.17" ], @@ -565,8 +565,8 @@ "iciatisu1463.www5.localdomain" ], "related.ip": [ - "10.199.34.241", "10.121.219.204", + "10.199.34.241", "10.153.136.222", "10.19.194.101" ], @@ -632,9 +632,9 @@ "aliqu6801.api.localdomain" ], "related.ip": [ - "10.57.103.192", "10.64.141.105", "10.46.27.57", + "10.57.103.192", "10.182.199.231" ], "related.user": [ @@ -699,10 +699,10 @@ "itame189.domain" ], "related.ip": [ - "10.32.67.231", - "10.3.134.237", + "10.164.6.207", "10.160.210.31", - "10.164.6.207" + "10.3.134.237", + "10.32.67.231" ], "related.user": [ "pic" @@ -768,8 +768,8 @@ ], "related.ip": [ "10.42.138.192", - "10.201.6.10", "10.235.101.253", + "10.201.6.10", "10.182.178.217" ], "related.user": [ @@ -835,9 +835,9 @@ "stlabo1228.mail.host" ], "related.ip": [ - "10.86.101.235", - "10.194.247.171", "10.151.161.70", + "10.194.247.171", + "10.86.101.235", "10.22.102.198" ], "related.user": [ @@ -904,9 +904,9 @@ ], "related.ip": [ "10.174.252.105", - "10.204.35.15", + "10.167.172.155", "10.107.168.60", - "10.167.172.155" + "10.204.35.15" ], "related.user": [ "mnisi" @@ -971,9 +971,9 @@ ], "related.ip": [ "10.99.249.210", + "10.214.249.164", "10.182.191.174", - "10.81.26.208", - "10.214.249.164" + "10.81.26.208" ], "related.user": [ "upta" @@ -1037,9 +1037,9 @@ "sauteiru4554.api.domain" ], "related.ip": [ + "10.220.5.143", "10.88.101.53", "10.201.238.90", - "10.220.5.143", "10.101.226.128" ], "related.user": [ @@ -1104,10 +1104,10 @@ "untut4046.internal.domain" ], "related.ip": [ - "10.243.218.215", - "10.217.150.196", + "10.30.133.66", "10.157.18.252", - "10.30.133.66" + "10.243.218.215", + "10.217.150.196" ], "related.user": [ "evit" @@ -1171,10 +1171,10 @@ "quid3147.mail.home" ], "related.ip": [ - "10.167.227.44", "10.181.133.187", "10.148.161.250", - "10.66.181.6" + "10.66.181.6", + "10.167.227.44" ], "related.user": [ "adipisc" @@ -1239,10 +1239,10 @@ "umdolo1029.mail.localhost" ], "related.ip": [ - "10.74.11.43", - "10.54.17.32", "10.84.163.178", - "10.107.9.163" + "10.107.9.163", + "10.54.17.32", + "10.74.11.43" ], "related.user": [ "mquisno" @@ -1307,9 +1307,9 @@ ], "related.ip": [ "10.230.129.252", - "10.184.73.211", + "10.112.32.213", "10.192.229.221", - "10.112.32.213" + "10.184.73.211" ], "related.user": [ "odi" @@ -1374,10 +1374,10 @@ "paquioff624.mail.invalid" ], "related.ip": [ - "10.161.148.64", + "10.198.213.189", "10.199.216.143", - "10.7.200.140", - "10.198.213.189" + "10.161.148.64", + "10.7.200.140" ], "related.user": [ "ccaeca" @@ -1441,10 +1441,10 @@ "mex2054.mail.corp" ], "related.ip": [ + "10.65.232.27", "10.206.96.56", - "10.22.187.69", "10.128.157.27", - "10.65.232.27" + "10.22.187.69" ], "related.user": [ "uaeab" @@ -1509,9 +1509,9 @@ ], "related.ip": [ "10.194.210.62", - "10.68.253.120", "10.183.130.225", - "10.71.114.14" + "10.71.114.14", + "10.68.253.120" ], "related.user": [ "admin" @@ -1576,10 +1576,10 @@ "loi7596.www5.home" ], "related.ip": [ - "10.47.255.237", - "10.45.253.103", "10.107.45.175", - "10.31.177.226" + "10.31.177.226", + "10.47.255.237", + "10.45.253.103" ], "related.user": [ "remagn" @@ -1644,10 +1644,10 @@ "nsequat1971.internal.invalid" ], "related.ip": [ + "10.225.212.189", "10.44.58.106", - "10.55.105.113", "10.213.94.135", - "10.225.212.189" + "10.55.105.113" ], "related.user": [ "dquia" @@ -1711,9 +1711,9 @@ "ectiono2241.lan" ], "related.ip": [ - "10.255.74.136", "10.69.161.78", "10.163.209.70", + "10.255.74.136", "10.2.114.9" ], "related.user": [ @@ -1778,10 +1778,10 @@ "umetMal1664.mail.lan" ], "related.ip": [ - "10.46.115.216", - "10.252.102.110", + "10.184.59.148", "10.12.129.137", - "10.184.59.148" + "10.46.115.216", + "10.252.102.110" ], "related.user": [ "perspici" @@ -1848,8 +1848,8 @@ "related.ip": [ "10.81.184.7", "10.199.194.79", - "10.155.204.243", - "10.105.52.140" + "10.105.52.140", + "10.155.204.243" ], "related.user": [ "eetd" @@ -1916,8 +1916,8 @@ "related.ip": [ "10.251.231.142", "10.177.238.45", - "10.18.226.72", - "10.110.2.166" + "10.110.2.166", + "10.18.226.72" ], "related.user": [ "taliqui" @@ -1982,10 +1982,10 @@ "iutali7297.www.domain" ], "related.ip": [ + "10.192.98.247", "10.99.202.229", - "10.100.199.226", "10.190.122.27", - "10.192.98.247" + "10.100.199.226" ], "related.user": [ "lloinven" @@ -2050,10 +2050,10 @@ "orumw5960.www5.home" ], "related.ip": [ + "10.172.154.97", "10.248.111.207", - "10.162.97.197", "10.37.193.70", - "10.172.154.97" + "10.162.97.197" ], "related.user": [ "culpaq" @@ -2117,10 +2117,10 @@ "oinv5493.internal.domain" ], "related.ip": [ + "10.36.63.31", "10.171.221.230", "10.222.165.250", - "10.45.35.180", - "10.36.63.31" + "10.45.35.180" ], "related.user": [ "otamr" @@ -2184,9 +2184,9 @@ "tnonproi195.api.home" ], "related.ip": [ - "10.1.171.61", - "10.199.127.211", "10.83.238.145", + "10.199.127.211", + "10.1.171.61", "10.238.4.219" ], "related.user": [ @@ -2252,9 +2252,9 @@ ], "related.ip": [ "10.170.252.219", - "10.65.141.244", + "10.44.226.104", "10.74.213.42", - "10.44.226.104" + "10.65.141.244" ], "related.user": [ "Nequepo" @@ -2385,10 +2385,10 @@ "redo6311.api.invalid" ], "related.ip": [ - "10.176.64.28", + "10.169.123.103", "10.97.138.181", "10.205.174.181", - "10.169.123.103" + "10.176.64.28" ], "related.user": [ "eseruntm" @@ -2453,10 +2453,10 @@ "dolorem1698.www.domain" ], "related.ip": [ + "10.204.4.40", "10.75.120.11", - "10.169.101.161", "10.53.101.131", - "10.204.4.40" + "10.169.101.161" ], "related.user": [ "tquo" @@ -2521,10 +2521,10 @@ "evitae7333.www.lan" ], "related.ip": [ - "10.156.117.169", "10.28.51.219", - "10.6.222.112", - "10.87.120.87" + "10.156.117.169", + "10.87.120.87", + "10.6.222.112" ], "related.user": [ "onsequu" @@ -2589,9 +2589,9 @@ ], "related.ip": [ "10.247.44.59", + "10.4.126.103", "10.57.89.155", - "10.253.167.17", - "10.4.126.103" + "10.253.167.17" ], "related.user": [ "ntorever" @@ -2655,10 +2655,10 @@ "olorsi2746.internal.localhost" ], "related.ip": [ - "10.36.69.125", "10.15.240.220", + "10.143.183.208", "10.248.206.210", - "10.143.183.208" + "10.36.69.125" ], "related.user": [ "met" @@ -2724,8 +2724,8 @@ ], "related.ip": [ "10.69.170.107", - "10.6.32.7", "10.34.133.2", + "10.6.32.7", "10.142.186.43" ], "related.user": [ @@ -2791,10 +2791,10 @@ "ender5647.www5.example" ], "related.ip": [ - "10.59.103.10", - "10.170.165.164", "10.121.153.197", - "10.142.22.24" + "10.142.22.24", + "10.59.103.10", + "10.170.165.164" ], "related.user": [ "borumSec" @@ -2859,9 +2859,9 @@ "sis3986.internal.lan" ], "related.ip": [ - "10.19.99.129", - "10.247.114.30", "10.176.83.7", + "10.247.114.30", + "10.19.99.129", "10.133.10.122" ], "related.user": [ @@ -2927,10 +2927,10 @@ "uatu2894.api.lan" ], "related.ip": [ + "10.64.139.17", "10.70.7.23", - "10.40.177.138", "10.8.29.219", - "10.64.139.17" + "10.40.177.138" ], "related.user": [ "rep" @@ -2996,8 +2996,8 @@ "related.ip": [ "10.2.189.20", "10.67.221.220", - "10.67.173.228", - "10.180.62.222" + "10.180.62.222", + "10.67.173.228" ], "related.user": [ "uptasnul" @@ -3062,10 +3062,10 @@ "uian521.www.example" ], "related.ip": [ - "10.147.127.181", + "10.196.176.243", "10.209.52.47", "10.56.134.118", - "10.196.176.243" + "10.147.127.181" ], "related.user": [ "tasu" @@ -3130,9 +3130,9 @@ ], "related.ip": [ "10.226.24.84", - "10.248.140.59", + "10.85.13.237", "10.231.18.90", - "10.85.13.237" + "10.248.140.59" ], "related.user": [ "Nem" @@ -3197,10 +3197,10 @@ "ntsunt4894.mail.domain" ], "related.ip": [ - "10.59.215.207", - "10.207.183.204", + "10.203.46.215", "10.8.224.72", - "10.203.46.215" + "10.207.183.204", + "10.59.215.207" ], "related.user": [ "eruntmo" @@ -3265,10 +3265,10 @@ "mexer3864.api.corp" ], "related.ip": [ - "10.98.154.146", "10.73.84.95", + "10.255.145.22", "10.230.38.148", - "10.255.145.22" + "10.98.154.146" ], "related.user": [ "sitam" @@ -3332,10 +3332,10 @@ "oluptat6960.www5.test" ], "related.ip": [ - "10.166.142.198", "10.105.120.162", - "10.175.181.138", - "10.211.29.187" + "10.211.29.187", + "10.166.142.198", + "10.175.181.138" ], "related.user": [ "tium" @@ -3400,10 +3400,10 @@ "fugiatnu2498.www.localhost" ], "related.ip": [ - "10.182.213.195", - "10.195.139.25", "10.122.133.162", - "10.220.202.102" + "10.220.202.102", + "10.182.213.195", + "10.195.139.25" ], "related.user": [ "aquae" @@ -3535,10 +3535,10 @@ "exer447.internal.localhost" ], "related.ip": [ - "10.241.143.145", - "10.35.190.164", "10.21.58.162", - "10.113.65.192" + "10.35.190.164", + "10.113.65.192", + "10.241.143.145" ], "related.user": [ "porin" @@ -3672,9 +3672,9 @@ ], "related.ip": [ "10.150.153.61", - "10.22.213.196", + "10.125.150.220", "10.120.50.13", - "10.125.150.220" + "10.22.213.196" ], "related.user": [ "inculpa" @@ -3739,10 +3739,10 @@ "edquiaco6562.api.lan" ], "related.ip": [ + "10.113.2.13", "10.85.52.249", - "10.229.155.171", "10.238.171.184", - "10.113.2.13" + "10.229.155.171" ], "related.user": [ "tatiset" @@ -3808,9 +3808,9 @@ ], "related.ip": [ "10.249.174.35", + "10.198.150.185", "10.51.245.225", - "10.220.1.249", - "10.198.150.185" + "10.220.1.249" ], "related.user": [ "quela" @@ -3875,8 +3875,8 @@ "eosqui3723.api.localdomain" ], "related.ip": [ - "10.38.185.31", "10.251.82.195", + "10.38.185.31", "10.190.96.181", "10.152.157.32" ], @@ -3942,10 +3942,10 @@ "itaedict199.mail.corp" ], "related.ip": [ - "10.103.102.242", - "10.190.247.194", "10.230.112.179", - "10.211.198.50" + "10.211.198.50", + "10.103.102.242", + "10.190.247.194" ], "related.user": [ "tDuisaut" @@ -4010,9 +4010,9 @@ ], "related.ip": [ "10.219.83.199", + "10.251.101.61", "10.47.223.155", - "10.101.13.122", - "10.251.101.61" + "10.101.13.122" ], "related.user": [ "ectetur" @@ -4077,10 +4077,10 @@ "saute7421.www.invalid" ], "related.ip": [ + "10.83.136.233", "10.31.86.83", - "10.21.30.43", "10.21.80.157", - "10.83.136.233" + "10.21.30.43" ], "related.user": [ "litsed" @@ -4145,9 +4145,9 @@ "oluptas1637.home" ], "related.ip": [ - "10.27.181.27", "10.45.152.205", "10.194.197.107", + "10.27.181.27", "10.195.90.73" ], "related.user": [ @@ -4213,10 +4213,10 @@ "ididu5505.api.localdomain" ], "related.ip": [ - "10.222.2.132", - "10.183.90.25", "10.43.239.97", - "10.129.161.18" + "10.129.161.18", + "10.183.90.25", + "10.222.2.132" ], "related.user": [ "aedicta" @@ -4280,10 +4280,10 @@ "mqui1099.api.corp" ], "related.ip": [ + "10.248.156.138", "10.67.129.100", - "10.231.167.171", "10.189.162.131", - "10.248.156.138" + "10.231.167.171" ], "related.user": [ "sedquia" @@ -4348,9 +4348,9 @@ "siuta2155.lan" ], "related.ip": [ + "10.63.103.30", "10.6.146.184", "10.185.107.27", - "10.63.103.30", "10.142.106.66" ], "related.user": [ @@ -4415,10 +4415,10 @@ "tatiset4191.localdomain" ], "related.ip": [ - "10.93.39.237", "10.119.179.182", + "10.214.93.200", "10.0.202.9", - "10.214.93.200" + "10.93.39.237" ], "related.user": [ "tionofd" @@ -4484,8 +4484,8 @@ ], "related.ip": [ "10.28.145.163", - "10.252.204.162", "10.123.154.140", + "10.252.204.162", "10.30.189.166" ], "related.user": [ @@ -4550,9 +4550,9 @@ "idolo6535.internal.example" ], "related.ip": [ + "10.46.162.198", "10.145.128.250", "10.79.49.3", - "10.46.162.198", "10.29.122.183" ], "related.user": [ @@ -4618,10 +4618,10 @@ "one7728.api.localdomain" ], "related.ip": [ - "10.166.169.167", - "10.65.174.196", + "10.142.235.217", "10.177.232.136", - "10.142.235.217" + "10.65.174.196", + "10.166.169.167" ], "related.user": [ "olors" @@ -4686,9 +4686,9 @@ "uptatem4446.internal.localhost" ], "related.ip": [ - "10.29.217.44", "10.215.184.154", "10.191.78.86", + "10.29.217.44", "10.53.188.140" ], "related.user": [ @@ -4754,8 +4754,8 @@ "emq2514.api.localhost" ], "related.ip": [ - "10.135.77.156", "10.46.222.149", + "10.135.77.156", "10.76.148.147", "10.74.74.129" ], @@ -4821,10 +4821,10 @@ "agna5654.www.corp" ], "related.ip": [ - "10.145.49.29", + "10.130.203.37", "10.96.200.223", - "10.11.146.253", - "10.130.203.37" + "10.145.49.29", + "10.11.146.253" ], "related.user": [ "mvele" @@ -4888,10 +4888,10 @@ "ipi4827.mail.lan" ], "related.ip": [ - "10.24.23.209", "10.162.78.48", - "10.48.75.140", - "10.162.2.180" + "10.162.2.180", + "10.24.23.209", + "10.48.75.140" ], "related.user": [ "rumwr" @@ -4955,10 +4955,10 @@ "sequatD163.internal.example" ], "related.ip": [ - "10.151.206.38", - "10.66.92.83", "10.119.12.186", - "10.97.105.115" + "10.97.105.115", + "10.151.206.38", + "10.66.92.83" ], "related.user": [ "nproide" @@ -5022,10 +5022,10 @@ "itamet1303.invalid" ], "related.ip": [ - "10.64.76.142", "10.169.139.250", "10.12.148.73", - "10.201.132.114" + "10.201.132.114", + "10.64.76.142" ], "related.user": [ "borisnis" @@ -5090,10 +5090,10 @@ "epr3512.internal.domain" ], "related.ip": [ - "10.111.128.11", - "10.9.236.18", "10.35.38.185", - "10.200.116.191" + "10.200.116.191", + "10.111.128.11", + "10.9.236.18" ], "related.user": [ "umfug" @@ -5157,10 +5157,10 @@ "uredol2174.home" ], "related.ip": [ - "10.134.238.8", "10.191.27.182", - "10.236.67.227", - "10.240.62.238" + "10.134.238.8", + "10.240.62.238", + "10.236.67.227" ], "related.user": [ "tlabo" @@ -5224,10 +5224,10 @@ "ididunt7607.mail.localhost" ], "related.ip": [ - "10.109.14.142", "10.22.231.91", - "10.65.35.64", - "10.165.66.92" + "10.165.66.92", + "10.109.14.142", + "10.65.35.64" ], "related.user": [ "perna" @@ -5292,9 +5292,9 @@ ], "related.ip": [ "10.64.161.215", + "10.29.230.203", "10.71.112.86", - "10.89.221.90", - "10.29.230.203" + "10.89.221.90" ], "related.user": [ "rnatur" @@ -5358,10 +5358,10 @@ "nonn1650.www.test" ], "related.ip": [ - "10.221.199.137", - "10.88.226.76", + "10.140.118.182", "10.79.208.135", - "10.140.118.182" + "10.221.199.137", + "10.88.226.76" ], "related.user": [ "erspic" @@ -5426,10 +5426,10 @@ "acons3940.api.lan" ], "related.ip": [ + "10.133.48.55", "10.35.73.208", - "10.126.61.230", "10.189.244.22", - "10.133.48.55" + "10.126.61.230" ], "related.user": [ "tia" @@ -5493,8 +5493,8 @@ "suscipit587.www.localhost" ], "related.ip": [ - "10.240.94.109", "10.239.194.105", + "10.240.94.109", "10.81.154.115", "10.35.65.72" ], @@ -5562,8 +5562,8 @@ ], "related.ip": [ "10.150.56.227", - "10.52.70.192", "10.248.72.104", + "10.52.70.192", "10.38.253.213" ], "related.user": [ @@ -5629,10 +5629,10 @@ "borios1067.www5.home" ], "related.ip": [ - "10.218.15.164", - "10.62.218.239", "10.73.172.186", - "10.203.193.134" + "10.203.193.134", + "10.218.15.164", + "10.62.218.239" ], "related.user": [ "reh" @@ -5696,9 +5696,9 @@ "msequ323.www.example" ], "related.ip": [ + "10.60.20.76", "10.10.46.43", "10.131.127.113", - "10.60.20.76", "10.136.211.234" ], "related.user": [ @@ -5764,10 +5764,10 @@ "tdolorem813.internal.host" ], "related.ip": [ + "10.50.177.151", "10.248.0.74", - "10.233.181.250", "10.187.237.220", - "10.50.177.151" + "10.233.181.250" ], "related.user": [ "ugiatq" @@ -5832,10 +5832,10 @@ "volupt4626.internal.test" ], "related.ip": [ - "10.96.223.46", - "10.80.129.81", + "10.248.248.120", "10.189.43.11", - "10.248.248.120" + "10.80.129.81", + "10.96.223.46" ], "related.user": [ "iatn" @@ -5900,9 +5900,9 @@ "ntium5103.www5.localhost" ], "related.ip": [ - "10.91.115.139", - "10.102.109.199", "10.173.114.63", + "10.102.109.199", + "10.91.115.139", "10.66.106.186" ], "related.user": [ @@ -5968,9 +5968,9 @@ "orpori3334.www.local" ], "related.ip": [ + "10.159.155.88", "10.0.175.17", "10.198.157.122", - "10.159.155.88", "10.221.223.127" ], "related.user": [ @@ -6035,10 +6035,10 @@ "equu7361.www5.localdomain" ], "related.ip": [ - "10.252.136.130", - "10.189.70.237", "10.30.20.187", - "10.7.212.201" + "10.7.212.201", + "10.189.70.237", + "10.252.136.130" ], "related.user": [ "ugiat" @@ -6103,10 +6103,10 @@ "tse2979.internal.localhost" ], "related.ip": [ - "10.60.224.93", - "10.242.121.165", "10.83.105.69", - "10.102.109.194" + "10.102.109.194", + "10.60.224.93", + "10.242.121.165" ], "related.user": [ "mni" @@ -6171,10 +6171,10 @@ "uisnostr2390.mail.domain" ], "related.ip": [ + "10.17.20.93", "10.219.174.45", - "10.181.134.69", "10.251.167.219", - "10.17.20.93" + "10.181.134.69" ], "related.user": [ "Uteni" @@ -6239,10 +6239,10 @@ "luptate4811.mail.example" ], "related.ip": [ - "10.28.233.253", - "10.37.14.20", + "10.223.99.90", "10.30.117.82", - "10.223.99.90" + "10.37.14.20", + "10.28.233.253" ], "related.user": [ "numqua" @@ -6307,10 +6307,10 @@ "lites1614.www.corp" ], "related.ip": [ - "10.57.85.113", - "10.8.32.17", + "10.125.20.22", "10.50.61.114", - "10.125.20.22" + "10.57.85.113", + "10.8.32.17" ], "related.user": [ "qua" @@ -6375,9 +6375,9 @@ "lorinrep7686.mail.corp" ], "related.ip": [ - "10.200.28.55", - "10.215.224.27", "10.113.78.101", + "10.215.224.27", + "10.200.28.55", "10.181.63.82" ], "related.user": [ @@ -6443,10 +6443,10 @@ "nderit6272.mail.example" ], "related.ip": [ - "10.243.43.168", + "10.169.95.128", "10.177.14.106", "10.139.20.223", - "10.169.95.128" + "10.243.43.168" ], "related.user": [ "ofd" @@ -6512,9 +6512,9 @@ ], "related.ip": [ "10.92.168.198", - "10.90.93.4", "10.39.100.88", - "10.18.176.44" + "10.18.176.44", + "10.90.93.4" ], "related.user": [ "adminima" @@ -6579,9 +6579,9 @@ "essequam1161.domain" ], "related.ip": [ - "10.163.203.191", "10.193.43.135", "10.49.68.8", + "10.163.203.191", "10.173.13.179" ], "related.user": [ @@ -6647,9 +6647,9 @@ ], "related.ip": [ "10.240.47.113", - "10.209.226.7", + "10.84.64.28", "10.31.147.51", - "10.84.64.28" + "10.209.226.7" ], "related.user": [ "ull" @@ -6714,9 +6714,9 @@ "item3647.home" ], "related.ip": [ + "10.52.13.192", "10.225.189.229", "10.86.1.244", - "10.52.13.192", "10.32.20.4" ], "related.user": [ diff --git a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json index fe5ce75e182..81c2af5f702 100644 --- a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json @@ -367,8 +367,8 @@ "observer.vendor": "F5", "process.pid": 2289, "related.ip": [ - "10.204.123.107", - "10.225.160.182" + "10.225.160.182", + "10.204.123.107" ], "rsa.internal.messageid": "01490500", "rsa.misc.log_session_id": "eFinib", @@ -983,8 +983,8 @@ "observer.vendor": "F5", "process.pid": 4318, "related.ip": [ - "10.169.101.161", - "10.122.204.151" + "10.122.204.151", + "10.169.101.161" ], "rsa.internal.messageid": "01490500", "rsa.misc.log_session_id": "snulap", @@ -1565,8 +1565,8 @@ "observer.vendor": "F5", "process.pid": 1973, "related.ip": [ - "10.47.99.72", - "10.187.64.126" + "10.187.64.126", + "10.47.99.72" ], "rsa.internal.messageid": "01490500", "rsa.misc.category": "oremipsu", diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json index 69eab97fe35..2633519ac68 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json @@ -25,8 +25,8 @@ "litesse6379.api.domain" ], "related.ip": [ - "10.150.92.220", - "10.102.123.34" + "10.102.123.34", + "10.150.92.220" ], "related.user": [ "sumdo" @@ -143,8 +143,8 @@ "quis1130.internal.corp" ], "related.ip": [ - "10.118.175.9", - "10.173.116.41" + "10.173.116.41", + "10.118.175.9" ], "related.user": [ "uame" @@ -261,8 +261,8 @@ "enimad2283.internal.domain" ], "related.ip": [ - "10.245.142.250", - "10.70.0.60" + "10.70.0.60", + "10.245.142.250" ], "related.user": [ "eos" @@ -379,8 +379,8 @@ "iutal13.api.localdomain" ], "related.ip": [ - "10.12.44.169", - "10.214.225.125" + "10.214.225.125", + "10.12.44.169" ], "related.user": [ "erep" @@ -438,8 +438,8 @@ "uovol492.www.localhost" ], "related.ip": [ - "10.198.136.50", - "10.66.108.11" + "10.66.108.11", + "10.198.136.50" ], "related.user": [ "uptatev" @@ -556,8 +556,8 @@ "eniam7007.api.invalid" ], "related.ip": [ - "10.54.231.100", - "10.203.5.162" + "10.203.5.162", + "10.54.231.100" ], "related.user": [ "umdolore" @@ -615,8 +615,8 @@ "snulapar3794.api.domain" ], "related.ip": [ - "10.65.83.160", - "10.136.252.240" + "10.136.252.240", + "10.65.83.160" ], "related.user": [ "ender" @@ -674,8 +674,8 @@ "liq5883.localdomain" ], "related.ip": [ - "10.210.213.18", - "10.57.40.29" + "10.57.40.29", + "10.210.213.18" ], "related.user": [ "onse" @@ -969,8 +969,8 @@ "tion1761.home" ], "related.ip": [ - "10.73.69.75", - "10.19.201.13" + "10.19.201.13", + "10.73.69.75" ], "related.user": [ "tat" @@ -1028,8 +1028,8 @@ "santium4235.api.local" ], "related.ip": [ - "10.84.105.75", - "10.78.151.178" + "10.78.151.178", + "10.84.105.75" ], "related.user": [ "iquaUten" @@ -1087,8 +1087,8 @@ "CSed2857.www5.example" ], "related.ip": [ - "10.25.192.202", - "10.135.233.146" + "10.135.233.146", + "10.25.192.202" ], "related.user": [ "emeumfu" @@ -1146,8 +1146,8 @@ "equep5085.mail.domain" ], "related.ip": [ - "10.104.134.200", - "10.121.219.204" + "10.121.219.204", + "10.104.134.200" ], "related.user": [ "uptat" @@ -1205,8 +1205,8 @@ "conseq557.mail.lan" ], "related.ip": [ - "10.225.160.182", - "10.191.105.82" + "10.191.105.82", + "10.225.160.182" ], "related.user": [ "eirure" @@ -1323,8 +1323,8 @@ "lit5929.test" ], "related.ip": [ - "10.153.111.103", - "10.6.167.7" + "10.6.167.7", + "10.153.111.103" ], "related.user": [ "eumfug" @@ -1618,8 +1618,8 @@ "xeacomm6855.api.corp" ], "related.ip": [ - "10.168.90.81", - "10.101.57.120" + "10.101.57.120", + "10.168.90.81" ], "related.user": [ "eporr" @@ -1913,8 +1913,8 @@ "eprehen3224.www5.localdomain" ], "related.ip": [ - "10.195.2.130", - "10.75.99.127" + "10.75.99.127", + "10.195.2.130" ], "related.user": [ "inibusB" @@ -1972,8 +1972,8 @@ "ptasn6599.www.localhost" ], "related.ip": [ - "10.201.238.90", - "10.245.104.182" + "10.245.104.182", + "10.201.238.90" ], "related.user": [ "ovol" @@ -2090,8 +2090,8 @@ "gitsedqu2649.mail.lan" ], "related.ip": [ - "10.184.18.202", - "10.4.157.1" + "10.4.157.1", + "10.184.18.202" ], "related.user": [ "oditem" @@ -2208,8 +2208,8 @@ "tut2703.www.host" ], "related.ip": [ - "10.27.16.118", - "10.83.177.2" + "10.83.177.2", + "10.27.16.118" ], "related.user": [ "borios" @@ -2385,8 +2385,8 @@ "tot5313.mail.invalid" ], "related.ip": [ - "10.9.18.237", - "10.9.12.248" + "10.9.12.248", + "10.9.18.237" ], "related.user": [ "uradi" @@ -2444,8 +2444,8 @@ "rumet3801.internal.domain" ], "related.ip": [ - "10.41.123.102", - "10.83.130.226" + "10.83.130.226", + "10.41.123.102" ], "related.user": [ "tenim" @@ -2562,8 +2562,8 @@ "sequat7273.api.host" ], "related.ip": [ - "10.134.18.114", - "10.142.25.100" + "10.142.25.100", + "10.134.18.114" ], "related.user": [ "osqui" @@ -2621,8 +2621,8 @@ "uidol4575.localhost" ], "related.ip": [ - "10.28.118.160", - "10.223.119.218" + "10.223.119.218", + "10.28.118.160" ], "related.user": [ "ntsunt" @@ -2916,8 +2916,8 @@ "iosamnis1047.internal.localdomain" ], "related.ip": [ - "10.210.89.183", - "10.150.245.88" + "10.150.245.88", + "10.210.89.183" ], "related.user": [ "sequa" @@ -2975,8 +2975,8 @@ "orroq6677.internal.example" ], "related.ip": [ - "10.85.185.13", - "10.180.195.43" + "10.180.195.43", + "10.85.185.13" ], "related.user": [ "voluptas" @@ -3093,8 +3093,8 @@ "itaedict7233.mail.localdomain" ], "related.ip": [ - "10.86.11.48", - "10.248.165.185" + "10.248.165.185", + "10.86.11.48" ], "related.user": [ "dquiac" @@ -3152,8 +3152,8 @@ "numquam5869.internal.example" ], "related.ip": [ - "10.118.6.177", - "10.47.125.38" + "10.47.125.38", + "10.118.6.177" ], "related.user": [ "quunt" @@ -3211,8 +3211,8 @@ "onu6137.api.home" ], "related.ip": [ - "10.60.142.127", - "10.50.233.155" + "10.50.233.155", + "10.60.142.127" ], "related.user": [ "atv" @@ -3270,8 +3270,8 @@ "aecatcup2241.www5.test" ], "related.ip": [ - "10.28.82.189", - "10.120.10.211" + "10.120.10.211", + "10.28.82.189" ], "related.user": [ "rcit" @@ -3388,8 +3388,8 @@ "mveleum4322.www5.host" ], "related.ip": [ - "10.226.5.189", - "10.125.165.144" + "10.125.165.144", + "10.226.5.189" ], "related.user": [ "mvolu" @@ -3565,8 +3565,8 @@ "nreprehe715.api.home" ], "related.ip": [ - "10.17.87.79", - "10.123.199.198" + "10.123.199.198", + "10.17.87.79" ], "related.user": [ "ratvolu" @@ -3624,8 +3624,8 @@ "unte893.internal.host" ], "related.ip": [ - "10.38.86.177", - "10.115.68.40" + "10.115.68.40", + "10.38.86.177" ], "related.user": [ "mpo" @@ -4096,8 +4096,8 @@ "squira4455.api.domain" ], "related.ip": [ - "10.196.96.162", - "10.34.131.224" + "10.34.131.224", + "10.196.96.162" ], "related.user": [ "tnonproi" @@ -4804,8 +4804,8 @@ "lamcola4879.www5.localdomain" ], "related.ip": [ - "10.14.204.36", - "10.85.104.146" + "10.85.104.146", + "10.14.204.36" ], "related.user": [ "emp" @@ -4863,8 +4863,8 @@ "edquian330.mail.local" ], "related.ip": [ - "10.208.18.210", - "10.30.246.132" + "10.30.246.132", + "10.208.18.210" ], "related.user": [ "veniam" @@ -4922,8 +4922,8 @@ "santi837.api.domain" ], "related.ip": [ - "10.19.119.17", - "10.106.249.91" + "10.106.249.91", + "10.19.119.17" ], "related.user": [ "lit" @@ -5040,8 +5040,8 @@ "nonn4478.host" ], "related.ip": [ - "10.164.207.42", - "10.164.120.197" + "10.164.120.197", + "10.164.207.42" ], "related.user": [ "pta" @@ -5099,8 +5099,8 @@ "amquaer3985.www5.example" ], "related.ip": [ - "10.183.189.133", - "10.154.191.225" + "10.154.191.225", + "10.183.189.133" ], "related.user": [ "ita" @@ -5276,8 +5276,8 @@ "orumS757.www5.corp" ], "related.ip": [ - "10.91.2.135", - "10.126.245.73" + "10.126.245.73", + "10.91.2.135" ], "related.user": [ "olore" @@ -5335,8 +5335,8 @@ "emi4534.www.localdomain" ], "related.ip": [ - "10.137.85.123", - "10.183.243.246" + "10.183.243.246", + "10.137.85.123" ], "related.user": [ "cid" @@ -5453,8 +5453,8 @@ "aturQu7083.mail.host" ], "related.ip": [ - "10.79.73.195", - "10.125.143.153" + "10.125.143.153", + "10.79.73.195" ], "related.user": [ "emip" @@ -5571,8 +5571,8 @@ "siarc6339.internal.corp" ], "related.ip": [ - "10.222.245.80", - "10.87.90.49" + "10.87.90.49", + "10.222.245.80" ], "related.user": [ "ptatemse" @@ -5689,8 +5689,8 @@ "byC5766.internal.home" ], "related.ip": [ - "10.105.97.134", - "10.204.178.19" + "10.204.178.19", + "10.105.97.134" ], "related.user": [ "mexercit" @@ -5866,8 +5866,8 @@ "porissu1470.domain" ], "related.ip": [ - "10.180.90.112", - "10.116.153.19" + "10.116.153.19", + "10.180.90.112" ], "related.user": [ "itessequ" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json index 367d81f9868..1bc7032f6d2 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json +++ b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json @@ -6,6 +6,7 @@ "destination.bytes": 1130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -81,6 +82,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -151,6 +153,7 @@ "destination.bytes": 6812, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -225,6 +228,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -299,6 +303,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -373,6 +378,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -442,6 +448,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -512,6 +519,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -585,6 +593,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -654,6 +663,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -714,6 +724,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.4.4", @@ -825,6 +836,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.4.4", @@ -874,6 +886,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "8.8.8.8", @@ -889,6 +902,7 @@ "destination.as.organization.name": "Level 3 Parent, LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.4.5.4", @@ -942,6 +956,7 @@ "source.as.organization.name": "Quad9", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 48.8582, "source.geo.location.lon": 2.3387, "source.ip": "9.9.9.9", @@ -1049,6 +1064,7 @@ "destination.as.organization.name": "Level 3 Parent, LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.5.4", @@ -1100,6 +1116,7 @@ "service.type": "fortinet", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "7.6.3.4", @@ -1186,6 +1203,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.6", @@ -1235,6 +1253,7 @@ "destination.as.organization.name": "Level 3 Parent, LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.5.4", @@ -1396,6 +1415,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1465,6 +1485,7 @@ "destination.bytes": 65446, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.6.4.7", @@ -1532,6 +1553,7 @@ "source.geo.city_name": "Beijing", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 39.9288, "source.geo.location.lon": 116.3889, "source.geo.region_iso_code": "CN-BJ", @@ -1553,6 +1575,7 @@ "destination.bytes": 20, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "2001:4860:4860::8888", @@ -1613,6 +1636,7 @@ "source.bytes": 3014, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "2001:4860:4860::8888", @@ -1629,6 +1653,7 @@ "destination.bytes": 10, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1689,6 +1714,7 @@ "source.bytes": 0, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "9.7.7.7", @@ -1772,6 +1798,7 @@ "destination.bytes": 77654, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1857,6 +1884,7 @@ "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 39.0481, "source.geo.location.lon": -77.4728, "source.geo.region_iso_code": "US-VA", @@ -1879,6 +1907,7 @@ "destination.as.organization.name": "Dailymotion S.A.", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", + "destination.geo.country_name": "France", "destination.geo.location.lat": 48.8582, "destination.geo.location.lon": 2.3387, "destination.ip": "195.8.215.136", diff --git a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json index e3803f80ef3..0f8cf25378a 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json @@ -994,8 +994,8 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ - "10.68.246.187", - "10.140.7.83" + "10.140.7.83", + "10.68.246.187" ], "rsa.email.email_dst": "gna", "rsa.email.email_src": "icabo", @@ -1248,8 +1248,8 @@ "atise3421.www5.localdomain" ], "related.ip": [ - "10.179.210.218", - "10.73.207.70" + "10.73.207.70", + "10.179.210.218" ], "rsa.email.email_dst": "rumSecti", "rsa.email.email_src": "taut", @@ -3094,8 +3094,8 @@ "taevitae6868.www.corp" ], "related.ip": [ - "10.60.164.100", - "10.161.1.146" + "10.161.1.146", + "10.60.164.100" ], "rsa.email.email_dst": "nproiden", "rsa.email.email_src": "etconse", @@ -3194,8 +3194,8 @@ "tetura7106.www5.corp" ], "related.ip": [ - "10.93.239.216", - "10.44.35.57" + "10.44.35.57", + "10.93.239.216" ], "rsa.email.email_dst": "ciun", "rsa.email.email_src": "vento", @@ -3794,8 +3794,8 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ - "10.251.183.113", - "10.201.105.58" + "10.201.105.58", + "10.251.183.113" ], "rsa.email.email_dst": "ionemu", "rsa.email.email_src": "ent", @@ -3838,8 +3838,8 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.ip": [ - "10.209.203.156", - "10.132.139.98" + "10.132.139.98", + "10.209.203.156" ], "rsa.email.email_dst": "borisnis", "rsa.email.email_src": "pariat", diff --git a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json index 78030aa2c53..ee8c3414d5e 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json @@ -26,8 +26,8 @@ "observer.vendor": "Fortinet", "related.ip": [ "10.44.173.44", - "10.20.234.169", - "10.189.58.145" + "10.189.58.145", + "10.20.234.169" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -244,8 +244,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.131.233.27", "10.27.88.95", + "10.131.233.27", "10.50.112.141" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -314,8 +314,8 @@ "olo7148.mail.home" ], "related.ip": [ - "10.87.212.179", - "10.157.213.15" + "10.157.213.15", + "10.87.212.179" ], "related.user": [ "rveli" @@ -405,8 +405,8 @@ "agna7678.internal.host" ], "related.ip": [ - "10.76.73.140", - "10.114.150.67" + "10.114.150.67", + "10.76.73.140" ], "related.user": [ "aperia" @@ -507,8 +507,8 @@ "rsa.investigations.event_vcat": "quae", "rsa.misc.OS": "qui", "rsa.misc.action": [ - "accept", - "iadese" + "iadese", + "accept" ], "rsa.misc.category": "aturve", "rsa.misc.client": "utei", @@ -582,9 +582,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.114.16.155", + "10.186.85.3", "10.176.216.90", - "10.186.85.3" + "10.114.16.155" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -828,9 +828,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ + "10.58.214.16", "10.238.164.74", - "10.106.162.153", - "10.58.214.16" + "10.106.162.153" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -972,8 +972,8 @@ "rsa.investigations.event_vcat": "xer", "rsa.misc.OS": "fugi", "rsa.misc.action": [ - "umdolo", - "deny" + "deny", + "umdolo" ], "rsa.misc.category": "conseq", "rsa.misc.client": "cusant", @@ -1127,8 +1127,8 @@ "rsa.investigations.event_vcat": "psumqu", "rsa.misc.OS": "oraincid", "rsa.misc.action": [ - "ritt", - "deny" + "deny", + "ritt" ], "rsa.misc.category": "idunt", "rsa.misc.client": "siu", @@ -1202,9 +1202,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.98.194.212", "10.51.213.42", - "10.233.120.207" + "10.233.120.207", + "10.98.194.212" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1266,9 +1266,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ + "10.245.187.229", "10.67.132.242", - "10.241.132.176", - "10.245.187.229" + "10.241.132.176" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1335,8 +1335,8 @@ "tore7088.www.invalid" ], "related.ip": [ - "10.199.47.220", - "10.212.214.4" + "10.212.214.4", + "10.199.47.220" ], "related.user": [ "atv" @@ -1437,8 +1437,8 @@ "rsa.investigations.event_vcat": "metcons", "rsa.misc.OS": "ehende", "rsa.misc.action": [ - "deny", - "umf" + "umf", + "deny" ], "rsa.misc.category": "emUte", "rsa.misc.client": "archite", @@ -1517,8 +1517,8 @@ "eturad6143.www.home" ], "related.ip": [ - "10.128.46.70", - "10.95.117.134" + "10.95.117.134", + "10.128.46.70" ], "related.user": [ "enim" @@ -1608,8 +1608,8 @@ "orinrep5386.www.corp" ], "related.ip": [ - "10.253.228.140", - "10.208.21.135" + "10.208.21.135", + "10.253.228.140" ], "related.user": [ "inculp" @@ -1619,8 +1619,8 @@ "rsa.investigations.event_vcat": "emagn", "rsa.misc.OS": "oditempo", "rsa.misc.action": [ - "ugitse", - "cancel" + "cancel", + "ugitse" ], "rsa.misc.category": "magnid", "rsa.misc.client": "sci", @@ -1699,8 +1699,8 @@ "henderi724.www5.home" ], "related.ip": [ - "10.3.23.172", - "10.243.226.122" + "10.243.226.122", + "10.3.23.172" ], "related.user": [ "olorem" @@ -1710,8 +1710,8 @@ "rsa.investigations.event_vcat": "ess", "rsa.misc.OS": "equatDu", "rsa.misc.action": [ - "cancel", - "emullamc" + "emullamc", + "cancel" ], "rsa.misc.category": "niamquis", "rsa.misc.client": "tutlabo", @@ -1801,8 +1801,8 @@ "rsa.investigations.event_vcat": "snostrum", "rsa.misc.OS": "tiaecon", "rsa.misc.action": [ - "cancel", - "atiset" + "atiset", + "cancel" ], "rsa.misc.category": "ehende", "rsa.misc.client": "umquam", @@ -1878,8 +1878,8 @@ "observer.vendor": "Fortinet", "related.ip": [ "10.117.63.181", - "10.247.53.179", - "10.168.20.20" + "10.168.20.20", + "10.247.53.179" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1947,8 +1947,8 @@ "tasnul4179.internal.host" ], "related.ip": [ - "10.141.156.217", - "10.53.168.187" + "10.53.168.187", + "10.141.156.217" ], "related.user": [ "amqu" @@ -1958,8 +1958,8 @@ "rsa.investigations.event_vcat": "illumq", "rsa.misc.OS": "idata", "rsa.misc.action": [ - "emacc", - "block" + "block", + "emacc" ], "rsa.misc.category": "ueporro", "rsa.misc.client": "veli", @@ -2050,8 +2050,8 @@ "rsa.investigations.event_vcat": "eturadip", "rsa.misc.OS": "turadip", "rsa.misc.action": [ - "accept", - "odoc" + "odoc", + "accept" ], "rsa.misc.category": "volup", "rsa.misc.client": "tur", @@ -2232,8 +2232,8 @@ "rsa.investigations.event_vcat": "uatu", "rsa.misc.OS": "tnulapar", "rsa.misc.action": [ - "deny", - "odic" + "odic", + "deny" ], "rsa.misc.category": "deri", "rsa.misc.client": "scivelit", @@ -2307,8 +2307,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.37.161.101", "10.111.182.212", + "10.37.161.101", "10.17.209.252" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -2371,9 +2371,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.170.196.181", + "10.153.166.133", "10.158.175.98", - "10.153.166.133" + "10.170.196.181" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2526,9 +2526,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.174.17.46", + "10.38.168.190", "10.77.105.81", - "10.38.168.190" + "10.174.17.46" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2654,9 +2654,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.214.156.161", + "10.66.90.225", "10.145.194.12", - "10.66.90.225" + "10.214.156.161" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2719,8 +2719,8 @@ "observer.vendor": "Fortinet", "related.ip": [ "10.156.208.5", - "10.163.36.101", - "10.6.242.108" + "10.6.242.108", + "10.163.36.101" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2787,8 +2787,8 @@ "remeum2641.www5.corp" ], "related.ip": [ - "10.68.233.163", - "10.220.148.127" + "10.220.148.127", + "10.68.233.163" ], "related.user": [ "estiaec" @@ -2798,8 +2798,8 @@ "rsa.investigations.event_vcat": "olore", "rsa.misc.OS": "tatem", "rsa.misc.action": [ - "allow", - "itanimi" + "itanimi", + "allow" ], "rsa.misc.category": "psa", "rsa.misc.client": "ugits", @@ -2889,8 +2889,8 @@ "rsa.investigations.event_vcat": "ihi", "rsa.misc.OS": "amquaera", "rsa.misc.action": [ - "allow", - "nimides" + "nimides", + "allow" ], "rsa.misc.category": "mve", "rsa.misc.client": "plica", @@ -2970,8 +2970,8 @@ "mea6298.api.example" ], "related.ip": [ - "10.113.152.241", - "10.115.121.243" + "10.115.121.243", + "10.113.152.241" ], "related.user": [ "norumetM" @@ -3061,8 +3061,8 @@ "iqu7510.internal.corp" ], "related.ip": [ - "10.49.82.45", - "10.179.153.97" + "10.179.153.97", + "10.49.82.45" ], "related.user": [ "dictasun" @@ -3072,8 +3072,8 @@ "rsa.investigations.event_vcat": "tatemse", "rsa.misc.OS": "eturadi", "rsa.misc.action": [ - "ade", - "accept" + "accept", + "ade" ], "rsa.misc.category": "laboreet", "rsa.misc.client": "ano", @@ -3147,8 +3147,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.205.83.138", "10.98.52.184", + "10.205.83.138", "10.99.55.115" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -3211,8 +3211,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.197.128.162", "10.228.11.50", + "10.197.128.162", "10.90.189.248" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -3320,8 +3320,8 @@ "deFinibu3940.internal.lan" ], "related.ip": [ - "10.22.248.52", - "10.124.71.88" + "10.124.71.88", + "10.22.248.52" ], "related.user": [ "tcons" @@ -3331,8 +3331,8 @@ "rsa.investigations.event_vcat": "uiratio", "rsa.misc.OS": "xce", "rsa.misc.action": [ - "cancel", - "cons" + "cons", + "cancel" ], "rsa.misc.category": "ciun", "rsa.misc.client": "amquisn", @@ -3411,8 +3411,8 @@ "tatiset4191.localdomain" ], "related.ip": [ - "10.26.58.20", - "10.185.37.176" + "10.185.37.176", + "10.26.58.20" ], "related.user": [ "eumiure" @@ -3422,8 +3422,8 @@ "rsa.investigations.event_vcat": "iae", "rsa.misc.OS": "evelite", "rsa.misc.action": [ - "essequam", - "block" + "block", + "essequam" ], "rsa.misc.category": "tmollita", "rsa.misc.client": "uiinea", @@ -3497,8 +3497,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.14.145.107", "10.200.12.126", + "10.14.145.107", "10.250.231.196" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -3561,9 +3561,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.225.34.176", "10.21.203.112", - "10.103.36.192" + "10.103.36.192", + "10.225.34.176" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3625,9 +3625,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.5.67.140", + "10.140.59.161", "10.118.111.183", - "10.140.59.161" + "10.5.67.140" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3694,8 +3694,8 @@ "nimadmi4084.api.home" ], "related.ip": [ - "10.7.70.169", - "10.28.212.191" + "10.28.212.191", + "10.7.70.169" ], "related.user": [ "itsed" @@ -3705,8 +3705,8 @@ "rsa.investigations.event_vcat": "Loremips", "rsa.misc.OS": "eritquii", "rsa.misc.action": [ - "accept", - "nostru" + "nostru", + "accept" ], "rsa.misc.category": "amnisiu", "rsa.misc.client": "rcita", @@ -3796,8 +3796,8 @@ "rsa.investigations.event_vcat": "uep", "rsa.misc.OS": "iatisund", "rsa.misc.action": [ - "block", - "nvo" + "nvo", + "block" ], "rsa.misc.category": "tenima", "rsa.misc.client": "iuntNe", @@ -4277,8 +4277,8 @@ "ntex5135.corp" ], "related.ip": [ - "10.239.194.105", - "10.234.171.117" + "10.234.171.117", + "10.239.194.105" ], "related.user": [ "tat" @@ -4288,8 +4288,8 @@ "rsa.investigations.event_vcat": "uia", "rsa.misc.OS": "mquae", "rsa.misc.action": [ - "deny", - "tenatus" + "tenatus", + "deny" ], "rsa.misc.category": "abo", "rsa.misc.client": "umtota", @@ -4743,8 +4743,8 @@ "spici5547.internal.test" ], "related.ip": [ - "10.112.242.68", - "10.216.49.112" + "10.216.49.112", + "10.112.242.68" ], "related.user": [ "urmag" @@ -4920,9 +4920,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.246.41.77", "10.228.61.5", - "10.157.22.21" + "10.157.22.21", + "10.246.41.77" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4984,9 +4984,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ + "10.188.131.18", "10.242.119.111", - "10.239.231.168", - "10.188.131.18" + "10.239.231.168" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5064,8 +5064,8 @@ "rsa.investigations.event_vcat": "amnihil", "rsa.misc.OS": "tten", "rsa.misc.action": [ - "inea", - "accept" + "accept", + "inea" ], "rsa.misc.category": "quam", "rsa.misc.client": "oreseo", @@ -5184,8 +5184,8 @@ "riaturE1644.www5.example" ], "related.ip": [ - "10.215.144.167", - "10.162.114.52" + "10.162.114.52", + "10.215.144.167" ], "related.user": [ "erspici" @@ -5195,8 +5195,8 @@ "rsa.investigations.event_vcat": "empori", "rsa.misc.OS": "ostru", "rsa.misc.action": [ - "quepor", - "allow" + "allow", + "quepor" ], "rsa.misc.category": "cipitla", "rsa.misc.client": "exeacomm", @@ -5361,9 +5361,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.75.198.93", + "10.51.106.43", "10.137.36.151", - "10.51.106.43" + "10.75.198.93" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5425,9 +5425,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.7.230.206", "10.154.151.111", - "10.249.93.150" + "10.249.93.150", + "10.7.230.206" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5505,8 +5505,8 @@ "rsa.investigations.event_vcat": "santiumd", "rsa.misc.OS": "oris", "rsa.misc.action": [ - "deny", - "rsitame" + "rsitame", + "deny" ], "rsa.misc.category": "agnaal", "rsa.misc.client": "urmagn", @@ -5585,8 +5585,8 @@ "dquiac6194.api.lan" ], "related.ip": [ - "10.241.140.241", - "10.180.162.174" + "10.180.162.174", + "10.241.140.241" ], "related.user": [ "nulapar" @@ -5596,8 +5596,8 @@ "rsa.investigations.event_vcat": "luptatev", "rsa.misc.OS": "emipsu", "rsa.misc.action": [ - "ido", - "accept" + "accept", + "ido" ], "rsa.misc.category": "litse", "rsa.misc.client": "evita", @@ -5687,8 +5687,8 @@ "rsa.investigations.event_vcat": "atvolupt", "rsa.misc.OS": "riosam", "rsa.misc.action": [ - "ssitasp", - "deny" + "deny", + "ssitasp" ], "rsa.misc.category": "enimadmi", "rsa.misc.client": "uatDui", @@ -5767,8 +5767,8 @@ "dicta7226.mail.example" ], "related.ip": [ - "10.53.50.77", - "10.4.244.115" + "10.4.244.115", + "10.53.50.77" ], "related.user": [ "idolo" @@ -5853,9 +5853,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.236.211.111", "10.120.212.78", - "10.221.100.157" + "10.221.100.157", + "10.236.211.111" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5933,8 +5933,8 @@ "rsa.investigations.event_vcat": "lauda", "rsa.misc.OS": "enatuser", "rsa.misc.action": [ - "accept", - "rios" + "rios", + "accept" ], "rsa.misc.category": "aUte", "rsa.misc.client": "iusm", @@ -6009,8 +6009,8 @@ "observer.vendor": "Fortinet", "related.ip": [ "10.123.59.69", - "10.226.255.3", - "10.53.251.202" + "10.53.251.202", + "10.226.255.3" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6072,9 +6072,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.212.56.26", "10.3.85.176", - "10.29.141.252" + "10.29.141.252", + "10.212.56.26" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6227,9 +6227,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.11.150.136", + "10.83.98.220", "10.171.60.173", - "10.83.98.220" + "10.11.150.136" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6291,9 +6291,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ + "10.74.88.209", "10.92.3.166", - "10.238.49.73", - "10.74.88.209" + "10.238.49.73" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6355,9 +6355,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ + "10.84.200.121", "10.119.248.36", - "10.187.107.47", - "10.84.200.121" + "10.187.107.47" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6419,9 +6419,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.135.213.17", + "10.30.239.222", "10.167.128.229", - "10.30.239.222" + "10.135.213.17" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6488,8 +6488,8 @@ "rspic5637.api.local" ], "related.ip": [ - "10.169.133.219", - "10.115.166.48" + "10.115.166.48", + "10.169.133.219" ], "related.user": [ "emq" @@ -6499,8 +6499,8 @@ "rsa.investigations.event_vcat": "iumdol", "rsa.misc.OS": "min", "rsa.misc.action": [ - "eleumiur", - "block" + "block", + "eleumiur" ], "rsa.misc.category": "ero", "rsa.misc.client": "gia", @@ -6579,8 +6579,8 @@ "rror3870.www5.local" ], "related.ip": [ - "10.146.255.40", - "10.226.39.82" + "10.226.39.82", + "10.146.255.40" ], "related.user": [ "caecatcu" @@ -6729,8 +6729,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.66.149.234", "10.186.253.240", + "10.66.149.234", "10.233.128.7" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -6793,9 +6793,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.227.133.134", "10.46.11.114", - "10.173.140.201" + "10.173.140.201", + "10.227.133.134" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6926,8 +6926,8 @@ "velill3821.mail.invalid" ], "related.ip": [ - "10.97.254.192", - "10.124.34.251" + "10.124.34.251", + "10.97.254.192" ], "related.user": [ "epor" @@ -7012,9 +7012,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.9.41.221", + "10.204.98.238", "10.81.58.91", - "10.204.98.238" + "10.9.41.221" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7117,8 +7117,8 @@ "observer.vendor": "Fortinet", "related.ip": [ "10.35.84.125", - "10.212.208.70", - "10.37.120.29" + "10.37.120.29", + "10.212.208.70" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7180,9 +7180,9 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.199.201.26", "10.207.207.106", - "10.143.65.84" + "10.143.65.84", + "10.199.201.26" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7244,8 +7244,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.41.61.88", "10.204.27.48", + "10.41.61.88", "10.163.236.253" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -7308,8 +7308,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.ip": [ - "10.246.81.164", "10.53.110.111", + "10.246.81.164", "10.185.44.26" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -7378,8 +7378,8 @@ "cupida6106.www5.local" ], "related.ip": [ - "10.146.77.206", - "10.109.172.90" + "10.109.172.90", + "10.146.77.206" ], "related.user": [ "aquaeab" @@ -7469,8 +7469,8 @@ "unt2122.internal.local" ], "related.ip": [ - "10.202.250.141", - "10.38.18.72" + "10.38.18.72", + "10.202.250.141" ], "related.user": [ "maperia" @@ -7662,8 +7662,8 @@ "rsa.investigations.event_vcat": "olupt", "rsa.misc.OS": "rumw", "rsa.misc.action": [ - "block", - "tali" + "tali", + "block" ], "rsa.misc.category": "itsedq", "rsa.misc.client": "esciu", diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json index 2d1832bc54a..d8efe2892a5 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json @@ -282,6 +282,7 @@ "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7527, "source.geo.location.lon": 37.6172, "source.geo.region_iso_code": "RU-MOW", @@ -327,6 +328,7 @@ "source.geo.city_name": "Clermont-Ferrand", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 45.7838, "source.geo.location.lon": 3.0966, "source.geo.region_iso_code": "FR-63", diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json index c8b16376e8f..73f9e79c29a 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json @@ -6,6 +6,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -801,6 +802,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -866,6 +868,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json index 7c44c612d13..a3840436672 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_APPLICATION_SETTING", "event.category": [ "iam" @@ -42,6 +41,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -56,7 +56,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_APPLICATION_SETTING", "event.category": [ "iam" @@ -97,6 +96,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -111,7 +111,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_APPLICATION_SETTING", "event.category": [ "iam" @@ -152,6 +151,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -166,7 +166,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REORDER_GROUP_BASED_POLICIES_EVENT", "event.category": [ "iam" @@ -206,6 +205,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -220,7 +220,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GPLUS_PREMIUM_FEATURES", "event.category": [ "iam" @@ -255,6 +254,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -269,7 +269,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_MANAGED_CONFIGURATION", "event.category": [ "iam" @@ -304,6 +303,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -318,7 +318,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_MANAGED_CONFIGURATION", "event.category": [ "iam" @@ -353,6 +352,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -367,7 +367,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_MANAGED_CONFIGURATION", "event.category": [ "iam" @@ -402,6 +401,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -416,7 +416,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "FLASHLIGHT_EDU_NON_FEATURED_SERVICES_SELECTED", "event.category": [ "iam" @@ -450,6 +449,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json index 88580177907..2a8eb8eb3fe 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_BUILDING", "event.category": [ "iam" @@ -35,6 +34,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -49,7 +49,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_BUILDING", "event.category": [ "iam" @@ -84,6 +83,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -98,7 +98,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_BUILDING", "event.category": [ "iam" @@ -136,6 +135,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -150,7 +150,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_CALENDAR_RESOURCE", "event.category": [ "iam" @@ -185,6 +184,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -199,7 +199,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_CALENDAR_RESOURCE", "event.category": [ "iam" @@ -234,6 +233,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -248,7 +248,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_CALENDAR_RESOURCE_FEATURE", "event.category": [ "iam" @@ -283,6 +282,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -297,7 +297,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_CALENDAR_RESOURCE_FEATURE", "event.category": [ "iam" @@ -332,6 +331,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -346,7 +346,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_CALENDAR_RESOURCE_FEATURE", "event.category": [ "iam" @@ -384,6 +383,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -398,7 +398,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RENAME_CALENDAR_RESOURCE", "event.category": [ "iam" @@ -434,6 +433,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -448,7 +448,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_CALENDAR_RESOURCE", "event.category": [ "iam" @@ -486,6 +485,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -500,7 +500,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CALENDAR_SETTING", "event.category": [ "iam" @@ -541,6 +540,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -555,7 +555,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CANCEL_CALENDAR_EVENTS", "event.category": [ "iam" @@ -590,6 +589,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -604,7 +604,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RELEASE_CALENDAR_RESOURCES", "event.category": [ "iam" @@ -639,6 +638,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json index 70de8368e2c..4736114f427 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MEET_INTEROP_CREATE_GATEWAY", "event.category": [ "iam" @@ -34,6 +33,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -48,7 +48,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MEET_INTEROP_DELETE_GATEWAY", "event.category": [ "iam" @@ -82,6 +81,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -96,7 +96,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MEET_INTEROP_MODIFY_GATEWAY", "event.category": [ "iam" @@ -130,6 +129,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -144,7 +144,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHAT_SETTING", "event.category": [ "iam" @@ -185,6 +184,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json index 4ce27e5aff2..00f51c0bc79 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING", "event.category": [ "iam" @@ -42,6 +41,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -56,7 +56,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DEVICE_STATE", "event.category": [ "iam" @@ -93,6 +92,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -107,7 +107,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_APPLICATION_SETTING", "event.category": [ "iam" @@ -149,6 +148,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -163,7 +163,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SEND_CHROME_OS_DEVICE_COMMAND", "event.category": [ "iam" @@ -198,6 +197,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -212,7 +212,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_DEVICE_ANNOTATION", "event.category": [ "iam" @@ -246,6 +245,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -260,7 +260,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_DEVICE_SETTING", "event.category": [ "iam" @@ -297,6 +296,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -311,7 +311,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_DEVICE_STATE", "event.category": [ "iam" @@ -348,6 +347,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -362,7 +362,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_PUBLIC_SESSION_SETTING", "event.category": [ "iam" @@ -399,6 +398,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -413,7 +413,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "INSERT_CHROME_OS_PRINT_SERVER", "event.category": [ "iam" @@ -447,6 +446,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -461,7 +461,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_CHROME_OS_PRINT_SERVER", "event.category": [ "iam" @@ -495,6 +494,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -509,7 +509,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_CHROME_OS_PRINT_SERVER", "event.category": [ "iam" @@ -545,6 +544,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -559,7 +559,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "INSERT_CHROME_OS_PRINTER", "event.category": [ "iam" @@ -593,6 +592,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -607,7 +607,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_CHROME_OS_PRINTER", "event.category": [ "iam" @@ -641,6 +640,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -655,7 +655,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_CHROME_OS_PRINTER", "event.category": [ "iam" @@ -691,6 +690,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -705,7 +705,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_SETTING", "event.category": [ "iam" @@ -742,6 +741,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -756,7 +756,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CHROME_OS_USER_SETTING", "event.category": [ "iam" @@ -793,6 +792,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -807,7 +807,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ISSUE_DEVICE_COMMAND", "event.category": [ "iam" @@ -846,6 +845,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -860,7 +860,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOVE_DEVICE_TO_ORG_UNIT_DETAILED", "event.category": [ "iam" @@ -897,6 +896,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -911,7 +911,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_CHROME_OS_APPLICATION_SETTINGS", "event.category": [ "iam" @@ -945,6 +944,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -959,7 +959,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_DEVICE", "event.category": [ "iam" @@ -994,6 +993,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1008,7 +1008,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CONTACTS_SETTING", "event.category": [ "iam" @@ -1046,6 +1045,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json index ed54f20525a..dee1917e48d 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CONTACTS_SETTING", "event.category": [ "iam" @@ -38,6 +37,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json index c43835104fa..b5c6d47d8b3 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ASSIGN_ROLE", "event.category": [ "iam" @@ -37,6 +36,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -51,7 +51,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_ROLE", "event.category": [ "iam" @@ -86,6 +85,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -100,7 +100,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_ROLE", "event.category": [ "iam" @@ -135,6 +134,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -149,7 +149,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_PRIVILEGE", "event.category": [ "iam" @@ -185,6 +184,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -199,7 +199,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_PRIVILEGE", "event.category": [ "iam" @@ -235,6 +234,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -249,7 +249,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RENAME_ROLE", "event.category": [ "iam" @@ -284,6 +283,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -298,7 +298,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_ROLE", "event.category": [ "iam" @@ -333,6 +332,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -347,7 +347,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNASSIGN_ROLE", "event.category": [ "iam" @@ -384,6 +383,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json index 4fb31027b62..e0f00e25443 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TRANSFER_DOCUMENT_OWNERSHIP", "event.category": [ "iam" @@ -37,6 +36,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -51,7 +51,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DRIVE_DATA_RESTORE", "event.category": [ "iam" @@ -89,6 +88,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -103,7 +103,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DOCS_SETTING", "event.category": [ "iam" @@ -144,6 +143,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -157,4 +157,4 @@ "forwarded" ] } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json index a8d965c7c8d..a349010fdb4 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ACCOUNT_AUTO_RENEWAL", "event.category": [ "iam" @@ -35,6 +34,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -49,7 +49,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_APPLICATION", "event.category": [ "iam" @@ -85,6 +84,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -99,7 +99,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_APPLICATION_TO_WHITELIST", "event.category": [ "iam" @@ -134,6 +133,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -148,7 +148,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ADVERTISEMENT_OPTION", "event.category": [ "iam" @@ -184,6 +183,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -198,7 +198,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_ALERT", "event.category": [ "iam" @@ -232,6 +231,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -246,7 +246,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ALERT_CRITERIA", "event.category": [ "iam" @@ -280,6 +279,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -294,7 +294,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_ALERT", "event.category": [ "iam" @@ -328,6 +327,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -342,7 +342,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ALERT_RECEIVERS_CHANGED", "event.category": [ "iam" @@ -378,6 +377,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -392,7 +392,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RENAME_ALERT", "event.category": [ "iam" @@ -427,6 +426,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -441,7 +441,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ALERT_STATUS_CHANGED", "event.category": [ "iam" @@ -477,6 +476,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -491,7 +491,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_DOMAIN_ALIAS", "event.category": [ "iam" @@ -526,6 +525,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -540,7 +540,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_DOMAIN_ALIAS", "event.category": [ "iam" @@ -575,6 +574,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -589,7 +589,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SKIP_DOMAIN_ALIAS_MX", "event.category": [ "iam" @@ -624,6 +623,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -638,7 +638,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VERIFY_DOMAIN_ALIAS_MX", "event.category": [ "iam" @@ -673,6 +672,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -687,7 +687,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VERIFY_DOMAIN_ALIAS", "event.category": [ "iam" @@ -723,6 +722,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -737,7 +737,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_OAUTH_ACCESS_TO_ALL_APIS", "event.category": [ "iam" @@ -772,6 +771,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -786,7 +786,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_ALLOW_ADMIN_PASSWORD_RESET", "event.category": [ "iam" @@ -821,6 +820,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -835,7 +835,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENABLE_API_ACCESS", "event.category": [ "iam" @@ -871,6 +870,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -885,7 +885,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "AUTHORIZE_API_CLIENT_ACCESS", "event.category": [ "iam" @@ -924,6 +923,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -938,7 +938,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_API_CLIENT_ACCESS", "event.category": [ "iam" @@ -973,6 +972,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -987,7 +987,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_LICENSES_REDEEMED", "event.category": [ "iam" @@ -1023,6 +1022,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1037,7 +1037,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_AUTO_ADD_NEW_SERVICE", "event.category": [ "iam" @@ -1072,6 +1071,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1086,7 +1086,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_PRIMARY_DOMAIN", "event.category": [ "iam" @@ -1121,6 +1120,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1135,7 +1135,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_WHITELIST_SETTING", "event.category": [ "iam" @@ -1171,6 +1170,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1185,7 +1185,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMMUNICATION_PREFERENCES_SETTING_CHANGE", "event.category": [ "iam" @@ -1222,6 +1221,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1236,7 +1236,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CONFLICT_ACCOUNT_ACTION", "event.category": [ "iam" @@ -1272,6 +1271,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1286,7 +1286,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENABLE_FEEDBACK_SOLICITATION", "event.category": [ "iam" @@ -1322,6 +1321,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1336,7 +1336,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_CONTACT_SHARING", "event.category": [ "iam" @@ -1371,6 +1370,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1385,7 +1385,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_PLAY_FOR_WORK_TOKEN", "event.category": [ "iam" @@ -1419,6 +1418,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1433,7 +1433,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_USE_CUSTOM_LOGO", "event.category": [ "iam" @@ -1468,6 +1467,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1482,7 +1482,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CUSTOM_LOGO", "event.category": [ "iam" @@ -1516,6 +1515,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1530,7 +1530,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", "event.category": [ "iam" @@ -1566,6 +1565,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1580,7 +1580,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DATA_LOCALIZATION_SETTING", "event.category": [ "iam" @@ -1616,6 +1615,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1630,7 +1630,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DATA_PROTECTION_OFFICER_CONTACT_INFO", "event.category": [ "iam" @@ -1666,6 +1665,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1680,7 +1680,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_PLAY_FOR_WORK_TOKEN", "event.category": [ "iam" @@ -1714,6 +1713,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1728,7 +1728,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VIEW_DNS_LOGIN_DETAILS", "event.category": [ "iam" @@ -1762,6 +1761,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1776,7 +1776,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DOMAIN_DEFAULT_LOCALE", "event.category": [ "iam" @@ -1812,6 +1811,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1826,7 +1826,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DOMAIN_DEFAULT_TIMEZONE", "event.category": [ "iam" @@ -1862,6 +1861,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1876,7 +1876,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DOMAIN_NAME", "event.category": [ "iam" @@ -1911,6 +1910,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1925,7 +1925,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_ENABLE_PRE_RELEASE_FEATURES", "event.category": [ "iam" @@ -1960,6 +1959,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1974,7 +1974,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_DOMAIN_SUPPORT_MESSAGE", "event.category": [ "iam" @@ -2010,6 +2009,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2024,7 +2024,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_TRUSTED_DOMAINS", "event.category": [ "iam" @@ -2058,6 +2057,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2072,7 +2072,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_TRUSTED_DOMAINS", "event.category": [ "iam" @@ -2106,6 +2105,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2120,7 +2120,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_EDU_TYPE", "event.category": [ "iam" @@ -2156,6 +2155,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2170,7 +2170,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_ENABLE_OAUTH_CONSUMER_KEY", "event.category": [ "iam" @@ -2205,6 +2204,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2219,7 +2219,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_SSO_ENABLED", "event.category": [ "iam" @@ -2254,6 +2253,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2268,7 +2268,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_SSL", "event.category": [ "iam" @@ -2303,6 +2302,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2317,7 +2317,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_EU_REPRESENTATIVE_CONTACT_INFO", "event.category": [ "iam" @@ -2353,6 +2352,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2367,7 +2367,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GENERATE_TRANSFER_TOKEN", "event.category": [ "iam" @@ -2400,6 +2399,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2414,7 +2414,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_LOGIN_BACKGROUND_COLOR", "event.category": [ "iam" @@ -2450,6 +2449,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2464,7 +2464,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_LOGIN_BORDER_COLOR", "event.category": [ "iam" @@ -2500,6 +2499,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2514,7 +2514,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_LOGIN_ACTIVITY_TRACE", "event.category": [ "iam" @@ -2550,6 +2549,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2564,7 +2564,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "PLAY_FOR_WORK_ENROLL", "event.category": [ "iam" @@ -2599,6 +2598,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2613,7 +2613,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "PLAY_FOR_WORK_UNENROLL", "event.category": [ "iam" @@ -2647,6 +2646,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2661,7 +2661,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MX_RECORD_VERIFICATION_CLAIM", "event.category": [ "iam" @@ -2697,6 +2696,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2711,7 +2711,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_NEW_APP_FEATURES", "event.category": [ "iam" @@ -2746,6 +2745,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2760,7 +2760,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_USE_NEXT_GEN_CONTROL_PANEL", "event.category": [ "iam" @@ -2795,6 +2794,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2809,7 +2809,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPLOAD_OAUTH_CERTIFICATE", "event.category": [ "iam" @@ -2843,6 +2842,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2857,7 +2857,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REGENERATE_OAUTH_CONSUMER_SECRET", "event.category": [ "iam" @@ -2891,6 +2890,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2905,7 +2905,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_OPEN_ID_ENABLED", "event.category": [ "iam" @@ -2940,6 +2939,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2954,7 +2954,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ORGANIZATION_NAME", "event.category": [ "iam" @@ -2990,6 +2989,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3004,7 +3004,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_OUTBOUND_RELAY", "event.category": [ "iam" @@ -3041,6 +3040,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3055,7 +3055,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_PASSWORD_MAX_LENGTH", "event.category": [ "iam" @@ -3091,6 +3090,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3105,7 +3105,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_PASSWORD_MIN_LENGTH", "event.category": [ "iam" @@ -3141,6 +3140,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3155,7 +3155,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_DOMAIN_PRIMARY_ADMIN_EMAIL", "event.category": [ "iam" @@ -3191,6 +3190,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3205,7 +3205,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENABLE_SERVICE_OR_FEATURE_NOTIFICATIONS", "event.category": [ "iam" @@ -3241,6 +3240,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3255,7 +3255,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_APPLICATION", "event.category": [ "iam" @@ -3290,6 +3289,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3304,7 +3304,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_APPLICATION_FROM_WHITELIST", "event.category": [ "iam" @@ -3339,6 +3338,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3353,7 +3353,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_RENEW_DOMAIN_REGISTRATION", "event.category": [ "iam" @@ -3389,6 +3388,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3403,7 +3403,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_RESELLER_ACCESS", "event.category": [ "iam" @@ -3438,6 +3437,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3452,7 +3452,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RULE_ACTIONS_CHANGED", "event.category": [ "iam" @@ -3486,6 +3485,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3500,7 +3500,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_RULE", "event.category": [ "iam" @@ -3534,6 +3533,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3548,7 +3548,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_RULE_CRITERIA", "event.category": [ "iam" @@ -3582,6 +3581,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3596,7 +3596,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_RULE", "event.category": [ "iam" @@ -3630,6 +3629,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3644,7 +3644,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RENAME_RULE", "event.category": [ "iam" @@ -3679,6 +3678,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3693,7 +3693,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RULE_STATUS_CHANGED", "event.category": [ "iam" @@ -3729,6 +3728,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3743,7 +3743,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_SECONDARY_DOMAIN", "event.category": [ "iam" @@ -3778,6 +3777,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3792,7 +3792,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_SECONDARY_DOMAIN", "event.category": [ "iam" @@ -3827,6 +3826,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3841,7 +3841,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SKIP_SECONDARY_DOMAIN_MX", "event.category": [ "iam" @@ -3876,6 +3875,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3890,7 +3890,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VERIFY_SECONDARY_DOMAIN_MX", "event.category": [ "iam" @@ -3925,6 +3924,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3939,7 +3939,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VERIFY_SECONDARY_DOMAIN", "event.category": [ "iam" @@ -3974,6 +3973,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3988,7 +3988,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_DOMAIN_SECONDARY_EMAIL", "event.category": [ "iam" @@ -4024,6 +4023,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -4038,7 +4038,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_SSO_SETTINGS", "event.category": [ "iam" @@ -4072,6 +4071,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -4086,7 +4086,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GENERATE_PIN", "event.category": [ "iam" @@ -4119,6 +4118,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -4133,7 +4133,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_RULE", "event.category": [ "iam" @@ -4167,6 +4166,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json index bdb57f64b88..f62dad33200 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DROP_FROM_QUARANTINE", "event.category": [ "iam" @@ -35,6 +34,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -49,7 +49,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "EMAIL_LOG_SEARCH", "event.category": [ "iam" @@ -89,6 +88,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -103,7 +103,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "EMAIL_UNDELETE", "event.category": [ "iam" @@ -141,6 +140,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -155,7 +155,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_EMAIL_SETTING", "event.category": [ "iam" @@ -196,6 +195,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -210,7 +210,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_GMAIL_SETTING", "event.category": [ "iam" @@ -247,6 +246,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -261,7 +261,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_GMAIL_SETTING", "event.category": [ "iam" @@ -298,6 +297,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -312,7 +312,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_GMAIL_SETTING", "event.category": [ "iam" @@ -349,6 +348,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -363,7 +363,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REJECT_FROM_QUARANTINE", "event.category": [ "iam" @@ -398,6 +397,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -412,7 +412,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RELEASE_FROM_QUARANTINE", "event.category": [ "iam" @@ -447,6 +446,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -460,4 +460,4 @@ "forwarded" ] } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json index 42a9699094c..ff894cd6c05 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_GROUP", "event.category": [ "iam" @@ -37,6 +36,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -51,7 +51,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_GROUP", "event.category": [ "iam" @@ -88,6 +87,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -102,7 +102,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_GROUP_DESCRIPTION", "event.category": [ "iam" @@ -139,6 +138,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -153,7 +153,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GROUP_LIST_DOWNLOAD", "event.category": [ "iam" @@ -187,6 +186,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -201,7 +201,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_GROUP_MEMBER", "event.category": [ "iam" @@ -240,6 +239,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -254,7 +254,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_GROUP_MEMBER", "event.category": [ "iam" @@ -293,6 +292,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -307,7 +307,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_GROUP_MEMBER", "event.category": [ "iam" @@ -348,6 +347,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -362,7 +362,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS", "event.category": [ "iam" @@ -403,6 +402,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -417,7 +417,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_GROUP_MEMBER_DELIVERY_SETTINGS_CAN_EMAIL_OVERRIDE", "event.category": [ "iam" @@ -458,6 +457,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -472,7 +472,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GROUP_MEMBER_BULK_UPLOAD", "event.category": [ "iam" @@ -508,6 +507,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -522,7 +522,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GROUP_MEMBERS_DOWNLOAD", "event.category": [ "iam" @@ -556,6 +555,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -570,7 +570,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_GROUP_NAME", "event.category": [ "iam" @@ -608,6 +607,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -622,7 +622,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_GROUP_SETTING", "event.category": [ "iam" @@ -662,6 +661,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -676,7 +676,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "WHITELISTED_GROUPS_UPDATED", "event.category": [ "iam" @@ -715,6 +714,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json index d51d602ae7b..1fd3a0da6e2 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ORG_USERS_LICENSE_ASSIGNMENT", "event.category": [ "iam" @@ -36,6 +35,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -50,7 +50,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ORG_ALL_USERS_LICENSE_ASSIGNMENT", "event.category": [ "iam" @@ -86,6 +85,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -100,7 +100,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_LICENSE_ASSIGNMENT", "event.category": [ "iam" @@ -137,6 +136,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -151,7 +151,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_LICENSE_AUTO_ASSIGN", "event.category": [ "iam" @@ -187,6 +186,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -201,7 +201,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_LICENSE_REASSIGNMENT", "event.category": [ "iam" @@ -239,6 +238,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -253,7 +253,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ORG_LICENSE_REVOKE", "event.category": [ "iam" @@ -289,6 +288,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -303,7 +303,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_LICENSE_REVOKE", "event.category": [ "iam" @@ -340,6 +339,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -354,7 +354,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_DYNAMIC_LICENSE", "event.category": [ "iam" @@ -391,6 +390,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json index 8e2f2896bdb..99bea4702c3 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ACTION_CANCELLED", "event.category": [ "iam" @@ -40,6 +39,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -54,7 +54,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ACTION_REQUESTED", "event.category": [ "iam" @@ -94,6 +93,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -108,7 +108,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_MOBILE_CERTIFICATE", "event.category": [ "iam" @@ -144,6 +143,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -158,7 +158,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMPANY_DEVICES_BULK_CREATION", "event.category": [ "iam" @@ -192,6 +191,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -206,7 +206,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMPANY_OWNED_DEVICE_BLOCKED", "event.category": [ "iam" @@ -241,6 +240,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -255,7 +255,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMPANY_DEVICE_DELETION", "event.category": [ "iam" @@ -290,6 +289,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -304,7 +304,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMPANY_OWNED_DEVICE_UNBLOCKED", "event.category": [ "iam" @@ -339,6 +338,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -353,7 +353,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "COMPANY_OWNED_DEVICE_WIPED", "event.category": [ "iam" @@ -388,6 +387,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -402,7 +402,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_APPLICATION_PERMISSION_GRANT", "event.category": [ "iam" @@ -442,6 +441,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -456,7 +456,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_APPLICATION_PRIORITY_ORDER", "event.category": [ "iam" @@ -491,6 +490,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -505,7 +505,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_MOBILE_APPLICATION_FROM_WHITELIST", "event.category": [ "iam" @@ -542,6 +541,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -556,7 +556,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_APPLICATION_SETTINGS", "event.category": [ "iam" @@ -596,6 +595,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -610,7 +610,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_MOBILE_APPLICATION_TO_WHITELIST", "event.category": [ "iam" @@ -647,6 +646,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -661,7 +661,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_APPROVE", "event.category": [ "iam" @@ -699,6 +698,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -713,7 +713,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_BLOCK", "event.category": [ "iam" @@ -751,6 +750,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -765,7 +765,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_DELETE", "event.category": [ "iam" @@ -803,6 +802,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -817,7 +817,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_WIPE", "event.category": [ "iam" @@ -855,6 +854,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -869,7 +869,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_SETTING", "event.category": [ "iam" @@ -907,6 +906,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -921,7 +921,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ADMIN_RESTRICTIONS_PIN", "event.category": [ "iam" @@ -956,6 +955,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -970,7 +970,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK", "event.category": [ "iam" @@ -1006,6 +1005,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1020,7 +1020,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_MOBILE_WIRELESS_NETWORK", "event.category": [ "iam" @@ -1056,6 +1055,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1070,7 +1070,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_MOBILE_WIRELESS_NETWORK", "event.category": [ "iam" @@ -1106,6 +1105,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1120,7 +1120,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_MOBILE_WIRELESS_NETWORK_PASSWORD", "event.category": [ "iam" @@ -1156,6 +1155,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1170,7 +1170,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_MOBILE_CERTIFICATE", "event.category": [ "iam" @@ -1206,6 +1205,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1220,7 +1220,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENROLL_FOR_GOOGLE_DEVICE_MANAGEMENT", "event.category": [ "iam" @@ -1253,6 +1252,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1267,7 +1267,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT", "event.category": [ "iam" @@ -1300,6 +1299,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1314,7 +1314,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_NON_IOS", "event.category": [ "iam" @@ -1347,6 +1346,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1361,7 +1361,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USE_GOOGLE_MOBILE_MANAGEMENT_FOR_IOS", "event.category": [ "iam" @@ -1394,6 +1393,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1408,7 +1408,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_ACCOUNT_WIPE", "event.category": [ "iam" @@ -1446,6 +1445,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1460,7 +1460,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_APPROVE", "event.category": [ "iam" @@ -1498,6 +1497,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1512,7 +1512,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOBILE_DEVICE_CANCEL_WIPE_THEN_BLOCK", "event.category": [ "iam" @@ -1550,6 +1549,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json index b2a88d67fe8..b4cdd02f0bd 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_LICENSES_ENABLED", "event.category": [ "iam" @@ -36,6 +35,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -50,7 +50,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_CREATED", "event.category": [ "iam" @@ -87,6 +86,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -101,7 +101,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_DELETED", "event.category": [ "iam" @@ -137,6 +136,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -151,7 +151,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_APPLICATION_LICENSE_RESERVATION_UPDATED", "event.category": [ "iam" @@ -189,6 +188,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -203,7 +203,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_DEVICE_ENROLLMENT_TOKEN", "event.category": [ "iam" @@ -237,6 +236,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -251,7 +251,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ASSIGN_CUSTOM_LOGO", "event.category": [ "iam" @@ -285,6 +284,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -299,7 +299,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNASSIGN_CUSTOM_LOGO", "event.category": [ "iam" @@ -333,6 +332,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -347,7 +347,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_ENROLLMENT_TOKEN", "event.category": [ "iam" @@ -381,6 +380,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -395,7 +395,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_ENROLLMENT_TOKEN", "event.category": [ "iam" @@ -429,6 +428,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -443,7 +443,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHROME_LICENSES_ALLOWED", "event.category": [ "iam" @@ -479,6 +478,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -493,7 +493,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_ORG_UNIT", "event.category": [ "iam" @@ -527,6 +526,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -541,7 +541,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_ORG_UNIT", "event.category": [ "iam" @@ -575,6 +574,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -589,7 +589,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "EDIT_ORG_UNIT_DESCRIPTION", "event.category": [ "iam" @@ -623,6 +622,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -637,7 +637,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOVE_ORG_UNIT", "event.category": [ "iam" @@ -672,6 +671,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -686,7 +686,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "EDIT_ORG_UNIT_NAME", "event.category": [ "iam" @@ -721,6 +720,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -735,7 +735,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_DEVICE_ENROLLMENT_TOKEN", "event.category": [ "iam" @@ -769,6 +768,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -783,7 +783,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_SERVICE_ENABLED", "event.category": [ "iam" @@ -823,6 +822,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json index 65321e3842a..ccfe0f5b3ed 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ALLOW_STRONG_AUTHENTICATION", "event.category": [ "iam" @@ -36,6 +35,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -50,7 +50,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ALLOW_SERVICE_FOR_OAUTH2_ACCESS", "event.category": [ "iam" @@ -85,6 +84,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -99,7 +99,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS", "event.category": [ "iam" @@ -134,6 +133,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -148,7 +148,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_APP_ACCESS_SETTINGS_COLLECTION_ID", "event.category": [ "iam" @@ -186,6 +185,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -200,7 +200,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_TO_TRUSTED_OAUTH2_APPS", "event.category": [ "iam" @@ -237,6 +236,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -251,7 +251,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_FROM_TRUSTED_OAUTH2_APPS", "event.category": [ "iam" @@ -288,6 +287,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -302,7 +302,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "BLOCK_ON_DEVICE_ACCESS", "event.category": [ "iam" @@ -337,6 +336,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -351,7 +351,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", "event.category": [ "iam" @@ -390,6 +389,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -404,7 +404,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", "event.category": [ "iam" @@ -443,6 +442,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -457,7 +457,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_TWO_STEP_VERIFICATION_GRACE_PERIOD_DURATION", "event.category": [ "iam" @@ -496,6 +495,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -510,7 +510,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_TWO_STEP_VERIFICATION_START_DATE", "event.category": [ "iam" @@ -549,6 +548,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -563,7 +563,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", "event.category": [ "iam" @@ -601,6 +600,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -615,7 +615,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_CAA_ENABLEMENT", "event.category": [ "iam" @@ -649,6 +648,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -663,7 +663,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CAA_ERROR_MESSAGE", "event.category": [ "iam" @@ -698,6 +697,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -712,7 +712,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_CAA_APP_ASSIGNMENTS", "event.category": [ "iam" @@ -750,6 +749,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -764,7 +764,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS", "event.category": [ "iam" @@ -798,6 +797,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -812,7 +812,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TRUST_DOMAIN_OWNED_OAUTH2_APPS", "event.category": [ "iam" @@ -846,6 +845,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -860,7 +860,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENABLE_NON_ADMIN_USER_PASSWORD_RECOVERY", "event.category": [ "iam" @@ -899,6 +898,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -913,7 +913,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENFORCE_STRONG_AUTHENTICATION", "event.category": [ "iam" @@ -954,6 +953,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -968,7 +968,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_ERROR_MSG_FOR_RESTRICTED_OAUTH2_APPS", "event.category": [ "iam" @@ -1004,6 +1003,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1018,7 +1018,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", "event.category": [ "iam" @@ -1057,6 +1056,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1071,7 +1071,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SESSION_CONTROL_SETTINGS_CHANGE", "event.category": [ "iam" @@ -1108,6 +1107,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1122,7 +1122,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_SESSION_LENGTH", "event.category": [ "iam" @@ -1157,6 +1156,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1171,7 +1171,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNBLOCK_ON_DEVICE_ACCESS", "event.category": [ "iam" @@ -1206,6 +1205,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json index b5afcff1ea3..272f4fb77e7 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_WEB_ADDRESS", "event.category": [ "iam" @@ -37,6 +36,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -53,7 +53,6 @@ "url.path": "/path/in/url" }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_WEB_ADDRESS", "event.category": [ "iam" @@ -90,6 +89,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -106,7 +106,6 @@ "url.path": "/path/in/url" }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_SITES_SETTING", "event.category": [ "iam" @@ -144,6 +143,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -158,7 +158,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_SITES_WEB_ADDRESS_MAPPING_UPDATES", "event.category": [ "iam" @@ -192,6 +191,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -208,7 +208,6 @@ "url.path": "/path/in/url" }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VIEW_SITE_DETAILS", "event.category": [ "iam" @@ -242,6 +241,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json index f6220f7fcbd..b3be5557b03 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_2SV_SCRATCH_CODES", "event.category": [ "iam" @@ -36,6 +35,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -50,7 +50,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GENERATE_2SV_SCRATCH_CODES", "event.category": [ "iam" @@ -86,6 +85,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -100,7 +100,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_3LO_DEVICE_TOKENS", "event.category": [ "iam" @@ -138,6 +137,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -152,7 +152,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_3LO_TOKEN", "event.category": [ "iam" @@ -189,6 +188,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -203,7 +203,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_RECOVERY_EMAIL", "event.category": [ "iam" @@ -239,6 +238,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -253,7 +253,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_RECOVERY_PHONE", "event.category": [ "iam" @@ -289,6 +288,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -303,7 +303,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GRANT_ADMIN_PRIVILEGE", "event.category": [ "iam" @@ -339,6 +338,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -353,7 +353,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_ADMIN_PRIVILEGE", "event.category": [ "iam" @@ -389,6 +388,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -403,7 +403,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_ASP", "event.category": [ "iam" @@ -440,6 +439,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -454,7 +454,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TOGGLE_AUTOMATIC_CONTACT_SHARING", "event.category": [ "iam" @@ -491,6 +490,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -505,7 +505,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "BULK_UPLOAD", "event.category": [ "iam" @@ -541,6 +540,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -555,7 +555,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "BULK_UPLOAD_NOTIFICATION_SENT", "event.category": [ "iam" @@ -592,6 +591,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -606,7 +606,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CANCEL_USER_INVITE", "event.category": [ "iam" @@ -643,6 +642,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -657,7 +657,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_CUSTOM_FIELD", "event.category": [ "iam" @@ -696,6 +695,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -710,7 +710,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_EXTERNAL_ID", "event.category": [ "iam" @@ -748,6 +747,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -762,7 +762,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_GENDER", "event.category": [ "iam" @@ -800,6 +799,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -814,7 +814,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_IM", "event.category": [ "iam" @@ -852,6 +851,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -866,7 +866,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ENABLE_USER_IP_WHITELIST", "event.category": [ "iam" @@ -904,6 +903,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -918,7 +918,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_KEYWORD", "event.category": [ "iam" @@ -956,6 +955,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -970,7 +970,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_LANGUAGE", "event.category": [ "iam" @@ -1008,6 +1007,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1022,7 +1022,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_LOCATION", "event.category": [ "iam" @@ -1060,6 +1059,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1074,7 +1074,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_ORGANIZATION", "event.category": [ "iam" @@ -1112,6 +1111,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1126,7 +1126,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_PHONE_NUMBER", "event.category": [ "iam" @@ -1164,6 +1163,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1178,7 +1178,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_RECOVERY_EMAIL", "event.category": [ "iam" @@ -1214,6 +1213,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1228,7 +1228,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_RECOVERY_PHONE", "event.category": [ "iam" @@ -1264,6 +1263,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1278,7 +1278,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_RELATION", "event.category": [ "iam" @@ -1316,6 +1315,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1330,7 +1330,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_USER_ADDRESS", "event.category": [ "iam" @@ -1368,6 +1367,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1382,7 +1382,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_EMAIL_MONITOR", "event.category": [ "iam" @@ -1426,6 +1425,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1440,7 +1440,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_DATA_TRANSFER_REQUEST", "event.category": [ "iam" @@ -1478,6 +1477,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1492,7 +1492,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GRANT_DELEGATED_ADMIN_PRIVILEGES", "event.category": [ "iam" @@ -1529,6 +1528,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1543,7 +1543,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_ACCOUNT_INFO_DUMP", "event.category": [ "iam" @@ -1580,6 +1579,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1594,7 +1594,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_EMAIL_MONITOR", "event.category": [ "iam" @@ -1631,6 +1630,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1645,7 +1645,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_MAILBOX_DUMP", "event.category": [ "iam" @@ -1682,6 +1681,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1696,7 +1696,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_FIRST_NAME", "event.category": [ "iam" @@ -1734,6 +1733,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1748,7 +1748,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "GMAIL_RESET_USER", "event.category": [ "iam" @@ -1785,6 +1784,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1799,7 +1799,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_LAST_NAME", "event.category": [ "iam" @@ -1837,6 +1836,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1851,7 +1851,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MAIL_ROUTING_DESTINATION_ADDED", "event.category": [ "iam" @@ -1888,6 +1887,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1902,7 +1902,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MAIL_ROUTING_DESTINATION_REMOVED", "event.category": [ "iam" @@ -1939,6 +1938,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1953,7 +1953,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ADD_NICKNAME", "event.category": [ "iam" @@ -1990,6 +1989,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2004,7 +2004,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_NICKNAME", "event.category": [ "iam" @@ -2041,6 +2040,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2055,7 +2055,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_PASSWORD", "event.category": [ "iam" @@ -2091,6 +2090,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2105,7 +2105,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CHANGE_PASSWORD_ON_NEXT_LOGIN", "event.category": [ "iam" @@ -2143,6 +2142,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2157,7 +2157,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DOWNLOAD_PENDING_INVITES_LIST", "event.category": [ "iam" @@ -2190,6 +2189,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2204,7 +2204,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_RECOVERY_EMAIL", "event.category": [ "iam" @@ -2240,6 +2239,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2254,7 +2254,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REMOVE_RECOVERY_PHONE", "event.category": [ "iam" @@ -2290,6 +2289,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2304,7 +2304,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REQUEST_ACCOUNT_INFO", "event.category": [ "iam" @@ -2340,6 +2339,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2354,7 +2354,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REQUEST_MAILBOX_DUMP", "event.category": [ "iam" @@ -2396,6 +2395,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2410,7 +2410,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RESEND_USER_INVITE", "event.category": [ "iam" @@ -2447,6 +2446,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2461,7 +2461,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RESET_SIGNIN_COOKIES", "event.category": [ "iam" @@ -2497,6 +2496,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2511,7 +2511,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SECURITY_KEY_REGISTERED_FOR_USER", "event.category": [ "iam" @@ -2547,6 +2546,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2561,7 +2561,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "REVOKE_SECURITY_KEY", "event.category": [ "iam" @@ -2597,6 +2596,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2611,7 +2611,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_INVITE", "event.category": [ "iam" @@ -2648,6 +2647,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2662,7 +2662,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "VIEW_TEMP_PASSWORD", "event.category": [ "iam" @@ -2699,6 +2698,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2713,7 +2713,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "TURN_OFF_2_STEP_VERIFICATION", "event.category": [ "iam" @@ -2749,6 +2748,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2763,7 +2763,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNBLOCK_USER_SESSION", "event.category": [ "iam" @@ -2799,6 +2798,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2813,7 +2813,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNENROLL_USER_FROM_TITANIUM", "event.category": [ "iam" @@ -2849,6 +2848,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2863,7 +2863,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ARCHIVE_USER", "event.category": [ "iam" @@ -2899,6 +2898,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2913,7 +2913,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPDATE_BIRTHDATE", "event.category": [ "iam" @@ -2950,6 +2949,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -2964,7 +2964,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "CREATE_USER", "event.category": [ "iam" @@ -3000,6 +2999,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3014,7 +3014,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DELETE_USER", "event.category": [ "iam" @@ -3050,6 +3049,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3064,7 +3064,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DOWNGRADE_USER_FROM_GPLUS", "event.category": [ "iam" @@ -3100,6 +3099,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3114,7 +3114,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_ENROLLED_IN_TWO_STEP_VERIFICATION", "event.category": [ "iam" @@ -3150,6 +3149,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3164,7 +3164,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "DOWNLOAD_USERLIST_CSV", "event.category": [ "iam" @@ -3197,6 +3196,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3211,7 +3211,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "MOVE_USER_TO_ORG_UNIT", "event.category": [ "iam" @@ -3249,6 +3248,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3263,7 +3263,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USER_PUT_IN_TWO_STEP_VERIFICATION_GRACE_PERIOD", "event.category": [ "iam" @@ -3300,6 +3299,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3314,7 +3314,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "RENAME_USER", "event.category": [ "iam" @@ -3351,6 +3350,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3365,7 +3365,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNENROLL_USER_FROM_STRONG_AUTH", "event.category": [ "iam" @@ -3401,6 +3400,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3415,7 +3415,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "SUSPEND_USER", "event.category": [ "iam" @@ -3451,6 +3450,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3465,7 +3465,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNARCHIVE_USER", "event.category": [ "iam" @@ -3501,6 +3500,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3515,7 +3515,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNDELETE_USER", "event.category": [ "iam" @@ -3551,6 +3550,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3565,7 +3565,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UNSUSPEND_USER", "event.category": [ "iam" @@ -3601,6 +3600,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3615,7 +3615,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "UPGRADE_USER_TO_GPLUS", "event.category": [ "iam" @@ -3651,6 +3650,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3665,7 +3665,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USERS_BULK_UPLOAD", "event.category": [ "iam" @@ -3700,6 +3699,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3714,7 +3714,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "USERS_BULK_UPLOAD_NOTIFICATION_SENT", "event.category": [ "iam" @@ -3750,6 +3749,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -3763,4 +3763,4 @@ "forwarded" ] } -] +] \ No newline at end of file diff --git a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json index 3d75fea232d..9ffde6ce107 100644 --- a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "add_to_folder", "event.category": [ "file" @@ -47,6 +46,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -61,7 +61,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "approval_canceled", "event.category": [ "file", @@ -107,6 +106,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -121,7 +121,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "approval_comment_added", "event.category": [ "file", @@ -167,6 +166,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -181,7 +181,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "approval_requested", "event.category": [ "file", @@ -227,6 +226,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -241,7 +241,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "approval_reviewer_responded", "event.category": [ "file", @@ -287,6 +286,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -301,7 +301,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "create", "event.category": [ "file" @@ -346,6 +345,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -360,7 +360,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "delete", "event.category": [ "file" @@ -405,6 +404,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -419,7 +419,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "download", "event.category": [ "file" @@ -464,6 +463,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -478,7 +478,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "edit", "event.category": [ "file" @@ -523,6 +522,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -537,7 +537,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "add_lock", "event.category": [ "file" @@ -582,6 +581,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -596,7 +596,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "move", "event.category": [ "file" @@ -645,6 +644,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -659,7 +659,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "preview", "event.category": [ "file" @@ -704,6 +703,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -718,7 +718,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "print", "event.category": [ "file" @@ -763,6 +762,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -777,7 +777,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "remove_from_folder", "event.category": [ "file" @@ -824,6 +823,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -838,7 +838,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "rename", "event.category": [ "file" @@ -885,6 +884,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -899,7 +899,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "untrash", "event.category": [ "file" @@ -944,6 +943,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -958,7 +958,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "sheets_import_range", "event.category": [ "file" @@ -1003,6 +1002,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1017,7 +1017,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "trash", "event.category": [ "file" @@ -1062,6 +1061,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1076,7 +1076,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "remove_lock", "event.category": [ "file" @@ -1121,6 +1120,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1135,7 +1135,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "upload", "event.category": [ "file" @@ -1180,6 +1179,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1194,7 +1194,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "view", "event.category": [ "file" @@ -1240,6 +1239,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1254,7 +1254,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_acl_editors", "event.category": [ "file", @@ -1304,6 +1303,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1318,7 +1318,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_document_access_scope", "event.category": [ "file", @@ -1369,6 +1368,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1383,7 +1383,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_document_visibility", "event.category": [ "file", @@ -1434,6 +1433,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1448,7 +1448,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "shared_drive_membership_change", "event.category": [ "file", @@ -1499,6 +1498,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1513,7 +1513,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "shared_drive_settings_change", "event.category": [ "file", @@ -1564,6 +1563,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1578,7 +1578,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "sheets_import_range_access_change", "event.category": [ "file", @@ -1624,6 +1623,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1638,7 +1638,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_user_access", "event.category": [ "file", @@ -1690,6 +1689,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json index 8944e12d5e7..f62ef0391c0 100644 --- a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_acl_permission", "event.category": [ "iam" @@ -45,6 +44,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -59,7 +59,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "accept_invitation", "event.category": [ "iam" @@ -97,6 +96,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -111,7 +111,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "approve_join_request", "event.category": [ "iam" @@ -151,6 +150,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -165,7 +165,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "join", "event.category": [ "iam" @@ -203,6 +202,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -217,7 +217,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "request_to_join", "event.category": [ "iam" @@ -255,6 +254,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -269,7 +269,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_basic_setting", "event.category": [ "iam" @@ -309,6 +308,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -323,7 +323,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "create_group", "event.category": [ "iam" @@ -360,6 +359,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -374,7 +374,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "delete_group", "event.category": [ "iam" @@ -411,6 +410,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -425,7 +425,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_identity_setting", "event.category": [ "iam" @@ -465,6 +464,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -479,7 +479,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "add_info_setting", "event.category": [ "iam" @@ -518,6 +517,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -532,7 +532,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_info_setting", "event.category": [ "iam" @@ -572,6 +571,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -586,7 +586,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "remove_info_setting", "event.category": [ "iam" @@ -625,6 +624,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -639,7 +639,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_new_members_restrictions_setting", "event.category": [ "iam" @@ -679,6 +678,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -693,7 +693,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_post_replies_setting", "event.category": [ "iam" @@ -733,6 +732,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -747,7 +747,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_spam_moderation_setting", "event.category": [ "iam" @@ -787,6 +786,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -801,7 +801,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "change_topic_setting", "event.category": [ "iam" @@ -841,6 +840,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -855,7 +855,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "moderate_message", "event.category": [ "iam" @@ -896,6 +895,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -910,7 +910,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "always_post_from_user", "event.category": [ "iam" @@ -951,6 +950,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -965,7 +965,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "add_user", "event.category": [ "iam" @@ -1006,6 +1005,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1020,7 +1020,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "ban_user_with_moderation", "event.category": [ "iam" @@ -1061,6 +1060,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1075,7 +1075,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "revoke_invitation", "event.category": [ "iam" @@ -1115,6 +1114,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1129,7 +1129,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "invite_user", "event.category": [ "iam" @@ -1169,6 +1168,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1183,7 +1183,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "reject_join_request", "event.category": [ "iam" @@ -1223,6 +1222,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1237,7 +1237,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "reinvite_user", "event.category": [ "iam" @@ -1277,6 +1276,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -1291,7 +1291,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "remove_user", "event.category": [ "iam" @@ -1331,6 +1330,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json index 00731f235f3..287e6245a25 100644 --- a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "account_disabled_password_leak", "event.category": [ "authentication" @@ -35,6 +34,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -49,7 +49,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "account_disabled_generic", "event.category": [ "authentication" @@ -84,6 +83,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -98,7 +98,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "account_disabled_spamming_through_relay", "event.category": [ "authentication" @@ -133,6 +132,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -147,7 +147,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "account_disabled_spamming", "event.category": [ "authentication" @@ -182,6 +181,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -196,7 +196,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "gov_attack_warning", "event.category": [ "authentication" @@ -229,6 +228,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -243,7 +243,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ "authentication" @@ -280,6 +279,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -294,7 +294,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_challenge", "event.category": [ "authentication" @@ -330,6 +329,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -344,7 +344,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_verification", "event.category": [ "authentication" @@ -381,6 +380,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -395,7 +395,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "logout", "event.category": [ "authentication" @@ -429,6 +428,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -443,7 +443,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_success", "event.category": [ "authentication" @@ -480,6 +479,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json index 36dec3bfb61..6dd2d0216b0 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "login_failure", "event.category": [ "authentication" @@ -40,6 +39,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -54,7 +54,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:01.000Z", "event.action": "login_success", "event.category": [ "authentication" @@ -92,6 +91,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json index 47aba59e1da..689aad5cde2 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "2sv_disable", "event.category": [ "iam" @@ -34,6 +33,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -48,7 +48,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "2sv_enroll", "event.category": [ "iam" @@ -82,6 +81,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -96,7 +96,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "password_edit", "event.category": [ "iam" @@ -130,6 +129,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -144,7 +144,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "recovery_email_edit", "event.category": [ "iam" @@ -178,6 +177,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -192,7 +192,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "recovery_phone_edit", "event.category": [ "iam" @@ -226,6 +225,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -240,7 +240,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "recovery_secret_qa_edit", "event.category": [ "iam" @@ -274,6 +273,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -288,7 +288,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "titanium_enroll", "event.category": [ "iam" @@ -322,6 +321,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", @@ -336,7 +336,6 @@ ] }, { - "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "titanium_unenroll", "event.category": [ "iam" @@ -370,6 +369,7 @@ "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.7957, "source.geo.location.lon": -77.8618, "source.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json b/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json index 7894d6ff317..9aee12937a0 100644 --- a/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json +++ b/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json @@ -112,13 +112,13 @@ "ccusan7572.api.home" ], "related.ip": [ - "10.58.116.231", - "10.159.182.171" + "10.159.182.171", + "10.58.116.231" ], "related.user": [ - "temUten", + "qua", "uradi", - "qua" + "temUten" ], "rsa.counters.dclass_c1": 3626, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -174,9 +174,9 @@ "10.18.124.28" ], "related.user": [ - "modocons", + "mquidol", "lapariat", - "mquidol" + "modocons" ], "rsa.counters.dclass_c1": 6564, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -239,8 +239,8 @@ ], "related.user": [ "oluptas", - "occae", - "intoc" + "intoc", + "occae" ], "rsa.counters.event_counter": 7243, "rsa.db.database": "tNequepo", @@ -374,9 +374,9 @@ "10.211.105.204" ], "related.user": [ + "orema", "eveli", - "labor", - "orema" + "labor" ], "rsa.counters.dclass_c1": 6855, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -432,13 +432,13 @@ "pora6854.www5.home" ], "related.ip": [ - "10.214.191.180", - "10.112.250.193" + "10.112.250.193", + "10.214.191.180" ], "related.user": [ - "Exc", + "ipsumdol", "ide", - "ipsumdol" + "Exc" ], "rsa.counters.dclass_c1": 6852, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -493,12 +493,12 @@ "ptasn6599.www.localhost" ], "related.ip": [ - "10.192.34.76", - "10.251.20.13" + "10.251.20.13", + "10.192.34.76" ], "related.user": [ - "iquipe", "tnonpro", + "iquipe", "ovol" ], "rsa.counters.dclass_c1": 3645, @@ -556,8 +556,8 @@ ], "related.user": [ "idunt", - "archite", - "boree" + "boree", + "archite" ], "rsa.counters.dclass_c1": 248, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -617,8 +617,8 @@ "10.168.159.13" ], "related.user": [ - "atemq", "inci", + "atemq", "isnostr" ], "rsa.counters.dclass_c1": 6135, @@ -679,9 +679,9 @@ "10.49.167.57" ], "related.user": [ + "tali", "ccaeca", - "sau", - "tali" + "sau" ], "rsa.counters.dclass_c1": 6818, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -743,17 +743,17 @@ "10.216.125.252" ], "related.user": [ + "lorsita", "dolore", - "llamco", - "lorsita" + "llamco" ], "rsa.counters.event_counter": 4603, "rsa.db.database": "uptate", "rsa.internal.event_desc": "aquae", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "accept", - "quasia" + "quasia", + "accept" ], "rsa.misc.category": "boreetdo", "rsa.misc.disposition": "aturve", @@ -809,8 +809,8 @@ "umdolor4389.api.home" ], "related.ip": [ - "10.52.125.9", - "10.204.128.215" + "10.204.128.215", + "10.52.125.9" ], "related.user": [ "nci", @@ -875,8 +875,8 @@ "rationev6444.localhost" ], "related.ip": [ - "10.34.148.166", - "10.200.68.129" + "10.200.68.129", + "10.34.148.166" ], "related.user": [ "icabo", @@ -938,8 +938,8 @@ ], "related.user": [ "siu", - "conse", - "licabo" + "licabo", + "conse" ], "rsa.counters.dclass_c1": 6356, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -995,13 +995,13 @@ "spernatu5539.domain" ], "related.ip": [ - "10.30.98.10", - "10.126.26.131" + "10.126.26.131", + "10.30.98.10" ], "related.user": [ - "dipisci", + "velite", "olori", - "velite" + "dipisci" ], "rsa.counters.dclass_c1": 7717, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1061,9 +1061,9 @@ "10.190.10.219" ], "related.user": [ - "item", + "accusant", "quamnih", - "accusant" + "item" ], "rsa.counters.dclass_c1": 3278, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1147,12 +1147,12 @@ "maliquam2147.internal.home" ], "related.ip": [ - "10.100.98.56", - "10.248.184.200" + "10.248.184.200", + "10.100.98.56" ], "related.user": [ - "ritati", "proident", + "ritati", "boru" ], "rsa.counters.dclass_c1": 5923, @@ -1209,13 +1209,13 @@ "olabor2983.internal.localhost" ], "related.ip": [ - "10.197.6.245", - "10.82.28.220" + "10.82.28.220", + "10.197.6.245" ], "related.user": [ - "oluptat", "dtempo", - "aecatcup" + "aecatcup", + "oluptat" ], "rsa.counters.dclass_c1": 3071, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1276,8 +1276,8 @@ ], "related.user": [ "redol", - "asnu", - "ationul" + "ationul", + "asnu" ], "rsa.counters.dclass_c1": 6606, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1339,17 +1339,17 @@ "10.88.45.111" ], "related.user": [ + "undeomni", "lmole", - "iameaque", - "undeomni" + "iameaque" ], "rsa.counters.event_counter": 6344, "rsa.db.database": "nderi", "rsa.internal.event_desc": "iae", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "illu", - "deny" + "deny", + "illu" ], "rsa.misc.category": "quido", "rsa.misc.disposition": "emip", @@ -1407,8 +1407,8 @@ "10.214.3.140" ], "related.user": [ - "edolorin", "scipitl", + "edolorin", "taliqui" ], "rsa.counters.dclass_c1": 5140, @@ -1472,8 +1472,8 @@ ], "related.user": [ "caboNem", - "pta", - "etconsec" + "etconsec", + "pta" ], "rsa.counters.event_counter": 5347, "rsa.db.database": "urExcept", @@ -1535,13 +1535,13 @@ "nder347.www.corp" ], "related.ip": [ - "10.105.190.170", - "10.182.152.242" + "10.182.152.242", + "10.105.190.170" ], "related.user": [ + "doeiu", "litan", - "mquisn", - "doeiu" + "mquisn" ], "rsa.counters.dclass_c1": 3474, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1604,8 +1604,8 @@ ], "related.user": [ "emUte", - "liquam", - "min" + "min", + "liquam" ], "rsa.counters.event_counter": 7102, "rsa.db.database": "oluptat", @@ -1666,13 +1666,13 @@ "ectob4634.mail.localhost" ], "related.ip": [ - "10.72.75.207", - "10.201.168.116" + "10.201.168.116", + "10.72.75.207" ], "related.user": [ + "urau", "eFini", - "eufug", - "urau" + "eufug" ], "rsa.counters.dclass_c1": 3348, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1728,13 +1728,13 @@ "snu6436.www.local" ], "related.ip": [ - "10.9.46.123", - "10.58.133.175" + "10.58.133.175", + "10.9.46.123" ], "related.user": [ + "nde", "oco", - "mfu", - "nde" + "mfu" ], "rsa.counters.dclass_c1": 3795, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1794,8 +1794,8 @@ "10.70.29.203" ], "related.user": [ - "mquisnos", "veniamq", + "mquisnos", "pta" ], "rsa.counters.dclass_c1": 2358, @@ -1856,8 +1856,8 @@ "10.165.182.111" ], "related.user": [ - "ames", "Bonorum", + "ames", "sis" ], "rsa.counters.dclass_c1": 6401, @@ -1944,8 +1944,8 @@ "upt6017.api.localdomain" ], "related.ip": [ - "10.64.184.196", - "10.173.178.109" + "10.173.178.109", + "10.64.184.196" ], "related.user": [ "tam", @@ -1957,8 +1957,8 @@ "rsa.internal.event_desc": "orin", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "block", - "lamco" + "lamco", + "block" ], "rsa.misc.category": "enia", "rsa.misc.disposition": "iavol", @@ -2012,13 +2012,13 @@ "turQuis4046.api.test" ], "related.ip": [ - "10.90.50.149", - "10.168.225.209" + "10.168.225.209", + "10.90.50.149" ], "related.user": [ "aUtenima", - "olupta", - "olu" + "olu", + "olupta" ], "rsa.counters.dclass_c1": 1127, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2079,8 +2079,8 @@ ], "related.user": [ "mtota", - "luptat", - "qua" + "qua", + "luptat" ], "rsa.counters.dclass_c1": 6112, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2163,13 +2163,13 @@ "tatnonp1371.www.invalid" ], "related.ip": [ - "10.151.240.35", - "10.228.229.144" + "10.228.229.144", + "10.151.240.35" ], "related.user": [ + "lam", "ametcons", - "ama", - "lam" + "ama" ], "rsa.counters.dclass_c1": 4325, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2289,17 +2289,17 @@ "10.254.10.98" ], "related.user": [ - "civeli", "eufugia", - "ttenb" + "ttenb", + "civeli" ], "rsa.counters.event_counter": 7365, "rsa.db.database": "utlabore", "rsa.internal.event_desc": "culpaq", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "cancel", - "uptasn" + "uptasn", + "cancel" ], "rsa.misc.category": "quamq", "rsa.misc.disposition": "usan", @@ -2383,13 +2383,13 @@ "ihi7294.www5.localhost" ], "related.ip": [ - "10.169.28.157", - "10.116.1.130" + "10.116.1.130", + "10.169.28.157" ], "related.user": [ - "reseo", + "eturadip", "amco", - "eturadip" + "reseo" ], "rsa.counters.event_counter": 1295, "rsa.db.database": "ons", @@ -2451,13 +2451,13 @@ "caecat4920.api.host" ], "related.ip": [ - "10.29.138.31", - "10.45.69.152" + "10.45.69.152", + "10.29.138.31" ], "related.user": [ - "volupta", "umq", - "tsunt" + "tsunt", + "volupta" ], "rsa.counters.dclass_c1": 744, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2513,13 +2513,13 @@ "setquas6188.internal.local" ], "related.ip": [ - "10.100.113.11", - "10.152.213.228" + "10.152.213.228", + "10.100.113.11" ], "related.user": [ - "ptatev", "itationu", - "velillum" + "velillum", + "ptatev" ], "rsa.counters.dclass_c1": 7245, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2603,13 +2603,13 @@ "nibusBo3674.www5.localhost" ], "related.ip": [ - "10.208.33.55", - "10.248.102.129" + "10.248.102.129", + "10.208.33.55" ], "related.user": [ + "ulapari", "mremaper", - "inimv", - "ulapari" + "inimv" ], "rsa.counters.dclass_c1": 6433, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2669,8 +2669,8 @@ "10.109.230.216" ], "related.user": [ - "mporin", "ectobea", + "mporin", "ibus" ], "rsa.counters.dclass_c1": 547, @@ -2731,9 +2731,9 @@ "10.117.81.75" ], "related.user": [ - "iconsequ", + "dol", "exeac", - "dol" + "iconsequ" ], "rsa.counters.dclass_c1": 484, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2793,8 +2793,8 @@ "10.45.152.205" ], "related.user": [ - "eriti", "utlabo", + "eriti", "imav" ], "rsa.counters.dclass_c1": 922, @@ -2856,17 +2856,17 @@ "10.60.164.100" ], "related.user": [ - "hite", + "adipis", "ugi", - "adipis" + "hite" ], "rsa.counters.event_counter": 508, "rsa.db.database": "abo", "rsa.internal.event_desc": "epteurs", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "taevitae", - "allow" + "allow", + "taevitae" ], "rsa.misc.category": "itse", "rsa.misc.disposition": "rever", @@ -2919,13 +2919,13 @@ "aliquip7229.mail.domain" ], "related.ip": [ - "10.248.244.203", - "10.146.228.234" + "10.146.228.234", + "10.248.244.203" ], "related.user": [ "mquamei", - "eiusm", - "sum" + "sum", + "eiusm" ], "rsa.counters.dclass_c1": 3058, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2981,8 +2981,8 @@ "10.86.121.152" ], "related.user": [ - "ine", "consecte", + "ine", "nimv" ], "rsa.counters.dclass_c1": 2771, @@ -3039,13 +3039,13 @@ "agnama5013.internal.example" ], "related.ip": [ - "10.201.223.119", - "10.204.223.184" + "10.204.223.184", + "10.201.223.119" ], "related.user": [ + "tuserror", "rcit", - "teni", - "tuserror" + "teni" ], "rsa.counters.dclass_c1": 4113, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3106,8 +3106,8 @@ ], "related.user": [ "magnido", - "Nequepo", - "elitsedd" + "elitsedd", + "Nequepo" ], "rsa.counters.dclass_c1": 3243, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3169,17 +3169,17 @@ "10.65.225.101" ], "related.user": [ - "tuserror", "citation", - "emquel" + "emquel", + "tuserror" ], "rsa.counters.event_counter": 2513, "rsa.db.database": "rspiciat", "rsa.internal.event_desc": "atuse", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "eruntmol", - "cancel" + "cancel", + "eruntmol" ], "rsa.misc.category": "imad", "rsa.misc.disposition": "tura", @@ -3236,9 +3236,9 @@ "10.191.184.105" ], "related.user": [ + "uta", "iin", - "tione", - "uta" + "tione" ], "rsa.counters.dclass_c1": 5836, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3296,8 +3296,8 @@ "10.224.148.48" ], "related.user": [ - "equepor", "niam", + "equepor", "iosamn" ], "rsa.counters.event_counter": 7468, @@ -3360,12 +3360,12 @@ "amcorp7299.api.example" ], "related.ip": [ - "10.21.208.103", - "10.21.61.134" + "10.21.61.134", + "10.21.208.103" ], "related.user": [ - "ostr", "imidest", + "ostr", "mipsa" ], "rsa.counters.dclass_c1": 7766, @@ -3426,8 +3426,8 @@ "10.221.192.116" ], "related.user": [ - "iarchit", "iamquisn", + "iarchit", "tevelite" ], "rsa.counters.dclass_c1": 639, @@ -3486,8 +3486,8 @@ "tionevol3157.mail.invalid" ], "related.ip": [ - "10.191.142.143", - "10.240.62.238" + "10.240.62.238", + "10.191.142.143" ], "related.user": [ "nofde", @@ -3555,21 +3555,21 @@ "mquis319.api.local" ], "related.ip": [ - "10.178.79.217", - "10.111.22.134" + "10.111.22.134", + "10.178.79.217" ], "related.user": [ - "ccusan", + "tqui", "inibusBo", - "tqui" + "ccusan" ], "rsa.counters.event_counter": 3538, "rsa.db.database": "sequun", "rsa.internal.event_desc": "adeseru", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "deny", - "orisnis" + "orisnis", + "deny" ], "rsa.misc.category": "sitas", "rsa.misc.disposition": "eni", @@ -3622,13 +3622,13 @@ "urad5712.api.host" ], "related.ip": [ - "10.161.225.172", - "10.77.86.215" + "10.77.86.215", + "10.161.225.172" ], "related.user": [ - "xerc", + "rcit", "meaqu", - "rcit" + "xerc" ], "rsa.counters.dclass_c1": 7286, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3687,9 +3687,9 @@ "10.211.161.187" ], "related.user": [ - "boriosa", "sci", - "acons" + "acons", + "boriosa" ], "rsa.counters.dclass_c1": 1578, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3740,13 +3740,13 @@ "inBCSed5308.api.corp" ], "related.ip": [ - "10.254.198.47", - "10.160.147.230" + "10.160.147.230", + "10.254.198.47" ], "related.user": [ - "nimvenia", "ndeomnis", - "illoin" + "illoin", + "nimvenia" ], "rsa.counters.dclass_c1": 5988, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3802,9 +3802,9 @@ "10.40.24.93" ], "related.user": [ - "exerci", + "orisnis", "mSecti", - "orisnis" + "exerci" ], "rsa.counters.dclass_c1": 4129, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3860,13 +3860,13 @@ "itte6905.mail.invalid" ], "related.ip": [ - "10.249.13.159", - "10.108.130.106" + "10.108.130.106", + "10.249.13.159" ], "related.user": [ + "colab", "uisautei", - "exeacomm", - "colab" + "exeacomm" ], "rsa.counters.dclass_c1": 1044, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3924,13 +3924,13 @@ "caboNemo274.www.host" ], "related.ip": [ - "10.39.244.49", - "10.64.94.174" + "10.64.94.174", + "10.39.244.49" ], "related.user": [ + "estiae", "iunt", - "Sedut", - "estiae" + "Sedut" ], "rsa.counters.event_counter": 7128, "rsa.db.database": "eFinibu", @@ -4047,13 +4047,13 @@ "qui5978.api.test" ], "related.ip": [ - "10.115.203.143", - "10.134.135.22" + "10.134.135.22", + "10.115.203.143" ], "related.user": [ + "utoditau", "involu", - "orpori", - "utoditau" + "orpori" ], "rsa.counters.dclass_c1": 7868, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4203,9 +4203,9 @@ "10.20.231.188" ], "related.user": [ - "tesseq", + "mqu", "uatDuisa", - "mqu" + "tesseq" ], "rsa.counters.dclass_c1": 1623, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4289,13 +4289,13 @@ "abor3266.mail.home" ], "related.ip": [ - "10.225.11.197", - "10.231.77.26" + "10.231.77.26", + "10.225.11.197" ], "related.user": [ + "rehe", "ineavol", - "volu", - "rehe" + "volu" ], "rsa.counters.dclass_c1": 3064, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4349,13 +4349,13 @@ "eprehe2455.www.home" ], "related.ip": [ - "10.148.3.197", - "10.106.166.105" + "10.106.166.105", + "10.148.3.197" ], "related.user": [ - "olupt", "usa", - "avolup" + "avolup", + "olupt" ], "rsa.counters.dclass_c1": 2658, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4411,9 +4411,9 @@ "10.172.121.239" ], "related.user": [ - "ipsu", + "ctas", "iuta", - "ctas" + "ipsu" ], "rsa.counters.dclass_c1": 392, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4469,13 +4469,13 @@ "exerc3694.api.home" ], "related.ip": [ - "10.129.234.200", - "10.42.218.103" + "10.42.218.103", + "10.129.234.200" ], "related.user": [ - "tevelit", "tisundeo", - "dquia" + "dquia", + "tevelit" ], "rsa.counters.dclass_c1": 6709, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4535,9 +4535,9 @@ "10.111.132.221" ], "related.user": [ - "oloremi", + "ali", "scive", - "ali" + "oloremi" ], "rsa.counters.dclass_c1": 6155, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4593,13 +4593,13 @@ "boriosa7066.www.corp" ], "related.ip": [ - "10.195.8.141", - "10.17.214.21" + "10.17.214.21", + "10.195.8.141" ], "related.user": [ "dolo", - "ota", - "enimip" + "enimip", + "ota" ], "rsa.counters.dclass_c1": 469, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4659,8 +4659,8 @@ "10.173.13.179" ], "related.user": [ - "apar", "ptasn", + "apar", "isn" ], "rsa.counters.dclass_c1": 758, @@ -4717,13 +4717,13 @@ "iatisund424.mail.localdomain" ], "related.ip": [ - "10.178.190.123", - "10.42.135.34" + "10.42.135.34", + "10.178.190.123" ], "related.user": [ - "tiset", "orsi", - "ore" + "ore", + "tiset" ], "rsa.counters.dclass_c1": 2290, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4872,9 +4872,9 @@ "10.206.221.180" ], "related.user": [ - "oNe", + "nseq", "litesseq", - "nseq" + "oNe" ], "rsa.counters.dclass_c1": 3218, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4930,9 +4930,9 @@ "10.86.180.150" ], "related.user": [ - "mnisis", + "etconsec", "itasper", - "etconsec" + "mnisis" ], "rsa.counters.dclass_c1": 4564, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4994,8 +4994,8 @@ "10.158.161.5" ], "related.user": [ - "rrors", - "dolo" + "dolo", + "rrors" ], "rsa.counters.event_counter": 4098, "rsa.db.database": "tsed", @@ -5084,12 +5084,12 @@ "nisiutal4437.www.example" ], "related.ip": [ - "10.150.27.144", - "10.248.16.82" + "10.248.16.82", + "10.150.27.144" ], "related.user": [ - "res", "ditautf", + "res", "tuserror" ], "rsa.counters.dclass_c1": 4367, @@ -5211,9 +5211,9 @@ "10.69.5.227" ], "related.user": [ - "rumw", "ntocc", - "doloreme" + "doloreme", + "rumw" ], "rsa.counters.dclass_c1": 5201, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5269,9 +5269,9 @@ "10.253.175.129" ], "related.user": [ + "epteurs", "nrep", - "ate", - "epteurs" + "ate" ], "rsa.counters.dclass_c1": 6260, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5333,8 +5333,8 @@ "10.89.26.170" ], "related.user": [ - "atus", "aboris", + "atus", "orumetMa" ], "rsa.counters.event_counter": 5863, @@ -5398,8 +5398,8 @@ "gitse6744.api.local" ], "related.ip": [ - "10.81.108.232", - "10.52.106.68" + "10.52.106.68", + "10.81.108.232" ], "related.user": [ "uaturve", @@ -5411,8 +5411,8 @@ "rsa.internal.event_desc": "pis", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "allow", - "Quisaut" + "Quisaut", + "allow" ], "rsa.misc.category": "idol", "rsa.misc.disposition": "mmodico", @@ -5472,9 +5472,9 @@ "10.223.10.28" ], "related.user": [ - "erit", "untex", - "usmodte" + "usmodte", + "erit" ], "rsa.counters.event_counter": 4029, "rsa.db.database": "ommodi", @@ -5541,8 +5541,8 @@ ], "related.user": [ "sequamn", - "res", - "tasnul" + "tasnul", + "res" ], "rsa.counters.dclass_c1": 4846, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5600,12 +5600,12 @@ "labo3477.www5.domain" ], "related.ip": [ - "10.226.75.20", - "10.247.108.144" + "10.247.108.144", + "10.226.75.20" ], "related.user": [ - "maccusan", "tema", + "maccusan", "fugia" ], "rsa.counters.event_counter": 3711, @@ -5667,13 +5667,13 @@ "itseddo2209.mail.domain" ], "related.ip": [ - "10.97.22.61", - "10.192.15.65" + "10.192.15.65", + "10.97.22.61" ], "related.user": [ - "illumd", "rExcep", - "nimides" + "nimides", + "illumd" ], "rsa.counters.dclass_c1": 4173, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5798,9 +5798,9 @@ "10.28.77.79" ], "related.user": [ + "utlab", "rspic", - "upta", - "utlab" + "upta" ], "rsa.counters.dclass_c1": 4810, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5855,13 +5855,13 @@ "tsunti1164.www.example" ], "related.ip": [ - "10.18.15.43", - "10.248.177.182" + "10.248.177.182", + "10.18.15.43" ], "related.user": [ - "quei", "caecat", - "quaturve" + "quaturve", + "quei" ], "rsa.counters.dclass_c1": 983, "rsa.counters.dclass_c1_str": "Affected Rows", diff --git a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json index 40bbac9e3f5..73f2a49fabc 100644 --- a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json @@ -55,6 +55,7 @@ "source.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.4172, "source.geo.location.lon": -3.684, "source.ip": "158.109.0.1", diff --git a/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json b/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json index a33eb424fdd..fb4fca25df2 100644 --- a/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json +++ b/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json @@ -1353,8 +1353,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.142.21.251", - "10.154.16.147" + "10.154.16.147", + "10.142.21.251" ], "rsa.internal.messageid": "00625", "rsa.misc.hardware_id": "ute", @@ -1387,8 +1387,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.105.212.51", - "10.119.53.68" + "10.119.53.68", + "10.105.212.51" ], "rsa.db.index": "giatqu", "rsa.internal.messageid": "00042", @@ -1852,8 +1852,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.51.161.245", - "10.193.80.21" + "10.193.80.21", + "10.51.161.245" ], "rsa.internal.messageid": "00625", "rsa.misc.hardware_id": "modi", @@ -2318,8 +2318,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.185.50.112", - "10.126.150.15" + "10.126.150.15", + "10.185.50.112" ], "rsa.internal.messageid": "00625", "rsa.misc.hardware_id": "tot", @@ -2479,8 +2479,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.96.165.147", - "10.96.218.99" + "10.96.218.99", + "10.96.165.147" ], "related.user": [ "utla" diff --git a/x-pack/filebeat/module/misp/threat/test/misp-test.json.log-expected.json b/x-pack/filebeat/module/misp/threat/test/misp-test.json.log-expected.json index a4b6019bc5d..163acbfd544 100644 --- a/x-pack/filebeat/module/misp/threat/test/misp-test.json.log-expected.json +++ b/x-pack/filebeat/module/misp/threat/test/misp-test.json.log-expected.json @@ -4,6 +4,7 @@ "destination.geo.city_name": "State College", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 40.7957, "destination.geo.location.lon": -77.8618, "destination.geo.region_iso_code": "US-PA", diff --git a/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json b/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json index 530aa6f4cc1..2ac0d3443e7 100644 --- a/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json +++ b/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json @@ -317,8 +317,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.66.171.247", - "10.155.162.162" + "10.155.162.162", + "10.66.171.247" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -396,8 +396,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.179.26.34", - "10.38.77.13" + "10.38.77.13", + "10.179.26.34" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -1101,8 +1101,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.97.164.220", - "10.128.31.83" + "10.128.31.83", + "10.97.164.220" ], "rsa.internal.messageid": "anomaly", "rsa.misc.category": "aera", @@ -1816,8 +1816,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.98.209.10", - "10.31.177.226" + "10.31.177.226", + "10.98.209.10" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -1848,8 +1848,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.44.47.27", - "10.179.210.218" + "10.179.210.218", + "10.44.47.27" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -2129,8 +2129,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.151.129.181", - "10.55.156.64" + "10.55.156.64", + "10.151.129.181" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -2236,8 +2236,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.166.90.130", - "10.73.89.189" + "10.73.89.189", + "10.166.90.130" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json index 56a4f778e7f..12d780947fb 100644 --- a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json @@ -48,6 +48,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -116,6 +117,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -184,6 +186,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -252,6 +255,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json index b5c79d506d1..6f54a5ce22f 100644 --- a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json @@ -55,6 +55,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -131,6 +132,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -207,6 +209,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -283,6 +286,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -360,6 +364,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -436,6 +441,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -512,6 +518,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -589,6 +596,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -665,6 +673,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -741,6 +750,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -817,6 +827,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json index cea77b1153f..78cfca3dbfb 100644 --- a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json @@ -130,6 +130,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -273,6 +274,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -416,6 +418,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -570,6 +573,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -724,6 +728,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -885,6 +890,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1046,6 +1052,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1207,6 +1214,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1368,6 +1376,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1529,6 +1538,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1690,6 +1700,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1851,6 +1862,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2012,6 +2024,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2173,6 +2186,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2334,6 +2348,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2495,6 +2510,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2656,6 +2672,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2817,6 +2834,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2960,6 +2978,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3103,6 +3122,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3257,6 +3277,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3400,6 +3421,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3543,6 +3565,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3686,6 +3709,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3840,6 +3864,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4001,6 +4026,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4162,6 +4188,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4323,6 +4350,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4484,6 +4512,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4645,6 +4674,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4806,6 +4836,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4967,6 +4998,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5128,6 +5160,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5290,6 +5323,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5452,6 +5486,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5742,6 +5777,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5903,6 +5939,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6064,6 +6101,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6225,6 +6263,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6386,6 +6425,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6547,6 +6587,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6708,6 +6749,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6869,6 +6911,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7030,6 +7073,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7191,6 +7235,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7352,6 +7397,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7513,6 +7559,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7674,6 +7721,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7835,6 +7883,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -7996,6 +8045,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8158,6 +8208,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8320,6 +8371,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8481,6 +8533,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8642,6 +8695,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8803,6 +8857,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -8964,6 +9019,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9125,6 +9181,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9286,6 +9343,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9447,6 +9505,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9608,6 +9667,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9769,6 +9829,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -9912,6 +9973,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10055,6 +10117,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10198,6 +10261,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10341,6 +10405,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10494,6 +10559,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10648,6 +10714,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10802,6 +10869,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -10956,6 +11024,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11110,6 +11179,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11251,6 +11321,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11394,6 +11465,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11537,6 +11609,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11691,6 +11764,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11845,6 +11919,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -11999,6 +12074,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12142,6 +12218,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12285,6 +12362,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12428,6 +12506,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12582,6 +12661,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12736,6 +12816,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -12890,6 +12971,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13051,6 +13133,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13212,6 +13295,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13373,6 +13457,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13534,6 +13619,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13695,6 +13781,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -13856,6 +13943,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14017,6 +14105,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14178,6 +14267,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14339,6 +14429,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14500,6 +14591,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14661,6 +14753,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14823,6 +14916,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -14985,6 +15079,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -15147,6 +15242,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -15306,6 +15402,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -15465,6 +15562,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -15624,6 +15722,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json index cc096b3acc2..97cb1f5bb01 100644 --- a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json @@ -305,6 +305,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -379,6 +380,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -454,6 +456,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -529,6 +532,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -604,6 +608,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json index 60c77401b35..5470038d6b8 100644 --- a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json @@ -77,6 +77,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -174,6 +175,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -271,6 +273,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -368,6 +371,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -465,6 +469,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -562,6 +567,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -659,6 +665,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -756,6 +763,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -853,6 +861,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -950,6 +959,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1047,6 +1057,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1144,6 +1155,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1241,6 +1253,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1338,6 +1351,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1434,6 +1448,7 @@ "source.as.organization.name": "XFERA Moviles S.A.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.4172, "source.geo.location.lon": -3.684, "source.ip": "37.29.234.179", @@ -1529,6 +1544,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1626,6 +1642,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1722,6 +1739,7 @@ "source.as.organization.name": "XFERA Moviles S.A.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.4172, "source.geo.location.lon": -3.684, "source.ip": "37.29.234.179", @@ -1817,6 +1835,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -1914,6 +1933,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2011,6 +2031,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2108,6 +2129,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2205,6 +2227,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2302,6 +2325,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2399,6 +2423,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2496,6 +2521,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2593,6 +2619,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2690,6 +2717,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2787,6 +2815,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2883,6 +2912,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -2981,6 +3011,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3067,6 +3098,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3162,6 +3194,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3248,6 +3281,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3344,6 +3378,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3430,6 +3465,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3526,6 +3562,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3623,6 +3660,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3720,6 +3758,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3806,6 +3845,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3902,6 +3942,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -3998,6 +4039,7 @@ "source.as.organization.name": "XFERA Moviles S.A.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.4172, "source.geo.location.lon": -3.684, "source.ip": "37.29.234.179", @@ -4093,6 +4135,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4190,6 +4233,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4276,6 +4320,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4371,6 +4416,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4468,6 +4514,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4565,6 +4612,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4662,6 +4710,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4759,6 +4808,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4856,6 +4906,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -4953,6 +5004,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5050,6 +5102,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5147,6 +5200,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5244,6 +5298,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5341,6 +5396,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5438,6 +5494,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5535,6 +5592,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5631,6 +5689,7 @@ "source.as.organization.name": "XFERA Moviles S.A.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 40.4172, "source.geo.location.lon": -3.684, "source.ip": "37.29.234.179", @@ -5726,6 +5785,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5823,6 +5883,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -5920,6 +5981,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6017,6 +6079,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6114,6 +6177,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6211,6 +6275,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6308,6 +6373,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6405,6 +6471,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6502,6 +6569,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", @@ -6599,6 +6667,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json index 4bd20443e07..e6326bf27b1 100644 --- a/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json @@ -48,6 +48,7 @@ "source.geo.city_name": "Barcelona", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 41.3891, "source.geo.location.lon": 2.1611, "source.geo.region_iso_code": "ES-B", diff --git a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json index 437a7ea5627..39d00244185 100644 --- a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json +++ b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -55,6 +55,7 @@ "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.7201, "source.geo.location.lon": -121.919, "source.geo.region_iso_code": "US-CA", @@ -130,6 +131,7 @@ "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.7201, "source.geo.location.lon": -121.919, "source.geo.region_iso_code": "US-CA", @@ -220,6 +222,7 @@ "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.7201, "source.geo.location.lon": -121.919, "source.geo.region_iso_code": "US-CA", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 96530ab70f3..54a45d4465e 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -739,6 +739,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 37735ccfce0..8e5df2e94e4 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -10,6 +10,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -104,6 +105,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -198,6 +200,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -292,6 +295,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -386,6 +390,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -480,6 +485,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -574,6 +580,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -668,6 +675,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -762,6 +770,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -856,6 +865,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -950,6 +960,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1044,6 +1055,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1138,6 +1150,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1232,6 +1245,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1325,6 +1339,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1419,6 +1434,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1512,6 +1528,7 @@ "destination.as.organization.name": "Leaseweb Deutschland GmbH", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 51.2993, "destination.geo.location.lon": 9.491, "destination.geo.name": "Germany", @@ -1603,6 +1620,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1697,6 +1715,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1791,6 +1810,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1885,6 +1905,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -1979,6 +2000,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2073,6 +2095,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2167,6 +2190,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2261,6 +2285,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2355,6 +2380,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2449,6 +2475,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2543,6 +2570,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2637,6 +2665,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2731,6 +2760,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2825,6 +2855,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -2919,6 +2950,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -3013,6 +3045,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -3106,6 +3139,7 @@ "destination.as.organization.name": "Castle Access Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3196,6 +3230,7 @@ "destination.as.organization.name": "INAMES", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "KR", + "destination.geo.country_name": "South Korea", "destination.geo.location.lat": 37.5112, "destination.geo.location.lon": 126.9741, "destination.geo.name": "Korea Republic Of", @@ -3286,6 +3321,7 @@ "destination.as.organization.name": "CJSC Registrar R01", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -3377,6 +3413,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -3469,6 +3506,7 @@ "destination.as.organization.name": "Confluence Networks Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3559,6 +3597,7 @@ "destination.as.organization.name": "Confluence Networks Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3650,6 +3689,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -3742,6 +3782,7 @@ "destination.as.organization.name": "Confluence Networks Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3832,6 +3873,7 @@ "destination.as.organization.name": "Domain names registrar REG.RU, Ltd", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -3922,6 +3964,7 @@ "destination.as.organization.name": "Domain names registrar REG.RU, Ltd", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -4079,6 +4122,7 @@ "source.geo.city_name": "Fort Lauderdale", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 26.1792, "source.geo.location.lon": -80.1749, "source.geo.name": "United States", @@ -4103,6 +4147,7 @@ "destination.geo.city_name": "Kitchener", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", + "destination.geo.country_name": "Canada", "destination.geo.location.lat": 43.4419, "destination.geo.location.lon": -80.4216, "destination.geo.name": "Canada", @@ -4195,6 +4240,7 @@ "destination.as.organization.name": "Castle Access Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -4285,6 +4331,7 @@ "destination.as.organization.name": "Confluence Networks Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "VG", + "destination.geo.country_name": "British Virgin Islands", "destination.geo.location.lat": 18.5, "destination.geo.location.lon": -64.5, "destination.geo.name": "Virgin Islands British", @@ -4375,6 +4422,7 @@ "destination.as.organization.name": "Confluence Networks Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -4466,6 +4514,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -4559,6 +4608,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -4652,6 +4702,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -4745,6 +4796,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -4838,6 +4890,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -5000,6 +5053,7 @@ "source.geo.city_name": "Brea", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 33.9339, "source.geo.location.lon": -117.8854, "source.geo.name": "United States", @@ -5024,6 +5078,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -5186,6 +5241,7 @@ "source.geo.city_name": "Montreal", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "CA", + "source.geo.country_name": "Canada", "source.geo.location.lat": 45.4995, "source.geo.location.lon": -73.5848, "source.geo.name": "European Union", @@ -5278,6 +5334,7 @@ "source.as.organization.name": "No.31,Jin-rong Street", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 30.294, "source.geo.location.lon": 120.1619, "source.geo.name": "China", @@ -5302,6 +5359,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -5463,6 +5521,7 @@ "source.as.organization.name": "NForce Entertainment B.V.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "NL", + "source.geo.country_name": "Netherlands", "source.geo.location.lat": 52.3824, "source.geo.location.lon": 4.8995, "source.geo.name": "Netherlands", @@ -5554,6 +5613,7 @@ "source.geo.city_name": "Montreal", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "CA", + "source.geo.country_name": "Canada", "source.geo.location.lat": 45.4995, "source.geo.location.lon": -73.5848, "source.geo.name": "European Union", @@ -5577,6 +5637,7 @@ "destination.as.organization.name": "YANDEX LLC", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -5667,6 +5728,7 @@ "destination.as.organization.name": "YANDEX LLC", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -5757,6 +5819,7 @@ "destination.as.organization.name": "YANDEX LLC", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.geo.name": "Russian Federation", @@ -5917,6 +5980,7 @@ "source.geo.city_name": "Brea", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 33.9339, "source.geo.location.lon": -117.8854, "source.geo.name": "United States", @@ -5941,6 +6005,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.name": "United States", @@ -6034,6 +6099,7 @@ "destination.geo.city_name": "Central", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "HK", + "destination.geo.country_name": "Hong Kong", "destination.geo.location.lat": 22.2909, "destination.geo.location.lon": 114.15, "destination.geo.name": "United States", @@ -6196,6 +6262,7 @@ "source.geo.city_name": "Redmond", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 47.6722, "source.geo.location.lon": -122.1257, "source.geo.name": "United States", @@ -6289,6 +6356,7 @@ "source.geo.city_name": "Redmond", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 47.6722, "source.geo.location.lon": -122.1257, "source.geo.name": "United States", @@ -6313,6 +6381,7 @@ "destination.geo.city_name": "Los Angeles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 34.0544, "destination.geo.location.lon": -118.244, "destination.geo.name": "United States", @@ -6474,6 +6543,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -6495,6 +6565,7 @@ "destination.as.organization.name": "Pandora Media, Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -6654,6 +6725,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -6745,6 +6817,7 @@ "source.geo.city_name": "Oliva", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", + "source.geo.country_name": "Spain", "source.geo.location.lat": 38.9197, "source.geo.location.lon": -0.1193, "source.geo.name": "Ukraine", @@ -6837,6 +6910,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -6927,6 +7001,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7017,6 +7092,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7107,6 +7183,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7128,6 +7205,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -7287,6 +7365,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7377,6 +7456,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7467,6 +7547,7 @@ "source.as.organization.name": "Wikimedia Foundation Inc.", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7557,6 +7638,7 @@ "source.as.organization.name": "Wikimedia Foundation Inc.", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7648,6 +7730,7 @@ "source.geo.city_name": "Los Angeles", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 34.0544, "source.geo.location.lon": -118.244, "source.geo.name": "United States", @@ -7740,6 +7823,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7830,6 +7914,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -7921,6 +8006,7 @@ "source.geo.city_name": "Liberal", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.0438, "source.geo.location.lon": -100.9286, "source.geo.name": "United States", @@ -8013,6 +8099,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8103,6 +8190,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8194,6 +8282,7 @@ "source.geo.city_name": "Albany", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 42.7008, "source.geo.location.lon": -73.8601, "source.geo.name": "United States", @@ -8286,6 +8375,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8307,6 +8397,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -8466,6 +8557,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8556,6 +8648,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8577,6 +8670,7 @@ "destination.as.organization.name": "Pandora Media, Inc", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -8736,6 +8830,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8826,6 +8921,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -8916,6 +9012,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -9006,6 +9103,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -9096,6 +9194,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", @@ -9186,6 +9285,7 @@ "source.as.organization.name": "Google LLC", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.geo.name": "United States", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 587b481636f..44f7a7790ab 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -13,6 +13,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -113,6 +114,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -211,6 +213,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -310,6 +313,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -411,6 +415,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -511,6 +516,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -609,6 +615,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -708,6 +715,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -809,6 +817,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -910,6 +919,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1011,6 +1021,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1112,6 +1123,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1213,6 +1225,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1314,6 +1327,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1415,6 +1429,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1516,6 +1531,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1617,6 +1633,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1718,6 +1735,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1819,6 +1837,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -1919,6 +1938,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -2017,6 +2037,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -2116,6 +2137,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -2216,6 +2238,7 @@ "destination.bytes": 98, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -2315,6 +2338,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -2416,6 +2440,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -2517,6 +2542,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -2617,6 +2643,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -2715,6 +2742,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -2814,6 +2842,7 @@ "destination.geo.city_name": "Westminster", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 33.7518, "destination.geo.location.lon": -117.9932, "destination.geo.region_iso_code": "US-CA", @@ -2915,6 +2944,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -3015,6 +3045,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -3114,6 +3145,7 @@ "destination.geo.city_name": "Assago", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 45.4087, "destination.geo.location.lon": 9.1225, "destination.geo.region_iso_code": "IT-MI", @@ -3215,6 +3247,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -3315,6 +3348,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -3413,6 +3447,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -3512,6 +3547,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -3613,6 +3649,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -3713,6 +3750,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -3811,6 +3849,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -3908,6 +3947,7 @@ "destination.bytes": 111, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -4000,6 +4040,7 @@ "destination.bytes": 906, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 43.1479, "destination.geo.location.lon": 12.1097, "destination.ip": "62.211.68.12", @@ -4098,6 +4139,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -4193,6 +4235,7 @@ "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.7095, "destination.geo.location.lon": -78.1539, "destination.geo.region_iso_code": "US-VA", @@ -4294,6 +4337,7 @@ "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.7095, "destination.geo.location.lon": -78.1539, "destination.geo.region_iso_code": "US-VA", @@ -4393,6 +4437,7 @@ "destination.bytes": 141, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -4486,6 +4531,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -4586,6 +4632,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -4685,6 +4732,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -4785,6 +4833,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -4883,6 +4932,7 @@ "destination.bytes": 316, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -4981,6 +5031,7 @@ "destination.bytes": 121, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -5079,6 +5130,7 @@ "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -5177,6 +5229,7 @@ "destination.bytes": 954, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 43.1479, "destination.geo.location.lon": 12.1097, "destination.ip": "62.211.68.12", @@ -5276,6 +5329,7 @@ "destination.geo.city_name": "Assago", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 45.4087, "destination.geo.location.lon": 9.1225, "destination.geo.region_iso_code": "IT-MI", @@ -5377,6 +5431,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -5477,6 +5532,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -5576,6 +5632,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -5676,6 +5733,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -5774,6 +5832,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -5873,6 +5932,7 @@ "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.7095, "destination.geo.location.lon": -78.1539, "destination.geo.region_iso_code": "US-VA", @@ -5974,6 +6034,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -6074,6 +6135,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -6172,6 +6234,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -6270,6 +6333,7 @@ "destination.bytes": 906, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 43.1479, "destination.geo.location.lon": 12.1097, "destination.ip": "62.211.68.12", @@ -6368,6 +6432,7 @@ "destination.bytes": 163, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -6466,6 +6531,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -6564,6 +6630,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -6663,6 +6730,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -6763,6 +6831,7 @@ "destination.bytes": 922, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 43.1479, "destination.geo.location.lon": 12.1097, "destination.ip": "62.211.68.12", @@ -6862,6 +6931,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -6962,6 +7032,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -7060,6 +7131,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -7159,6 +7231,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -7259,6 +7332,7 @@ "destination.bytes": 26786, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.5.1.1", @@ -7357,6 +7431,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -7455,6 +7530,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -7554,6 +7630,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -7747,6 +7824,7 @@ "destination.geo.city_name": "Assago", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 45.4087, "destination.geo.location.lon": 9.1225, "destination.geo.region_iso_code": "IT-MI", @@ -7848,6 +7926,7 @@ "destination.geo.city_name": "Assago", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 45.4087, "destination.geo.location.lon": 9.1225, "destination.geo.region_iso_code": "IT-MI", @@ -8133,6 +8212,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -8233,6 +8313,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -8331,6 +8412,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -8430,6 +8512,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -8530,6 +8613,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -8720,6 +8804,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -8819,6 +8904,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -8919,6 +9005,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -9017,6 +9104,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "205.171.2.25", @@ -9115,6 +9203,7 @@ "destination.bytes": 906, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", + "destination.geo.country_name": "Italy", "destination.geo.location.lat": 43.1479, "destination.geo.location.lon": 12.1097, "destination.ip": "62.211.68.12", @@ -9214,6 +9303,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -9315,6 +9405,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -9416,6 +9507,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -9609,6 +9701,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -9710,6 +9803,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", @@ -9811,6 +9905,7 @@ "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 26.1792, "destination.geo.location.lon": -80.1749, "destination.geo.region_iso_code": "US-FL", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 93fe08f75d9..de6c83a2fa1 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -10,6 +10,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -111,6 +112,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -212,6 +214,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -313,6 +316,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -414,6 +418,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -515,6 +520,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -616,6 +622,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -717,6 +724,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -818,6 +826,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -919,6 +928,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1020,6 +1030,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1121,6 +1132,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1222,6 +1234,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1323,6 +1336,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1424,6 +1438,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1525,6 +1540,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1626,6 +1642,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1727,6 +1744,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1828,6 +1846,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -1929,6 +1948,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2030,6 +2050,7 @@ "destination.as.organization.name": "Akamai International B.V.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2131,6 +2152,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2232,6 +2254,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2333,6 +2356,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2434,6 +2458,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2535,6 +2560,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2636,6 +2662,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2737,6 +2764,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2838,6 +2866,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -2939,6 +2968,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3040,6 +3070,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3141,6 +3172,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3242,6 +3274,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3343,6 +3376,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3444,6 +3478,7 @@ "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3545,6 +3580,7 @@ "destination.as.organization.name": "Fastly", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -3647,6 +3683,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6109, "destination.geo.location.lon": -122.3303, "destination.geo.name": "United States", @@ -3751,6 +3788,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -3855,6 +3893,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -3959,6 +3998,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4063,6 +4103,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4167,6 +4208,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4271,6 +4313,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4375,6 +4418,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4479,6 +4523,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4583,6 +4628,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4687,6 +4733,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4791,6 +4838,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4895,6 +4943,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -4999,6 +5048,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.3861, "destination.geo.location.lon": -122.0839, "destination.geo.name": "United States", @@ -5102,6 +5152,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5203,6 +5254,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5304,6 +5356,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5405,6 +5458,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5506,6 +5560,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5607,6 +5662,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5708,6 +5764,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5809,6 +5866,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -5910,6 +5968,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -6011,6 +6070,7 @@ "destination.as.organization.name": "Akamai Technologies, Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", @@ -6113,6 +6173,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6217,6 +6278,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6321,6 +6383,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6425,6 +6488,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6529,6 +6593,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6633,6 +6698,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6737,6 +6803,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6841,6 +6908,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -6945,6 +7013,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7049,6 +7118,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7153,6 +7223,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7257,6 +7328,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7361,6 +7433,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7465,6 +7538,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7569,6 +7643,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", @@ -7673,6 +7748,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.name": "United States", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 5f979092c4b..200e02370d3 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -13,6 +13,7 @@ "destination.bytes": 5976, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.253.152", @@ -122,6 +123,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -232,6 +234,7 @@ "destination.geo.city_name": "Dallas", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 32.7787, "destination.geo.location.lon": -96.8217, "destination.geo.region_iso_code": "US-TX", @@ -343,6 +346,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -453,6 +457,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.3861, "destination.geo.location.lon": -122.0839, "destination.geo.region_iso_code": "US-CA", @@ -564,6 +569,7 @@ "destination.bytes": 21111, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "209.234.224.22", @@ -673,6 +679,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -782,6 +789,7 @@ "destination.bytes": 3732, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.2.238", @@ -891,6 +899,7 @@ "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1000,6 +1009,7 @@ "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1109,6 +1119,7 @@ "destination.bytes": 5469, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "17.249.60.78", @@ -1218,6 +1229,7 @@ "destination.bytes": 224, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1327,6 +1339,7 @@ "destination.bytes": 117, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1436,6 +1449,7 @@ "destination.bytes": 307, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1545,6 +1559,7 @@ "destination.bytes": 365, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1654,6 +1669,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1763,6 +1779,7 @@ "destination.bytes": 161, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1872,6 +1889,7 @@ "destination.bytes": 7805, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "98.138.49.44", @@ -1981,6 +1999,7 @@ "destination.bytes": 6106, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "72.30.3.43", @@ -2090,6 +2109,7 @@ "destination.bytes": 196, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2199,6 +2219,7 @@ "destination.bytes": 3245, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.9.142", @@ -2308,6 +2329,7 @@ "destination.bytes": 179, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2418,6 +2440,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -2528,6 +2551,7 @@ "destination.geo.city_name": "Sunnyvale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.386, "destination.geo.location.lon": -122.0144, "destination.geo.region_iso_code": "US-CA", @@ -2639,6 +2663,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2748,6 +2773,7 @@ "destination.bytes": 130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -2853,6 +2879,7 @@ "destination.bytes": 1991, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "172.217.9.142", @@ -2959,6 +2986,7 @@ "destination.bytes": 523, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "151.101.2.2", @@ -3069,6 +3097,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.3861, "destination.geo.location.lon": -122.0839, "destination.geo.region_iso_code": "US-CA", @@ -3180,6 +3209,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -3289,6 +3319,7 @@ "destination.bytes": 196, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -3398,6 +3429,7 @@ "destination.bytes": 5003, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.253.193", @@ -3507,6 +3539,7 @@ "destination.bytes": 171, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -3615,6 +3648,7 @@ "destination.geo.city_name": "Sunnyvale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.386, "destination.geo.location.lon": -122.0144, "destination.geo.region_iso_code": "US-CA", @@ -3727,6 +3761,7 @@ "destination.geo.city_name": "Sunnyvale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.386, "destination.geo.location.lon": -122.0144, "destination.geo.region_iso_code": "US-CA", @@ -3839,6 +3874,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -3950,6 +3986,7 @@ "destination.bytes": 244, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -4059,6 +4096,7 @@ "destination.bytes": 205, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -4169,6 +4207,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -4389,6 +4428,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -4500,6 +4540,7 @@ "destination.bytes": 661, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.252.247", @@ -4610,6 +4651,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -4722,6 +4764,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -4833,6 +4876,7 @@ "destination.bytes": 182, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -4942,6 +4986,7 @@ "destination.bytes": 90, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5052,6 +5097,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -5163,6 +5209,7 @@ "destination.bytes": 661, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "184.51.252.247", @@ -5380,6 +5427,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5485,6 +5533,7 @@ "destination.bytes": 144, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5594,6 +5643,7 @@ "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5703,6 +5753,7 @@ "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5812,6 +5863,7 @@ "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -5921,6 +5973,7 @@ "destination.bytes": 132, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6030,6 +6083,7 @@ "destination.bytes": 127, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6139,6 +6193,7 @@ "destination.bytes": 105, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6248,6 +6303,7 @@ "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6357,6 +6413,7 @@ "destination.bytes": 134, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6466,6 +6523,7 @@ "destination.bytes": 179, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6575,6 +6633,7 @@ "destination.bytes": 218, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6684,6 +6743,7 @@ "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6793,6 +6853,7 @@ "destination.bytes": 305, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -6903,6 +6964,7 @@ "destination.geo.city_name": "Lanham", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9705, "destination.geo.location.lon": -76.8388, "destination.geo.region_iso_code": "US-MD", @@ -7014,6 +7076,7 @@ "destination.bytes": 153, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7123,6 +7186,7 @@ "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7232,6 +7296,7 @@ "destination.bytes": 128, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7341,6 +7406,7 @@ "destination.bytes": 181, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7450,6 +7516,7 @@ "destination.bytes": 121, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7560,6 +7627,7 @@ "destination.geo.city_name": "San Antonio", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 29.4551, "destination.geo.location.lon": -98.6498, "destination.geo.region_iso_code": "US-TX", @@ -7671,6 +7739,7 @@ "destination.bytes": 315, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7780,6 +7849,7 @@ "destination.bytes": 130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -7890,6 +7960,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.54, "destination.geo.location.lon": -122.3032, "destination.geo.region_iso_code": "US-WA", @@ -8001,6 +8072,7 @@ "destination.bytes": 149, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8110,6 +8182,7 @@ "destination.bytes": 202, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8219,6 +8292,7 @@ "destination.bytes": 195, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8328,6 +8402,7 @@ "destination.bytes": 90, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "208.83.246.20", @@ -8437,6 +8512,7 @@ "destination.bytes": 192, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8545,6 +8621,7 @@ "destination.bytes": 208, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8653,6 +8730,7 @@ "destination.bytes": 100, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8761,6 +8839,7 @@ "destination.bytes": 7237, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.6583, "destination.geo.location.lon": -77.2481, "destination.geo.region_iso_code": "US-VA", @@ -8871,6 +8950,7 @@ "destination.bytes": 109, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -8980,6 +9060,7 @@ "destination.bytes": 116, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -9089,6 +9170,7 @@ "destination.bytes": 96, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -9199,6 +9281,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9311,6 +9394,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9423,6 +9507,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9534,6 +9619,7 @@ "destination.bytes": 7820, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "104.254.150.9", @@ -9644,6 +9730,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9756,6 +9843,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9868,6 +9956,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -9980,6 +10069,7 @@ "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 39.0481, "destination.geo.location.lon": -77.4728, "destination.geo.region_iso_code": "US-VA", @@ -10092,6 +10182,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -10203,6 +10294,7 @@ "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10312,6 +10404,7 @@ "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10421,6 +10514,7 @@ "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10530,6 +10624,7 @@ "destination.bytes": 170, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10639,6 +10734,7 @@ "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10748,6 +10844,7 @@ "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -10857,6 +10954,7 @@ "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", diff --git a/x-pack/filebeat/module/snort/log/test/generated.log-expected.json b/x-pack/filebeat/module/snort/log/test/generated.log-expected.json index f0150dcb87f..d1a9aa8535f 100644 --- a/x-pack/filebeat/module/snort/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/snort/log/test/generated.log-expected.json @@ -61,8 +61,8 @@ "uptatev4292.www.invalid" ], "related.ip": [ - "10.212.11.114", - "10.38.77.13" + "10.38.77.13", + "10.212.11.114" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "uam", @@ -826,8 +826,8 @@ "apari5002.api.test" ], "related.ip": [ - "10.9.200.197", - "10.182.213.195" + "10.182.213.195", + "10.9.200.197" ], "rsa.crypto.sig_type": "fugiatnu", "rsa.internal.messageid": "27813", @@ -1006,8 +1006,8 @@ "unturmag6190.api.lan" ], "related.ip": [ - "10.52.190.18", - "10.238.223.171" + "10.238.223.171", + "10.52.190.18" ], "rsa.crypto.sig_type": "Finibus", "rsa.internal.messageid": "16539", @@ -1209,8 +1209,8 @@ "iqu4858.mail.invalid" ], "related.ip": [ - "10.213.100.153", - "10.116.175.84" + "10.116.175.84", + "10.213.100.153" ], "rsa.crypto.sig_type": "exercit", "rsa.internal.messageid": "11634", @@ -1643,8 +1643,8 @@ "urau1660.www.lan" ], "related.ip": [ - "10.201.132.114", - "10.140.209.249" + "10.140.209.249", + "10.201.132.114" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "lor", @@ -1731,8 +1731,8 @@ "nofde7732.internal.test" ], "related.ip": [ - "10.198.44.231", - "10.36.122.169" + "10.36.122.169", + "10.198.44.231" ], "rsa.crypto.sig_type": "umquam", "rsa.internal.messageid": "13228", @@ -2113,8 +2113,8 @@ "uovol2459.www5.invalid" ], "related.ip": [ - "10.60.137.215", - "10.28.105.106" + "10.28.105.106", + "10.60.137.215" ], "rsa.crypto.sig_type": "tionu", "rsa.internal.messageid": "5155", @@ -2229,10 +2229,10 @@ "Loremips5368.www5.corp" ], "related.ip": [ + "10.20.167.114", "10.49.190.163", - "10.166.40.137", "10.65.144.119", - "10.20.167.114" + "10.166.40.137" ], "rsa.internal.event_desc": "Offloaded TCP Flow for connection", "rsa.internal.messageid": "FTD_events", @@ -2361,8 +2361,8 @@ "magn3657.api.invalid" ], "related.ip": [ - "10.180.28.156", - "10.234.234.205" + "10.234.234.205", + "10.180.28.156" ], "rsa.crypto.sig_type": "mnihil", "rsa.internal.messageid": "5315", @@ -2578,8 +2578,8 @@ "laparia5374.api.domain" ], "related.ip": [ - "10.147.155.100", - "10.232.67.182" + "10.232.67.182", + "10.147.155.100" ], "rsa.crypto.sig_type": "eufugi", "rsa.internal.messageid": "26152", @@ -2828,8 +2828,8 @@ "borios1685.www.localhost" ], "related.ip": [ - "10.231.10.63", - "10.38.22.60" + "10.38.22.60", + "10.231.10.63" ], "rsa.crypto.sig_type": "taliquip", "rsa.internal.messageid": "10329", @@ -2886,8 +2886,8 @@ "Bonoru5658.mail.invalid" ], "related.ip": [ - "10.29.231.11", - "10.46.57.181" + "10.46.57.181", + "10.29.231.11" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "remape", @@ -3160,8 +3160,8 @@ "onsecte5119.www.invalid" ], "related.ip": [ - "10.198.207.31", - "10.5.88.183" + "10.5.88.183", + "10.198.207.31" ], "rsa.internal.event_desc": "Failed to locate egress interface", "rsa.internal.messageid": "FTD_events", @@ -3836,9 +3836,9 @@ "erunt3957.internal.lan" ], "related.ip": [ - "10.118.103.185", "10.32.195.34", "10.240.77.10", + "10.118.103.185", "10.125.130.61" ], "rsa.internal.event_desc": "TCP Flow is no longer offloaded for connection", diff --git a/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json b/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json index 9f972c2e6fc..37d6d4325b7 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json +++ b/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json @@ -28,6 +28,7 @@ "source.as.organization.name": "Orange", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 48.8582, "source.geo.location.lon": 2.3387, "source.ip": [ @@ -95,6 +96,7 @@ "source.as.organization.name": "Orange", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 48.8582, "source.geo.location.lon": 2.3387, "source.ip": [ @@ -243,6 +245,7 @@ "source.as.organization.name": "Orange", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 48.8582, "source.geo.location.lon": 2.3387, "source.ip": [ @@ -310,6 +313,7 @@ "source.as.organization.name": "Orange", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", + "source.geo.country_name": "France", "source.geo.location.lat": 48.8582, "source.geo.location.lon": 2.3387, "source.ip": [ @@ -347,6 +351,7 @@ "service.type": "sonicwall", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "NZ", + "source.geo.country_name": "New Zealand", "source.geo.location.lat": -41.0, "source.geo.location.lon": 174.0, "source.ip": [ @@ -436,6 +441,7 @@ "source.as.organization.name": "Cloudflare, Inc.", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", "source.geo.location.lat": -33.494, "source.geo.location.lon": 143.2104, "source.ip": [ diff --git a/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json b/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json index 5b84648b930..bd92a3aa08a 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json +++ b/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json @@ -23,8 +23,8 @@ "oreetdol1714.internal.corp" ], "related.ip": [ - "10.49.111.67", - "10.92.136.230" + "10.92.136.230", + "10.49.111.67" ], "rsa.internal.messageid": "914", "rsa.internal.msg": "lupt", @@ -86,8 +86,8 @@ "observer.vendor": "Sonicwall", "related.ip": [ "10.227.15.1", - "10.149.203.46", - "10.150.156.22" + "10.150.156.22", + "10.149.203.46" ], "rsa.internal.event_desc": "ctetur", "rsa.internal.messageid": "1369", @@ -171,8 +171,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.13.70.213", - "10.95.245.65" + "10.95.245.65", + "10.13.70.213" ], "rsa.internal.messageid": "372", "rsa.internal.msg": "llu", @@ -478,8 +478,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.78.151.178", - "10.157.161.103" + "10.157.161.103", + "10.78.151.178" ], "rsa.internal.event_desc": "taut", "rsa.internal.messageid": "24", @@ -551,9 +551,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.34.161.166", "10.245.200.97", - "10.219.116.137" + "10.219.116.137", + "10.34.161.166" ], "rsa.internal.event_desc": "rehend", "rsa.internal.messageid": "428", @@ -599,8 +599,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.118.80.140", - "10.252.122.195" + "10.252.122.195", + "10.118.80.140" ], "rsa.internal.messageid": "401", "rsa.internal.msg": "inesci", @@ -845,8 +845,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.248.101.25", - "10.60.129.15" + "10.60.129.15", + "10.248.101.25" ], "rsa.internal.messageid": "372", "rsa.internal.msg": "ommodico", @@ -1006,8 +1006,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.101.74.44", - "10.251.20.13" + "10.251.20.13", + "10.101.74.44" ], "related.user": [ "rsitv" @@ -1219,8 +1219,8 @@ "ise5905.www.local" ], "related.ip": [ - "10.97.124.211", - "10.53.113.23" + "10.53.113.23", + "10.97.124.211" ], "rsa.identity.user_sid_dst": "iumdol", "rsa.internal.messageid": "1154", @@ -1279,8 +1279,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.187.201.250", - "10.64.229.79" + "10.64.229.79", + "10.187.201.250" ], "rsa.db.index": "rumwrit", "rsa.internal.messageid": "83", @@ -1389,8 +1389,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.31.190.145", - "10.147.88.219" + "10.147.88.219", + "10.31.190.145" ], "related.user": [ "corpori" @@ -1431,9 +1431,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.108.84.24", "10.251.248.228", - "10.113.100.237" + "10.113.100.237", + "10.108.84.24" ], "rsa.internal.event_desc": "volupt", "rsa.internal.messageid": "606", @@ -1777,8 +1777,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.165.48.224", - "10.191.242.168" + "10.191.242.168", + "10.165.48.224" ], "rsa.internal.event_desc": "equep", "rsa.internal.messageid": "995", @@ -1831,8 +1831,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.185.37.32", - "10.116.173.79" + "10.116.173.79", + "10.185.37.32" ], "rsa.internal.messageid": "178", "rsa.internal.msg": "ende", @@ -1863,8 +1863,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.57.85.98", - "10.219.42.212" + "10.219.42.212", + "10.57.85.98" ], "rsa.internal.event_desc": "mquisno", "rsa.internal.messageid": "995", @@ -1917,8 +1917,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.135.70.159", - "10.195.223.82" + "10.195.223.82", + "10.135.70.159" ], "rsa.internal.messageid": "351", "rsa.internal.msg": "CSe", @@ -2068,8 +2068,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.56.10.84", - "10.12.54.142" + "10.12.54.142", + "10.56.10.84" ], "rsa.internal.messageid": "658", "rsa.internal.msg": "osquirat", @@ -2105,8 +2105,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.117.63.181", - "10.222.169.140" + "10.222.169.140", + "10.117.63.181" ], "rsa.internal.messageid": "195", "rsa.internal.msg": "magnaal", @@ -2247,8 +2247,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.129.101.147", - "10.206.229.61" + "10.206.229.61", + "10.129.101.147" ], "rsa.internal.messageid": "413", "rsa.internal.msg": "upta", @@ -2383,8 +2383,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.29.120.226", - "10.203.146.137" + "10.203.146.137", + "10.29.120.226" ], "rsa.internal.messageid": "712", "rsa.misc.action": [ diff --git a/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json b/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json index b57ab7067ab..392ac679e44 100644 --- a/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json @@ -59,9 +59,9 @@ "10.57.170.140" ], "related.user": [ - "sunt", + "dexeac", "icistatuscode=giatquov", - "dexeac" + "sunt" ], "rsa.db.index": "run", "rsa.identity.logon_type": "nofdeF", @@ -70,8 +70,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "block", - "ugiatnu" + "ugiatnu", + "block" ], "rsa.misc.comments": "colabo", "rsa.misc.content_type": "sedd", @@ -163,8 +163,8 @@ "10.106.239.55" ], "related.user": [ - "itquiin", - "eaq" + "eaq", + "itquiin" ], "rsa.identity.logon_type": "stquidol", "rsa.internal.event_desc": "bor", @@ -638,8 +638,8 @@ "10.54.169.175" ], "related.user": [ - "taspe", - "scipit" + "scipit", + "taspe" ], "rsa.identity.logon_type": "olores", "rsa.internal.event_desc": "secil", @@ -974,8 +974,8 @@ "10.232.108.32" ], "related.user": [ - "rsp", - "llum" + "llum", + "rsp" ], "rsa.identity.logon_type": "ntut", "rsa.internal.event_desc": "ittenb", @@ -1033,13 +1033,13 @@ "Duis583.api.local" ], "related.ip": [ - "10.17.51.153", - "10.89.41.97" + "10.89.41.97", + "10.17.51.153" ], "related.user": [ - "tcustatuscode=eumiu", "tio", - "pteurs" + "pteurs", + "tcustatuscode=eumiu" ], "rsa.db.index": "eavolupt", "rsa.identity.logon_type": "ursintoc", @@ -1610,8 +1610,8 @@ "10.244.96.61" ], "related.user": [ - "itsedqui", - "iumt" + "iumt", + "itsedqui" ], "rsa.identity.logon_type": "psamvolu", "rsa.internal.event_desc": "orroqui", @@ -1851,13 +1851,13 @@ "tenbyCi4371.www5.localdomain" ], "related.ip": [ - "10.98.126.206", - "10.214.167.164" + "10.214.167.164", + "10.98.126.206" ], "related.user": [ - "hen", + "amremapstatuscode=dolorsit", "isnostru", - "amremapstatuscode=dolorsit" + "hen" ], "rsa.db.index": "spernatu", "rsa.identity.logon_type": "untutl", @@ -1866,8 +1866,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "nsectetu", - "block" + "block", + "nsectetu" ], "rsa.misc.comments": "uaer", "rsa.misc.content_type": "eaqu", @@ -1924,8 +1924,8 @@ "observer.vendor": "Sophos", "process.pid": 6722, "related.ip": [ - "10.32.236.117", - "10.203.157.250" + "10.203.157.250", + "10.32.236.117" ], "rsa.internal.event_desc": "Packet", "rsa.internal.messageid": "ulogd", @@ -2033,10 +2033,10 @@ "10.92.93.236" ], "related.user": [ - "ulpaq", + "ntoccae", "Sedutper", "dolorsistatuscode=acc", - "ntoccae" + "ulpaq" ], "rsa.db.index": "snisiut", "rsa.identity.logon_type": "umdol", @@ -2045,8 +2045,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "icons", - "block" + "block", + "icons" ], "rsa.misc.comments": "porincid", "rsa.misc.content_type": "temvele", @@ -2124,9 +2124,9 @@ "10.202.65.2" ], "related.user": [ - "atatno", "iscivelistatuscode=urve", - "tasu" + "tasu", + "atatno" ], "rsa.db.index": "amrem", "rsa.identity.logon_type": "nulamcol", @@ -2314,13 +2314,13 @@ "obea2960.mail.corp" ], "related.ip": [ - "10.33.138.154", - "10.45.12.53" + "10.45.12.53", + "10.33.138.154" ], "related.user": [ - "eturadip", + "porincid", "umqustatuscode=ntexpli", - "porincid" + "eturadip" ], "rsa.db.index": "dolor", "rsa.identity.logon_type": "eturadi", @@ -2481,8 +2481,8 @@ "10.32.85.21" ], "related.user": [ - "antium", - "etconsec" + "etconsec", + "antium" ], "rsa.identity.logon_type": "umiurere", "rsa.internal.event_desc": "serro", @@ -2628,14 +2628,14 @@ "nisiuta4810.api.test" ], "related.ip": [ - "10.85.200.58", - "10.210.175.52" + "10.210.175.52", + "10.85.200.58" ], "related.user": [ - "Loremi", - "rExce", "reetd", - "inimastatuscode=emipsum" + "inimastatuscode=emipsum", + "Loremi", + "rExce" ], "rsa.db.index": "apa", "rsa.identity.logon_type": "sedquia", @@ -2644,8 +2644,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "cancel", - "odte" + "odte", + "cancel" ], "rsa.misc.comments": "emquia", "rsa.misc.content_type": "sauteir", @@ -3619,8 +3619,8 @@ "10.96.200.83" ], "related.user": [ - "lapariat", - "acommod" + "acommod", + "lapariat" ], "rsa.identity.logon_type": "remeumf", "rsa.internal.event_desc": "dol", diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json index 90a40d0b095..a78e3c1ccb0 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json @@ -70,6 +70,7 @@ "destination.geo.city_name": "Saint-Prex", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", "destination.geo.location.lat": 46.4796, "destination.geo.location.lon": 6.4599, "destination.geo.region_iso_code": "CH-VD", @@ -131,6 +132,7 @@ "source.geo.city_name": "Miami", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 25.7806, "source.geo.location.lon": -80.1826, "source.geo.region_iso_code": "US-FL", @@ -154,6 +156,7 @@ "destination.geo.city_name": "Saint-Prex", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", "destination.geo.location.lat": 46.4796, "destination.geo.location.lon": 6.4599, "destination.geo.region_iso_code": "CH-VD", @@ -217,6 +220,7 @@ "source.geo.city_name": "Cabreuva", "source.geo.continent_name": "South America", "source.geo.country_iso_code": "BR", + "source.geo.country_name": "Brazil", "source.geo.location.lat": -23.3149, "source.geo.location.lon": -47.0763, "source.geo.region_iso_code": "BR-SP", @@ -240,6 +244,7 @@ "destination.geo.city_name": "Saint-Prex", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", "destination.geo.location.lat": 46.4796, "destination.geo.location.lon": 6.4599, "destination.geo.region_iso_code": "CH-VD", @@ -302,6 +307,7 @@ "source.domain": "ELTOBGI.COM", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", "source.geo.location.lat": 51.4964, "source.geo.location.lon": -0.1224, "source.ip": "77.72.3.56", diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json index a78e27fa46e..42590edbb33 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json @@ -10,6 +10,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6348, "destination.geo.location.lon": -122.3451, "destination.geo.region_iso_code": "US-WA", @@ -87,6 +88,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6348, "destination.geo.location.lon": -122.3451, "destination.geo.region_iso_code": "US-WA", @@ -163,6 +165,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "South America", "destination.geo.country_iso_code": "UY", + "destination.geo.country_name": "Uruguay", "destination.geo.location.lat": -33.0, "destination.geo.location.lon": -56.0, "destination.ip": "186.8.209.194", @@ -225,6 +228,7 @@ "source.bytes": 0, "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 51.2993, "source.geo.location.lon": 9.491, "source.ip": "82.165.194.211", @@ -246,6 +250,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 51.2993, "destination.geo.location.lon": 9.491, "destination.ip": "185.7.209.194", @@ -309,6 +314,7 @@ "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 47.4902, "source.geo.location.lon": -122.3004, "source.geo.region_iso_code": "US-WA", diff --git a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json index 7dbb6289456..38c2694478e 100644 --- a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json @@ -7,6 +7,7 @@ "destination.as.organization.name": "Petersburg Internet Network ltd.", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", + "destination.geo.country_name": "Russia", "destination.geo.location.lat": 55.7386, "destination.geo.location.lon": 37.6068, "destination.ip": "46.161.30.47", @@ -76,6 +77,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6348, "destination.geo.location.lon": -122.3451, "destination.geo.region_iso_code": "US-WA", @@ -143,6 +145,7 @@ "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 47.6348, "destination.geo.location.lon": -122.3451, "destination.geo.region_iso_code": "US-WA", @@ -209,6 +212,7 @@ "destination.as.organization.name": "Accelerated IT Services & Consulting GmbH", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 51.2993, "destination.geo.location.lon": 9.491, "destination.ip": "82.211.30.202", diff --git a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json index a82d4550f57..84dc15e1aeb 100644 --- a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json @@ -7,6 +7,7 @@ "destination.as.organization.name": "BHARTI Airtel Ltd.", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IN", + "destination.geo.country_name": "India", "destination.geo.location.lat": 20.0, "destination.geo.location.lon": 77.0, "destination.ip": "182.79.221.19", @@ -78,6 +79,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -134,6 +136,7 @@ "source.as.organization.name": "Telefonica Germany", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 51.2993, "source.geo.location.lon": 9.491, "source.ip": "5.5.5.15", @@ -153,6 +156,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "74.125.130.188", @@ -213,6 +217,7 @@ "source.as.organization.name": "Telefonica Germany", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 51.2993, "source.geo.location.lon": 9.491, "source.ip": "5.5.5.15", @@ -231,6 +236,7 @@ "destination.geo.city_name": "Dublin", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IE", + "destination.geo.country_name": "Ireland", "destination.geo.location.lat": 53.3338, "destination.geo.location.lon": -6.2488, "destination.geo.region_iso_code": "IE-L", @@ -302,6 +308,7 @@ "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.7095, "destination.geo.location.lon": -78.1539, "destination.geo.region_iso_code": "US-VA", @@ -375,6 +382,7 @@ "destination.geo.city_name": "Bratislava", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", + "destination.geo.country_name": "Slovakia", "destination.geo.location.lat": 48.15, "destination.geo.location.lon": 17.1078, "destination.geo.region_iso_code": "SK-BL", @@ -498,6 +506,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "64.233.189.147", @@ -569,6 +578,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "64.233.188.94", diff --git a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json index d14c2bb9924..89d6878ec6f 100644 --- a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json @@ -59,6 +59,7 @@ "destination.as.organization.name": "DoD Network Information Center", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "214.167.51.66", @@ -105,6 +106,7 @@ "source.geo.city_name": "Elblag", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 54.172, "source.geo.location.lon": 19.4195, "source.geo.region_iso_code": "PL-28", @@ -199,6 +201,7 @@ "source.geo.city_name": "August\u00f3w", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 53.845, "source.geo.location.lon": 22.985, "source.geo.region_iso_code": "PL-20", @@ -336,6 +339,7 @@ "source.geo.city_name": "Schleidweiler", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.8808, "source.geo.location.lon": 6.6593, "source.geo.region_iso_code": "DE-RP", @@ -438,6 +442,7 @@ "source.geo.city_name": "Fell", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", + "source.geo.country_name": "Germany", "source.geo.location.lat": 49.7667, "source.geo.location.lon": 6.7833, "source.geo.region_iso_code": "DE-RP", @@ -522,6 +527,7 @@ "sophos.xg.status": "Failed", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "172.66.35.15", diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json index d392790d795..7f1e5d9190b 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json @@ -13,6 +13,7 @@ "destination.geo.city_name": "Bratislava", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", + "destination.geo.country_name": "Slovakia", "destination.geo.location.lat": 48.15, "destination.geo.location.lon": 17.1078, "destination.geo.region_iso_code": "SK-BL", @@ -98,6 +99,7 @@ "source.bytes": 459, "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", + "source.geo.country_name": "Russia", "source.geo.location.lat": 55.7386, "source.geo.location.lon": 37.6068, "source.ip": "172.17.34.15", @@ -125,6 +127,7 @@ "destination.geo.city_name": "Bratislava", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", + "destination.geo.country_name": "Slovakia", "destination.geo.location.lat": 48.15, "destination.geo.location.lon": 17.1078, "destination.geo.region_iso_code": "SK-BL", @@ -211,6 +214,7 @@ "source.geo.city_name": "Saint-Prex", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "CH", + "source.geo.country_name": "Switzerland", "source.geo.location.lat": 46.4796, "source.geo.location.lon": 6.4599, "source.geo.region_iso_code": "CH-VD", @@ -410,6 +414,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 51.2993, "destination.geo.location.lon": 9.491, "destination.ip": "185.7.209.207", @@ -481,6 +486,7 @@ "source.geo.city_name": "Warsaw", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 52.25, "source.geo.location.lon": 21.0, "source.geo.region_iso_code": "PL-14", @@ -1030,6 +1036,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1437,6 +1444,7 @@ "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -1687,6 +1695,7 @@ "destination.geo.city_name": "Richardson", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 32.9473, "destination.geo.location.lon": -96.7028, "destination.geo.region_iso_code": "US-TX", diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json index 7caee4d72eb..d92a2b2e7e4 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json @@ -61,6 +61,7 @@ "source.as.organization.name": "Bestnet Service SRL", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RO", + "source.geo.country_name": "Romania", "source.geo.location.lat": 46.0, "source.geo.location.lon": 25.0, "source.ip": "89.40.182.58", @@ -132,6 +133,7 @@ "source.as.organization.name": "China Unicom Beijing Province Network", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", + "source.geo.country_name": "China", "source.geo.location.lat": 31.0449, "source.geo.location.lon": 121.4012, "source.geo.region_iso_code": "CN-SH", @@ -205,6 +207,7 @@ "source.as.organization.name": "KPN B.V.", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "NL", + "source.geo.country_name": "Netherlands", "source.geo.location.lat": 52.3824, "source.geo.location.lon": 4.8995, "source.ip": "77.61.185.101", diff --git a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json index fe6af644611..ceed76baef1 100644 --- a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json @@ -9,6 +9,7 @@ "destination.geo.city_name": "Saint-Prex", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", "destination.geo.location.lat": 46.4796, "destination.geo.location.lon": 6.4599, "destination.geo.region_iso_code": "CH-VD", @@ -66,6 +67,7 @@ "source.geo.city_name": "Gdynia", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 54.5055, "source.geo.location.lon": 18.5403, "source.geo.region_iso_code": "PL-22", @@ -88,6 +90,7 @@ "destination.geo.city_name": "Saint-Prex", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", + "destination.geo.country_name": "Switzerland", "destination.geo.location.lat": 46.4796, "destination.geo.location.lon": 6.4599, "destination.geo.region_iso_code": "CH-VD", @@ -146,6 +149,7 @@ "source.geo.city_name": "Gdynia", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", + "source.geo.country_name": "Poland", "source.geo.location.lat": 54.5055, "source.geo.location.lon": 18.5403, "source.geo.region_iso_code": "PL-22", @@ -303,6 +307,7 @@ "destination.bytes": 403, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "216.167.51.72", @@ -359,6 +364,7 @@ "source.geo.city_name": "Bucharest", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RO", + "source.geo.country_name": "Romania", "source.geo.location.lat": 44.4176, "source.geo.location.lon": 26.1708, "source.geo.region_iso_code": "RO-B", diff --git a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json index 26b891ba4f1..e9284eed554 100644 --- a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json +++ b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json @@ -5,6 +5,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -36,8 +37,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_MISS" + "TCP_MISS", + "CONNECT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -67,6 +68,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -89,8 +91,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -101,8 +103,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -132,6 +134,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -155,8 +158,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -167,8 +170,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -220,8 +223,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -273,8 +276,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "text/javascript", "rsa.misc.result_code": "200", @@ -304,6 +307,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -338,8 +342,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -368,6 +372,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -389,8 +394,8 @@ "www.google-analytics.com" ], "related.ip": [ - "10.105.21.199", - "66.102.9.147" + "66.102.9.147", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -401,8 +406,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -432,6 +437,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -455,8 +461,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -467,8 +473,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -498,6 +504,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -521,8 +528,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -533,8 +540,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -564,6 +571,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -652,8 +660,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -683,6 +691,7 @@ "destination.geo.city_name": "Dallas", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 32.9379, "destination.geo.location.lon": -96.8384, "destination.geo.region_iso_code": "US-TX", @@ -706,8 +715,8 @@ "as.casalemedia.com" ], "related.ip": [ - "10.105.21.199", - "209.85.16.38" + "209.85.16.38", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -746,6 +755,7 @@ "@timestamp": "2006-09-08T04:22:06.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -766,8 +776,8 @@ "us.bc.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "68.142.213.132" + "68.142.213.132", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -777,8 +787,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_MISS" + "TCP_MISS", + "CONNECT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -807,6 +817,7 @@ "destination.as.organization.name": "Telia Company AB", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SE", + "destination.geo.country_name": "Sweden", "destination.geo.location.lat": 59.3247, "destination.geo.location.lon": 18.056, "destination.ip": [ @@ -840,8 +851,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -871,6 +882,7 @@ "destination.geo.city_name": "Los Angeles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 34.0675, "destination.geo.location.lon": -118.3521, "destination.geo.region_iso_code": "US-CA", @@ -894,8 +906,8 @@ "4.adbrite.com" ], "related.ip": [ - "10.105.21.199", - "206.169.136.22" + "206.169.136.22", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -959,8 +971,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -990,6 +1002,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -1013,8 +1026,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -1025,8 +1038,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -1056,6 +1069,7 @@ "destination.geo.city_name": "Falls Church", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.9307, "destination.geo.location.lon": -77.1673, "destination.geo.region_iso_code": "US-VA", @@ -1079,8 +1093,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -1119,6 +1133,7 @@ "@timestamp": "2006-09-08T04:22:10.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -1140,8 +1155,8 @@ "4.adbrite.com" ], "related.ip": [ - "10.105.21.199", - "64.127.126.178" + "64.127.126.178", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1152,8 +1167,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -1183,6 +1198,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -1206,8 +1222,8 @@ "ff.connextra.com" ], "related.ip": [ - "213.160.98.161", - "10.105.21.199" + "10.105.21.199", + "213.160.98.161" ], "related.user": [ "badeyek" @@ -1218,8 +1234,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "302", @@ -1249,6 +1265,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -1284,8 +1301,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -1336,8 +1353,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_DENIED" + "TCP_DENIED", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -1366,6 +1383,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -1397,8 +1415,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "CONNECT" + "CONNECT", + "TCP_MISS" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -1480,6 +1498,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -1542,6 +1561,7 @@ "destination.geo.city_name": "Victoria", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", + "destination.geo.country_name": "Canada", "destination.geo.location.lat": 48.4267, "destination.geo.location.lon": -123.3655, "destination.geo.region_iso_code": "CA-BC", @@ -1607,6 +1627,7 @@ "destination.geo.city_name": "Victoria", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", + "destination.geo.country_name": "Canada", "destination.geo.location.lat": 48.4267, "destination.geo.location.lon": -123.3655, "destination.geo.region_iso_code": "CA-BC", @@ -1630,8 +1651,8 @@ "hi5.com" ], "related.ip": [ - "10.105.47.218", - "204.13.51.238" + "204.13.51.238", + "10.105.47.218" ], "related.user": [ "nazsoau" @@ -1672,6 +1693,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -1692,8 +1714,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "216.155.194.239" + "216.155.194.239", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -1809,8 +1831,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -1862,8 +1884,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -1893,6 +1915,7 @@ "destination.geo.city_name": "Victoria", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", + "destination.geo.country_name": "Canada", "destination.geo.location.lat": 48.4267, "destination.geo.location.lon": -123.3655, "destination.geo.region_iso_code": "CA-BC", @@ -1915,8 +1938,8 @@ "hi5.com" ], "related.ip": [ - "204.13.51.238", - "10.105.47.218" + "10.105.47.218", + "204.13.51.238" ], "related.user": [ "nazsoau" @@ -1958,6 +1981,7 @@ "destination.geo.city_name": "Victoria", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", + "destination.geo.country_name": "Canada", "destination.geo.location.lat": 48.4267, "destination.geo.location.lon": -123.3655, "destination.geo.region_iso_code": "CA-BC", @@ -1993,8 +2017,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -2023,6 +2047,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2054,8 +2079,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_MISS" + "TCP_MISS", + "POST" ], "rsa.misc.content_type": "text/plain", "rsa.misc.result_code": "200", @@ -2082,6 +2107,7 @@ "@timestamp": "2006-09-08T04:22:33.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2102,8 +2128,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.194.14" + "68.142.194.14", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2114,8 +2140,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -2144,6 +2170,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2165,8 +2192,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2177,8 +2204,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -2207,6 +2234,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2266,6 +2294,7 @@ "@timestamp": "2006-09-08T04:22:35.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2330,6 +2359,7 @@ "destination.geo.city_name": "Sacramento", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 38.6415, "destination.geo.location.lon": -121.5114, "destination.geo.region_iso_code": "US-CA", @@ -2395,6 +2425,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2455,6 +2486,7 @@ "@timestamp": "2006-09-08T04:22:37.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2487,8 +2519,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -2538,8 +2570,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "CONNECT" + "CONNECT", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -2642,8 +2674,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "POST" + "POST", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -2723,6 +2755,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2837,6 +2870,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2900,6 +2934,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2920,8 +2955,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "216.155.194.239" + "216.155.194.239", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2961,6 +2996,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -2994,8 +3030,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3024,6 +3060,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3057,8 +3094,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3109,8 +3146,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "POST" + "POST", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3161,8 +3198,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_DENIED" + "TCP_DENIED", + "POST" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3191,6 +3228,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3224,8 +3262,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3254,6 +3292,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3287,8 +3326,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3317,6 +3356,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3338,8 +3378,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3350,8 +3390,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3380,6 +3420,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3401,8 +3442,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3413,8 +3454,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3466,8 +3507,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -3519,8 +3560,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -3572,8 +3613,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -3602,6 +3643,7 @@ "destination.as.organization.name": "BBC", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.4964, "destination.geo.location.lon": -0.1224, "destination.ip": [ @@ -3623,8 +3665,8 @@ "newsrss.bbc.co.uk" ], "related.ip": [ - "212.58.226.33", - "10.105.21.199" + "10.105.21.199", + "212.58.226.33" ], "related.user": [ "badeyek" @@ -3665,6 +3707,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3834,6 +3877,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3855,8 +3899,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3866,8 +3910,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_MISS" + "TCP_MISS", + "POST" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -3897,6 +3941,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -3962,6 +4007,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -3983,8 +4029,8 @@ "radio.music.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3995,8 +4041,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -4025,6 +4071,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4046,8 +4093,8 @@ "radio.music.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4058,8 +4105,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -4088,6 +4135,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4121,8 +4169,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -4227,8 +4275,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -4258,6 +4306,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -4281,8 +4330,8 @@ "us.news1.yimg.com" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4293,8 +4342,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "200", @@ -4323,6 +4372,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4344,8 +4394,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -4386,6 +4436,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4450,6 +4501,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -4473,8 +4525,8 @@ "us.a2.yimg.com" ], "related.ip": [ - "10.105.33.214", - "213.160.98.152" + "213.160.98.152", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4515,6 +4567,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4536,8 +4589,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4576,6 +4629,7 @@ "@timestamp": "2006-09-08T04:22:54.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4597,8 +4651,8 @@ "us.bc.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.213.132" + "68.142.213.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4637,6 +4691,7 @@ "@timestamp": "2006-09-08T04:22:56.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4698,6 +4753,7 @@ "@timestamp": "2006-09-08T04:22:57.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4782,8 +4838,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "304", @@ -4813,6 +4869,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -4836,8 +4893,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4879,6 +4936,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -4914,8 +4972,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -4944,6 +5002,7 @@ "destination.as.organization.name": "Oath Holdings Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -4964,8 +5023,8 @@ "login.yahoo.com" ], "related.ip": [ - "209.73.177.115", - "10.105.21.199" + "10.105.21.199", + "209.73.177.115" ], "related.user": [ "badeyek" @@ -4975,8 +5034,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "CONNECT" + "CONNECT", + "TCP_MISS" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -5006,6 +5065,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5072,6 +5132,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5095,8 +5156,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "213.160.98.159", - "10.105.33.214" + "10.105.33.214", + "213.160.98.159" ], "related.user": [ "adeolaegbedokun" @@ -5191,6 +5252,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5257,6 +5319,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5323,6 +5386,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5346,8 +5410,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.167" + "213.160.98.167", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5358,8 +5422,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5411,8 +5475,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -5492,6 +5556,7 @@ "@timestamp": "2006-09-08T04:23:01.000Z", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": [ @@ -5513,8 +5578,8 @@ "launch.adserver.yahoo.com" ], "related.ip": [ - "216.109.125.112", - "10.105.33.214" + "10.105.33.214", + "216.109.125.112" ], "related.user": [ "adeolaegbedokun" @@ -5525,8 +5590,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -5555,6 +5620,7 @@ "destination.as.organization.name": "Yahoo! UK Services Limited", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.4964, "destination.geo.location.lon": -0.1224, "destination.ip": [ @@ -5576,8 +5642,8 @@ "uk.f250.mail.yahoo.com" ], "related.ip": [ - "217.12.10.96", - "10.105.21.199" + "10.105.21.199", + "217.12.10.96" ], "related.user": [ "badeyek" @@ -5639,8 +5705,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "CONNECT" + "CONNECT", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -5670,6 +5736,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", @@ -5693,8 +5760,8 @@ "us.js2.yimg.com" ], "related.ip": [ - "213.160.98.169", - "10.105.21.199" + "10.105.21.199", + "213.160.98.169" ], "related.user": [ "badeyek" @@ -5789,6 +5856,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5064, "destination.geo.location.lon": -0.02, "destination.geo.region_iso_code": "GB-ENG", diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json index 68412b504dc..a63e2fd592a 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -9,6 +9,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -89,6 +90,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -169,6 +171,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -249,6 +252,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -329,6 +333,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -409,6 +414,7 @@ "destination.geo.city_name": "Norwell", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.1596, "destination.geo.location.lon": -70.8217, "destination.geo.region_iso_code": "US-MA", @@ -489,6 +495,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5132, "destination.geo.location.lon": -0.0961, "destination.geo.region_iso_code": "GB-ENG", @@ -569,6 +576,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -649,6 +657,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -729,6 +738,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5132, "destination.geo.location.lon": -0.0961, "destination.geo.region_iso_code": "GB-ENG", @@ -809,6 +819,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5132, "destination.geo.location.lon": -0.0961, "destination.geo.region_iso_code": "GB-ENG", @@ -889,6 +900,7 @@ "destination.geo.city_name": "London", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", "destination.geo.location.lat": 51.5132, "destination.geo.location.lon": -0.0961, "destination.geo.region_iso_code": "GB-ENG", @@ -969,6 +981,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1049,6 +1062,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1129,6 +1143,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1209,6 +1224,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1289,6 +1305,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1369,6 +1386,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1449,6 +1467,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", @@ -1528,6 +1547,7 @@ "destination.geo.city_name": "Boston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 42.3562, "destination.geo.location.lon": -71.0631, "destination.geo.region_iso_code": "US-MA", diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index 5d113c8d370..4851f2db826 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -415,6 +415,7 @@ "destination.domain": "p33-btmmdns.icloud.com", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "17.142.164.13", diff --git a/x-pack/filebeat/module/symantec/endpointprotection/test/generated.log-expected.json b/x-pack/filebeat/module/symantec/endpointprotection/test/generated.log-expected.json index 9b9183fe35a..0c6eccf2dcc 100644 --- a/x-pack/filebeat/module/symantec/endpointprotection/test/generated.log-expected.json +++ b/x-pack/filebeat/module/symantec/endpointprotection/test/generated.log-expected.json @@ -704,8 +704,8 @@ "bore5546.www.local" ], "related.ip": [ - "10.7.164.113", "10.175.83.138", + "10.7.164.113", "10.207.125.114" ], "related.user": [ @@ -2263,8 +2263,8 @@ "edi6108.internal.domain" ], "related.ip": [ - "10.72.200.11", - "10.132.171.142" + "10.132.171.142", + "10.72.200.11" ], "related.user": [ "ero" @@ -2579,8 +2579,8 @@ "dita2048.www5.home" ], "related.ip": [ - "10.171.13.85", - "10.40.133.90" + "10.40.133.90", + "10.171.13.85" ], "related.user": [ "bor" @@ -2795,8 +2795,8 @@ "urExcep6087.www5.localhost" ], "related.ip": [ - "10.155.163.6", - "10.31.231.57" + "10.31.231.57", + "10.155.163.6" ], "related.user": [ "norumetM" diff --git a/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json b/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json index ccb28ef2f92..b7c0e0bc8cb 100644 --- a/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json @@ -59,6 +59,7 @@ "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -116,6 +117,7 @@ "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", @@ -154,6 +156,7 @@ "source.bytes": 103, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "4.4.2.2", diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json index c4364d77426..200950e922a 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -7,6 +7,7 @@ "destination.geo.city_name": "San Jose", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.3388, "destination.geo.location.lon": -121.8914, "destination.geo.region_iso_code": "US-CA", diff --git a/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json b/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json index 245d1154e86..06d833b6a42 100644 --- a/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json @@ -6,6 +6,7 @@ "destination.as.organization.name": "Team Cymru Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "38.229.70.20", @@ -52,6 +53,7 @@ "destination.as.organization.name": "Team Cymru Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "38.229.70.20", @@ -103,6 +105,7 @@ "destination.as.organization.name": "Team Cymru Inc.", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "38.229.70.20", diff --git a/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json b/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json index a5838e9f3f1..90bb5e3145e 100644 --- a/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json @@ -40,6 +40,7 @@ "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", + "destination.geo.country_name": "Germany", "destination.geo.location.lat": 50.1188, "destination.geo.location.lon": 8.6843, "destination.geo.region_iso_code": "DE-HE", @@ -71,6 +72,7 @@ "source.geo.city_name": "Longmont", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 40.1559, "source.geo.location.lon": -105.1624, "source.geo.region_iso_code": "US-CO", diff --git a/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json b/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json index 79b38a0717d..71061cd293b 100644 --- a/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json @@ -6,6 +6,7 @@ "destination.as.organization.name": "Internap Corporation", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "74.63.41.218", @@ -72,6 +73,7 @@ "destination.geo.city_name": "Mexico City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "MX", + "destination.geo.country_name": "Mexico", "destination.geo.location.lat": 19.4357, "destination.geo.location.lon": -99.1438, "destination.geo.region_iso_code": "MX-CMX", @@ -108,6 +110,7 @@ "source.geo.city_name": "Mexico City", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "MX", + "source.geo.country_name": "Mexico", "source.geo.location.lat": 19.4357, "source.geo.location.lon": -99.1438, "source.geo.region_iso_code": "MX-CMX", @@ -151,6 +154,7 @@ "destination.geo.city_name": "Mexico City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "MX", + "destination.geo.country_name": "Mexico", "destination.geo.location.lat": 19.4357, "destination.geo.location.lon": -99.1438, "destination.geo.region_iso_code": "MX-CMX", @@ -187,6 +191,7 @@ "source.geo.city_name": "Mexico City", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "MX", + "source.geo.country_name": "Mexico", "source.geo.location.lat": 19.4357, "source.geo.location.lon": -99.1438, "source.geo.region_iso_code": "MX-CMX", diff --git a/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json b/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json index 805d20d2a54..67817ff0a42 100644 --- a/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json @@ -8,6 +8,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", @@ -88,6 +89,7 @@ "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.4043, "destination.geo.location.lon": -122.0748, "destination.geo.region_iso_code": "US-CA", diff --git a/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json b/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json index 8fdfd983c94..34d600174ac 100644 --- a/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json @@ -6,6 +6,7 @@ "destination.as.organization.name": "Google LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", diff --git a/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json b/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json index 1e00e616e36..3ef709508a3 100644 --- a/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json @@ -6,6 +6,7 @@ "destination.as.organization.name": "Air Force Systems Networking", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", "destination.geo.location.lat": 37.751, "destination.geo.location.lon": -97.822, "destination.ip": "132.16.110.133", @@ -33,6 +34,7 @@ "source.as.organization.name": "Air Force Systems Networking", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", "source.geo.location.lat": 37.751, "source.geo.location.lon": -97.822, "source.ip": "132.16.146.79", diff --git a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json index b7bd436496b..1fbe44131f5 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json @@ -26,8 +26,8 @@ "rci737.www5.example" ], "related.ip": [ - "10.176.10.114", - "10.206.191.17" + "10.206.191.17", + "10.176.10.114" ], "related.user": [ "sumdo" @@ -115,8 +115,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "luptat", "rsa.misc.action": [ - "Allowed", - "tur" + "tur", + "Allowed" ], "rsa.misc.category": "eius", "rsa.misc.filter": "ameaqu", @@ -176,8 +176,8 @@ "orsitame3262.domain" ], "related.ip": [ - "10.254.146.57", - "10.204.86.149" + "10.204.86.149", + "10.254.146.57" ], "related.user": [ "tenima" @@ -191,8 +191,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uptassi", "rsa.misc.action": [ - "giatq", - "Blocked" + "Blocked", + "giatq" ], "rsa.misc.category": "llu", "rsa.misc.filter": "tconsec", @@ -252,8 +252,8 @@ "tempor4496.www.localdomain" ], "related.ip": [ - "10.252.125.53", - "10.103.246.190" + "10.103.246.190", + "10.252.125.53" ], "related.user": [ "equun" @@ -267,8 +267,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ima", "rsa.misc.action": [ - "llam", - "Allowed" + "Allowed", + "llam" ], "rsa.misc.category": "aboris", "rsa.misc.filter": "atatnonp", @@ -328,8 +328,8 @@ "ore2933.www.test" ], "related.ip": [ - "10.61.78.108", - "10.136.153.149" + "10.136.153.149", + "10.61.78.108" ], "related.user": [ "ercit" @@ -343,8 +343,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "inim", "rsa.misc.action": [ - "reetdolo", - "Blocked" + "Blocked", + "reetdolo" ], "rsa.misc.category": "osquir", "rsa.misc.filter": "ipit", @@ -480,8 +480,8 @@ "cup1793.local" ], "related.ip": [ - "10.243.224.205", - "10.123.104.59" + "10.123.104.59", + "10.243.224.205" ], "related.user": [ "xercitat" @@ -495,8 +495,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "lupt", "rsa.misc.action": [ - "Blocked", - "dun" + "dun", + "Blocked" ], "rsa.misc.category": "rsitamet", "rsa.misc.filter": "usmod", @@ -632,8 +632,8 @@ "aperia4409.www5.invalid" ], "related.ip": [ - "10.78.151.178", - "10.25.192.202" + "10.25.192.202", + "10.78.151.178" ], "related.user": [ "quip" @@ -647,8 +647,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "atquovo", "rsa.misc.action": [ - "amvolup", - "Allowed" + "Allowed", + "amvolup" ], "rsa.misc.category": "hil", "rsa.misc.filter": "deFinibu", @@ -723,8 +723,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ihilm", "rsa.misc.action": [ - "Allowed", - "psaquae" + "psaquae", + "Allowed" ], "rsa.misc.category": "eFinib", "rsa.misc.filter": "inesci", @@ -784,8 +784,8 @@ "ite2026.www.invalid" ], "related.ip": [ - "10.19.145.131", - "10.223.247.86" + "10.223.247.86", + "10.19.145.131" ], "related.user": [ "tNequepo" @@ -860,8 +860,8 @@ "radipisc7020.home" ], "related.ip": [ - "10.2.53.125", - "10.181.80.139" + "10.181.80.139", + "10.2.53.125" ], "related.user": [ "ihilmo" @@ -936,8 +936,8 @@ "uamei2493.www.test" ], "related.ip": [ - "10.31.240.6", - "10.167.98.76" + "10.167.98.76", + "10.31.240.6" ], "related.user": [ "ratvolu" @@ -951,8 +951,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "catc", "rsa.misc.action": [ - "Allowed", - "veni" + "veni", + "Allowed" ], "rsa.misc.category": "sBono", "rsa.misc.filter": "isnisiu", @@ -1027,8 +1027,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iurer", "rsa.misc.action": [ - "ionevo", - "Allowed" + "Allowed", + "ionevo" ], "rsa.misc.category": "tinvolu", "rsa.misc.filter": "idex", @@ -1088,8 +1088,8 @@ "spi3544.www.host" ], "related.ip": [ - "10.63.250.128", - "10.111.187.12" + "10.111.187.12", + "10.63.250.128" ], "related.user": [ "saute" @@ -1164,8 +1164,8 @@ "tlab5981.www.host" ], "related.ip": [ - "10.5.126.127", - "10.252.124.150" + "10.252.124.150", + "10.5.126.127" ], "related.user": [ "inibusB" @@ -1179,8 +1179,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mod", "rsa.misc.action": [ - "Allowed", - "xeacomm" + "xeacomm", + "Allowed" ], "rsa.misc.category": "sauteiru", "rsa.misc.filter": "antiu", @@ -1331,8 +1331,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "quid", "rsa.misc.action": [ - "itecto", - "Allowed" + "Allowed", + "itecto" ], "rsa.misc.category": "quam", "rsa.misc.filter": "adeser", @@ -1392,8 +1392,8 @@ "uamei2389.internal.example" ], "related.ip": [ - "10.215.205.216", - "10.31.198.58" + "10.31.198.58", + "10.215.205.216" ], "related.user": [ "aturve" @@ -1468,8 +1468,8 @@ "eacommod1930.internal.lan" ], "related.ip": [ - "10.229.83.165", - "10.29.155.171" + "10.29.155.171", + "10.229.83.165" ], "related.user": [ "ulapar" @@ -1483,8 +1483,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "vitaedi", "rsa.misc.action": [ - "llitanim", - "Allowed" + "Allowed", + "llitanim" ], "rsa.misc.category": "apariat", "rsa.misc.filter": "tasnulap", @@ -1544,8 +1544,8 @@ "tem6984.www5.domain" ], "related.ip": [ - "10.161.148.64", - "10.129.192.145" + "10.129.192.145", + "10.161.148.64" ], "related.user": [ "lor" @@ -1620,8 +1620,8 @@ "lapariat7287.internal.host" ], "related.ip": [ - "10.203.65.161", - "10.7.200.140" + "10.7.200.140", + "10.203.65.161" ], "related.user": [ "snost" @@ -1711,8 +1711,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iutali", "rsa.misc.action": [ - "atcupi", - "Blocked" + "Blocked", + "atcupi" ], "rsa.misc.category": "isetq", "rsa.misc.filter": "equinesc", @@ -1772,8 +1772,8 @@ "stenatu4844.www.invalid" ], "related.ip": [ - "10.39.31.115", - "10.24.111.229" + "10.24.111.229", + "10.39.31.115" ], "related.user": [ "fugi" @@ -1848,8 +1848,8 @@ "sitam5077.internal.host" ], "related.ip": [ - "10.32.39.220", - "10.179.210.218" + "10.179.210.218", + "10.32.39.220" ], "related.user": [ "boreetdo" @@ -2000,8 +2000,8 @@ "lloin4019.www.localhost" ], "related.ip": [ - "10.130.241.232", - "10.238.224.49" + "10.238.224.49", + "10.130.241.232" ], "related.user": [ "onse" @@ -2015,8 +2015,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mnisiut", "rsa.misc.action": [ - "mod", - "Allowed" + "Allowed", + "mod" ], "rsa.misc.category": "uiinea", "rsa.misc.filter": "aturQu", @@ -2076,8 +2076,8 @@ "tamet6317.www.host" ], "related.ip": [ - "10.2.67.127", - "10.115.53.31" + "10.115.53.31", + "10.2.67.127" ], "related.user": [ "Cic" @@ -2091,8 +2091,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "quatD", "rsa.misc.action": [ - "tatem", - "Allowed" + "Allowed", + "tatem" ], "rsa.misc.category": "aincidun", "rsa.misc.filter": "uela", @@ -2167,8 +2167,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tasun", "rsa.misc.action": [ - "quasiarc", - "Allowed" + "Allowed", + "quasiarc" ], "rsa.misc.category": "autfugi", "rsa.misc.filter": "ritqu", @@ -2228,8 +2228,8 @@ "utaliqu4248.www.localhost" ], "related.ip": [ - "10.18.226.72", - "10.101.85.169" + "10.101.85.169", + "10.18.226.72" ], "related.user": [ "rroqu" @@ -2319,8 +2319,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mag", "rsa.misc.action": [ - "tali", - "Allowed" + "Allowed", + "tali" ], "rsa.misc.category": "oconse", "rsa.misc.filter": "npr", @@ -2380,8 +2380,8 @@ "tatio6513.www.invalid" ], "related.ip": [ - "10.80.57.247", - "10.229.242.223" + "10.229.242.223", + "10.80.57.247" ], "related.user": [ "itasp" @@ -2471,8 +2471,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uteir", "rsa.misc.action": [ - "Allowed", - "Section" + "Section", + "Allowed" ], "rsa.misc.category": "cididu", "rsa.misc.filter": "Utenima", @@ -2532,8 +2532,8 @@ "aquioff3853.www.localdomain" ], "related.ip": [ - "10.54.159.1", - "10.236.230.136" + "10.236.230.136", + "10.54.159.1" ], "related.user": [ "mUteni" @@ -2547,8 +2547,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tec", "rsa.misc.action": [ - "tatema", - "Allowed" + "Allowed", + "tatema" ], "rsa.misc.category": "emullamc", "rsa.misc.filter": "emveleum", @@ -2623,8 +2623,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tvolup", "rsa.misc.action": [ - "utemvel", - "Allowed" + "Allowed", + "utemvel" ], "rsa.misc.category": "untutlab", "rsa.misc.filter": "dol", @@ -2684,8 +2684,8 @@ "iamea478.www5.host" ], "related.ip": [ - "10.142.120.198", - "10.166.10.42" + "10.166.10.42", + "10.142.120.198" ], "related.user": [ "olori" @@ -2699,8 +2699,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ende", "rsa.misc.action": [ - "doconse", - "Blocked" + "Blocked", + "doconse" ], "rsa.misc.category": "uovolupt", "rsa.misc.filter": "litesse", @@ -2775,8 +2775,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "issu", "rsa.misc.action": [ - "Allowed", - "sed" + "sed", + "Allowed" ], "rsa.misc.category": "atur", "rsa.misc.filter": "iciadese", @@ -2851,8 +2851,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ese", "rsa.misc.action": [ - "Allowed", - "litanim" + "litanim", + "Allowed" ], "rsa.misc.category": "idata", "rsa.misc.filter": "urerepre", @@ -2927,8 +2927,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "idolores", "rsa.misc.action": [ - "Blocked", - "lestia" + "lestia", + "Blocked" ], "rsa.misc.category": "risni", "rsa.misc.filter": "emacc", @@ -2988,8 +2988,8 @@ "pariatur7238.www5.invalid" ], "related.ip": [ - "10.202.224.79", - "10.33.144.10" + "10.33.144.10", + "10.202.224.79" ], "related.user": [ "rios" @@ -3079,8 +3079,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Loremip", "rsa.misc.action": [ - "quid", - "Allowed" + "Allowed", + "quid" ], "rsa.misc.category": "mini", "rsa.misc.filter": "uisnos", @@ -3140,8 +3140,8 @@ "mquisnos7453.home" ], "related.ip": [ - "10.134.128.27", - "10.118.177.136" + "10.118.177.136", + "10.134.128.27" ], "related.user": [ "Utenima" @@ -3155,8 +3155,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "voluptas", "rsa.misc.action": [ - "Allowed", - "olor" + "olor", + "Allowed" ], "rsa.misc.category": "ataevita", "rsa.misc.filter": "nderi", @@ -3307,8 +3307,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "etdol", "rsa.misc.action": [ - "mwrit", - "Blocked" + "Blocked", + "mwrit" ], "rsa.misc.category": "inim", "rsa.misc.filter": "aturQu", @@ -3368,8 +3368,8 @@ "etdolore4227.internal.corp" ], "related.ip": [ - "10.30.87.51", - "10.156.177.53" + "10.156.177.53", + "10.30.87.51" ], "related.user": [ "psaquaea" @@ -3383,8 +3383,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tatno", "rsa.misc.action": [ - "ptatev", - "Blocked" + "Blocked", + "ptatev" ], "rsa.misc.category": "udexerc", "rsa.misc.filter": "ptatemse", @@ -3444,8 +3444,8 @@ "rors1935.api.domain" ], "related.ip": [ - "10.83.138.34", - "10.111.249.184" + "10.111.249.184", + "10.83.138.34" ], "related.user": [ "dentsunt" @@ -3459,8 +3459,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tatemse", "rsa.misc.action": [ - "Blocked", - "upta" + "upta", + "Blocked" ], "rsa.misc.category": "tlabo", "rsa.misc.filter": "aliqui", @@ -3520,8 +3520,8 @@ "idexeac1655.internal.test" ], "related.ip": [ - "10.141.195.13", - "10.180.150.47" + "10.180.150.47", + "10.141.195.13" ], "related.user": [ "taliq" @@ -3535,8 +3535,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "itesse", "rsa.misc.action": [ - "Allowed", - "uip" + "uip", + "Allowed" ], "rsa.misc.category": "teturad", "rsa.misc.filter": "roquisqu", @@ -3670,8 +3670,8 @@ "tecto708.www5.example" ], "related.ip": [ - "10.22.122.43", - "10.100.143.226" + "10.100.143.226", + "10.22.122.43" ], "related.user": [ "ute" @@ -3685,8 +3685,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ento", "rsa.misc.action": [ - "Bonoru", - "Blocked" + "Blocked", + "Bonoru" ], "rsa.misc.category": "luptasnu", "rsa.misc.filter": "quamni", @@ -3746,8 +3746,8 @@ "ine3181.www.invalid" ], "related.ip": [ - "10.119.53.68", - "10.121.9.5" + "10.121.9.5", + "10.119.53.68" ], "related.user": [ "ssec" @@ -3822,8 +3822,8 @@ "tsunt3403.www5.test" ], "related.ip": [ - "10.31.153.177", - "10.237.0.173" + "10.237.0.173", + "10.31.153.177" ], "related.user": [ "sci" @@ -3837,8 +3837,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "eritqui", "rsa.misc.action": [ - "dolor", - "Blocked" + "Blocked", + "dolor" ], "rsa.misc.category": "taspe", "rsa.misc.filter": "oremipsu", @@ -3911,8 +3911,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "epor", "rsa.misc.action": [ - "etquasia", - "Allowed" + "Allowed", + "etquasia" ], "rsa.misc.category": "iaturE", "rsa.misc.filter": "rep", @@ -3983,8 +3983,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "adipisc", "rsa.misc.action": [ - "exer", - "Blocked" + "Blocked", + "exer" ], "rsa.misc.category": "remagna", "rsa.misc.filter": "emvel", @@ -4044,8 +4044,8 @@ "tamr1693.api.home" ], "related.ip": [ - "10.53.191.49", - "10.133.102.57" + "10.133.102.57", + "10.53.191.49" ], "related.user": [ "onsec" @@ -4059,8 +4059,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ecillum", "rsa.misc.action": [ - "Blocked", - "emp" + "emp", + "Blocked" ], "rsa.misc.category": "ciati", "rsa.misc.filter": "elit", @@ -4135,8 +4135,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iuntN", "rsa.misc.action": [ - "nim", - "Allowed" + "Allowed", + "nim" ], "rsa.misc.category": "etco", "rsa.misc.filter": "autodita", @@ -4272,8 +4272,8 @@ "pici1525.www5.corp" ], "related.ip": [ - "10.155.252.123", - "10.178.148.188" + "10.178.148.188", + "10.155.252.123" ], "related.user": [ "inrepreh" @@ -4348,8 +4348,8 @@ "dolo6418.internal.host" ], "related.ip": [ - "10.190.42.245", - "10.220.1.249" + "10.220.1.249", + "10.190.42.245" ], "related.user": [ "olup" @@ -4363,8 +4363,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uamquaer", "rsa.misc.action": [ - "Blocked", - "aerat" + "aerat", + "Blocked" ], "rsa.misc.category": "quela", "rsa.misc.filter": "qui", @@ -4422,8 +4422,8 @@ "imveni193.www5.host" ], "related.ip": [ - "10.55.38.153", - "10.112.190.154" + "10.112.190.154", + "10.55.38.153" ], "related.user": [ "oremeu" @@ -4498,8 +4498,8 @@ "ionu3320.api.localhost" ], "related.ip": [ - "10.250.48.82", - "10.195.153.42" + "10.195.153.42", + "10.250.48.82" ], "related.user": [ "tsedquia" @@ -4574,8 +4574,8 @@ "remips1499.www.local" ], "related.ip": [ - "10.252.164.230", - "10.60.52.219" + "10.60.52.219", + "10.252.164.230" ], "related.user": [ "gnamali" @@ -4589,8 +4589,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rroq", "rsa.misc.action": [ - "fdeFin", - "Blocked" + "Blocked", + "fdeFin" ], "rsa.misc.category": "diduntut", "rsa.misc.filter": "ano", @@ -4646,8 +4646,8 @@ "mdoloree96.domain" ], "related.ip": [ - "10.187.16.73", - "10.122.102.156" + "10.122.102.156", + "10.187.16.73" ], "related.user": [ "emoen" @@ -4796,8 +4796,8 @@ "sBonoru1929.example" ], "related.ip": [ - "10.51.161.245", - "10.15.254.181" + "10.15.254.181", + "10.51.161.245" ], "related.user": [ "abo" @@ -4872,8 +4872,8 @@ "onorumet4871.lan" ], "related.ip": [ - "10.7.152.238", - "10.129.66.196" + "10.129.66.196", + "10.7.152.238" ], "related.user": [ "equamn" @@ -4887,8 +4887,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "vento", "rsa.misc.action": [ - "Blocked", - "reh" + "reh", + "Blocked" ], "rsa.misc.category": "atev", "rsa.misc.filter": "umq", @@ -4948,8 +4948,8 @@ "onproi4354.www5.invalid" ], "related.ip": [ - "10.185.107.27", - "10.29.162.157" + "10.29.162.157", + "10.185.107.27" ], "related.user": [ "evelite" @@ -4963,8 +4963,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "orinrep", "rsa.misc.action": [ - "Blocked", - "squirat" + "squirat", + "Blocked" ], "rsa.misc.category": "sequa", "rsa.misc.filter": "orainci", @@ -5024,8 +5024,8 @@ "beataevi7552.api.test" ], "related.ip": [ - "10.215.63.248", - "10.138.0.214" + "10.138.0.214", + "10.215.63.248" ], "related.user": [ "eavolupt" @@ -5039,8 +5039,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "odita", "rsa.misc.action": [ - "dqu", - "Blocked" + "Blocked", + "dqu" ], "rsa.misc.category": "ipex", "rsa.misc.filter": "ine", @@ -5115,8 +5115,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tNequepo", "rsa.misc.action": [ - "Allowed", - "rmagnido" + "rmagnido", + "Allowed" ], "rsa.misc.category": "luptatem", "rsa.misc.filter": "deritq", @@ -5191,8 +5191,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "plicab", "rsa.misc.action": [ - "Blocked", - "umq" + "umq", + "Blocked" ], "rsa.misc.category": "eruntmol", "rsa.misc.filter": "labore", @@ -5267,8 +5267,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "omnisi", "rsa.misc.action": [ - "Allowed", - "userro" + "userro", + "Allowed" ], "rsa.misc.category": "etd", "rsa.misc.filter": "loremeum", @@ -5328,8 +5328,8 @@ "olo7317.www5.localhost" ], "related.ip": [ - "10.249.1.143", - "10.124.177.226" + "10.124.177.226", + "10.249.1.143" ], "related.user": [ "isciveli" @@ -5343,8 +5343,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Utenim", "rsa.misc.action": [ - "onevo", - "Allowed" + "Allowed", + "onevo" ], "rsa.misc.category": "tdolore", "rsa.misc.filter": "ptasn", @@ -5419,8 +5419,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ect", "rsa.misc.action": [ - "Blocked", - "maccu" + "maccu", + "Blocked" ], "rsa.misc.category": "iaecon", "rsa.misc.filter": "eni", @@ -5480,8 +5480,8 @@ "agna5654.www.corp" ], "related.ip": [ - "10.203.47.23", - "10.200.74.101" + "10.200.74.101", + "10.203.47.23" ], "related.user": [ "litesse" @@ -5495,8 +5495,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "nde", "rsa.misc.action": [ - "Allowed", - "iqu" + "iqu", + "Allowed" ], "rsa.misc.category": "ametco", "rsa.misc.filter": "ntincul", @@ -5556,8 +5556,8 @@ "ites5711.internal.host" ], "related.ip": [ - "10.162.78.48", - "10.24.23.209" + "10.24.23.209", + "10.162.78.48" ], "related.user": [ "ntore" @@ -5571,8 +5571,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ereprehe", "rsa.misc.action": [ - "Blocked", - "tutl" + "tutl", + "Blocked" ], "rsa.misc.category": "mip", "rsa.misc.filter": "umSecti", @@ -5632,8 +5632,8 @@ "oluptat2848.api.home" ], "related.ip": [ - "10.211.66.68", - "10.55.151.53" + "10.55.151.53", + "10.211.66.68" ], "related.user": [ "squir" @@ -5647,8 +5647,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "diconseq", "rsa.misc.action": [ - "Allowed", - "umet" + "umet", + "Allowed" ], "rsa.misc.category": "ciad", "rsa.misc.filter": "oeiusmod", @@ -5708,8 +5708,8 @@ "ngelitse7535.internal.lan" ], "related.ip": [ - "10.110.16.169", - "10.209.203.156" + "10.209.203.156", + "10.110.16.169" ], "related.user": [ "mes" @@ -5723,8 +5723,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iamquisn", "rsa.misc.action": [ - "Blocked", - "lupta" + "lupta", + "Blocked" ], "rsa.misc.category": "uasiarch", "rsa.misc.filter": "usBonor", @@ -5784,8 +5784,8 @@ "tiumtot3611.internal.localdomain" ], "related.ip": [ - "10.107.68.114", - "10.84.9.150" + "10.84.9.150", + "10.107.68.114" ], "related.user": [ "sequatDu" @@ -5799,8 +5799,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "omnis", "rsa.misc.action": [ - "uianonnu", - "Allowed" + "Allowed", + "uianonnu" ], "rsa.misc.category": "Excepteu", "rsa.misc.filter": "enimadmi", @@ -5875,8 +5875,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "lloin", "rsa.misc.action": [ - "ici", - "Blocked" + "Blocked", + "ici" ], "rsa.misc.category": "quidolor", "rsa.misc.filter": "nonproi", @@ -5936,8 +5936,8 @@ "psaqu6066.www5.localhost" ], "related.ip": [ - "10.164.190.2", - "10.223.11.164" + "10.223.11.164", + "10.164.190.2" ], "related.user": [ "ten" @@ -6012,8 +6012,8 @@ "iavol5202.api.example" ], "related.ip": [ - "10.121.181.243", - "10.14.37.8" + "10.14.37.8", + "10.121.181.243" ], "related.user": [ "umwr" @@ -6027,8 +6027,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "vitaedic", "rsa.misc.action": [ - "Blocked", - "rinc" + "rinc", + "Blocked" ], "rsa.misc.category": "prehende", "rsa.misc.filter": "rume", @@ -6103,8 +6103,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tat", "rsa.misc.action": [ - "nia", - "Blocked" + "Blocked", + "nia" ], "rsa.misc.category": "turQuis", "rsa.misc.filter": "nonp", @@ -6164,8 +6164,8 @@ "rsitame4049.internal.corp" ], "related.ip": [ - "10.77.102.206", - "10.34.98.144" + "10.34.98.144", + "10.77.102.206" ], "related.user": [ "tectobe" @@ -6179,8 +6179,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Exce", "rsa.misc.action": [ - "Allowed", - "ulapa" + "ulapa", + "Allowed" ], "rsa.misc.category": "reprehen", "rsa.misc.filter": "itsedqui", @@ -6240,8 +6240,8 @@ "elit912.www5.test" ], "related.ip": [ - "10.176.233.249", - "10.75.144.118" + "10.75.144.118", + "10.176.233.249" ], "related.user": [ "isnos" @@ -6255,8 +6255,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "essequa", "rsa.misc.action": [ - "Blocked", - "odic" + "odic", + "Blocked" ], "rsa.misc.category": "cto", "rsa.misc.filter": "odite", @@ -6331,8 +6331,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uis", "rsa.misc.action": [ - "Allowed", - "mvele" + "mvele", + "Allowed" ], "rsa.misc.category": "vitaedi", "rsa.misc.filter": "ndeomni", @@ -6620,8 +6620,8 @@ "archite4407.mail.invalid" ], "related.ip": [ - "10.247.255.107", - "10.234.34.40" + "10.234.34.40", + "10.247.255.107" ], "related.user": [ "aeabillo" @@ -6696,8 +6696,8 @@ "aria1424.mail.home" ], "related.ip": [ - "10.250.102.42", - "10.124.81.20" + "10.124.81.20", + "10.250.102.42" ], "related.user": [ "tNequ" @@ -6711,8 +6711,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ilmoles", "rsa.misc.action": [ - "tatisetq", - "Blocked" + "Blocked", + "tatisetq" ], "rsa.misc.category": "ametco", "rsa.misc.filter": "liquide", @@ -6772,8 +6772,8 @@ "Bonoru7444.www5.example" ], "related.ip": [ - "10.166.205.159", - "10.154.188.132" + "10.154.188.132", + "10.166.205.159" ], "related.user": [ "uptat" @@ -6787,8 +6787,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "proid", "rsa.misc.action": [ - "Allowed", - "onevolu" + "onevolu", + "Allowed" ], "rsa.misc.category": "iratio", "rsa.misc.filter": "odita", @@ -6916,8 +6916,8 @@ "oloremeu5047.www5.invalid" ], "related.ip": [ - "10.172.159.251", - "10.254.119.31" + "10.254.119.31", + "10.172.159.251" ], "related.user": [ "usm" @@ -6931,8 +6931,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "imadmi", "rsa.misc.action": [ - "tatemacc", - "Blocked" + "Blocked", + "tatemacc" ], "rsa.misc.category": "tutlabor", "rsa.misc.filter": "eturad", @@ -6992,8 +6992,8 @@ "edutpe1255.internal.lan" ], "related.ip": [ - "10.195.62.230", - "10.98.126.206" + "10.98.126.206", + "10.195.62.230" ], "related.user": [ "ptassit" @@ -7007,8 +7007,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "isnost", "rsa.misc.action": [ - "Allowed", - "oriosa" + "oriosa", + "Allowed" ], "rsa.misc.category": "uis", "rsa.misc.filter": "nemul", @@ -7068,8 +7068,8 @@ "nderit1171.www5.domain" ], "related.ip": [ - "10.144.93.186", - "10.84.140.5" + "10.84.140.5", + "10.144.93.186" ], "related.user": [ "eroi" @@ -7220,8 +7220,8 @@ "oremeum4231.internal.host" ], "related.ip": [ - "10.139.90.218", - "10.131.81.172" + "10.131.81.172", + "10.139.90.218" ], "related.user": [ "hende" @@ -7235,8 +7235,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rrorsi", "rsa.misc.action": [ - "Allowed", - "exe" + "exe", + "Allowed" ], "rsa.misc.category": "mnihi", "rsa.misc.filter": "consequa", @@ -7296,8 +7296,8 @@ "ueip6097.api.host" ], "related.ip": [ - "10.152.217.174", - "10.128.43.71" + "10.128.43.71", + "10.152.217.174" ], "related.user": [ "mquiado" @@ -7387,8 +7387,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tionemu", "rsa.misc.action": [ - "Blocked", - "rehe" + "rehe", + "Blocked" ], "rsa.misc.category": "aecons", "rsa.misc.filter": "aturve", @@ -7448,8 +7448,8 @@ "onsequ3168.www.corp" ], "related.ip": [ - "10.172.17.6", - "10.109.192.53" + "10.109.192.53", + "10.172.17.6" ], "related.user": [ "eprehen" @@ -7463,8 +7463,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "temUte", "rsa.misc.action": [ - "Blocked", - "tassit" + "tassit", + "Blocked" ], "rsa.misc.category": "ita", "rsa.misc.filter": "scive", @@ -7524,8 +7524,8 @@ "oremquel3120.internal.localhost" ], "related.ip": [ - "10.135.38.213", - "10.119.106.108" + "10.119.106.108", + "10.135.38.213" ], "related.user": [ "ore" @@ -7539,8 +7539,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "exeacomm", "rsa.misc.action": [ - "Blocked", - "volup" + "volup", + "Blocked" ], "rsa.misc.category": "ten", "rsa.misc.filter": "ssecil", diff --git a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json index bdf9957b55d..d2e89ea6140 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json @@ -31,8 +31,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "", "rsa.misc.action": [ - "", - "" + "", + "" ], "rsa.misc.category": "", "rsa.misc.filter": "", diff --git a/x-pack/metricbeat/module/sql/_meta/docs.asciidoc b/x-pack/metricbeat/module/sql/_meta/docs.asciidoc index 31751f264ec..d445d62e305 100644 --- a/x-pack/metricbeat/module/sql/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/sql/_meta/docs.asciidoc @@ -1,21 +1,42 @@ -The SQL module allows to execute custom queries against an SQL database and store the results to Elasticsearch. +The SQL module allows you to execute custom queries against an SQL database and +store the results in {es}. -The currently supported databases are the ones already included in Metricbeat, which are: -- PostgreSQL -- MySQL -- Oracle -- Microsoft SQL -- CockroachDB +This module supports the databases that you can monitor with {metricbeat}, +including: -== Quickstart +* PostgreSQL +* MySQL +* Oracle +* Microsoft SQL +* CockroachDB -You can setup the module by activating it first running +To enable the module, run: - metricbeat module enable sql +[source,shell] +---- +metricbeat module enable sql +---- + +After enabling the module, open `modules.d/sql.yml` and set the required +fields: + +`driver`:: The driver can be any driver that has a {metricbeat} module, such as +`mssql` or `postgres`. +`sql_query`:: The single query you want to run. +`sql_response_format`:: Either `variables` or `table`: +`variables`::: Expects a two-column table that looks like a key/value result. +The left column is considered a key and the right column the value. This mode +generates a single event on each fetch operation. +`table`::: Expects any number of columns. This mode generates a single event for +each row. -Once it is activated, open `modules.d/sql.yml` and fill the required fields. This is an example that captures Innodb related metrics from the result of the query `SHOW GLOBAL STATUS LIKE 'Innodb_system%'` in a MySQL database: +[float] +=== Example: capture Innodb-related metrics + +This `sql.yml` configuration shows how to capture Innodb-related metrics that +result from the query `SHOW GLOBAL STATUS LIKE 'Innodb_system%'` in a MySQL +database: -.sql.yml [source,yaml] ---- - module: sql @@ -29,7 +50,8 @@ Once it is activated, open `modules.d/sql.yml` and fill the required fields. Thi sql_response_format: variables ---- -.SHOW GLOBAL STATUS LIKE 'Innodb_system%' +The `SHOW GLOBAL STATUS` query results in this table: + |==== |Variable_name|Value @@ -39,18 +61,11 @@ Once it is activated, open `modules.d/sql.yml` and fill the required fields. Thi |Innodb_system_rows_updated|315 |==== +Results are grouped by type in the result event for convenient mapping in +{es}. For example, `strings` values are grouped into `sql.strings`, `numeric` +into `sql.numeric`, and so on. -Keys in the YAML are defined as follow: - -- `driver`: The drivers currently supported are those which already have a Metricbeat module like `mssql` or `postgres`. -- `sql_query`: Is the single query you want to run -- `sql_response_format`: You have 2 options here: - - `variables`: Expects a table which looks like a key/value result. With 2 columns, left column will be considered a key and the right column the value. This mode generates a single event on each fetch operation. - - `table`: Table mode can contain any number of columns and a single event will be generated for each row. - -Results will be grouped by type in the result event for convenient mapping in Elasticsearch. So `strings` values will be grouped into `sql.strings`, `numeric` into `sql.numeric` and so on and so forth. - -The event generated with the example above looks like this: +The example shown earlier generates this event: [source,json] ---- @@ -102,9 +117,13 @@ The event generated with the example above looks like this: } ---- -In this example, we are querying PostgreSQL and generate a "table" result, hence a single event for each row returned +[float] +=== Example: query PostgreSQL and generate a "table" result + +This `sql.yml` configuration shows how to query PostgreSQL and generate +a "table" result. This configuration generates a single event for each row +returned: -.sql.yml [source,yaml] ---- - module: sql @@ -118,7 +137,8 @@ In this example, we are querying PostgreSQL and generate a "table" result, hence sql_response_format: table ---- -.SELECT datid, datname, blks_read, blks_hit, tup_returned, tup_fetched, stats_reset FROM pg_stat_database +The SELECT query results in this table: + |==== |datid|datname|blks_read|blks_hit|tup_returned|tup_fetched|stats_reset @@ -127,7 +147,8 @@ In this example, we are querying PostgreSQL and generate a "table" result, hence |13407|template0|0|0|0|0| |==== -With 3 rows on the table, three events will be generated with the contents of each row. As an example, below you can see the event created for the first row: +Because the table contains three rows, three events are generated, one event +for each row. For example, this event is created for the first row: [source,json] ---- @@ -184,14 +205,11 @@ With 3 rows on the table, three events will be generated with the contents of ea } ---- +[float] +=== Example: get the buffer catch hit ratio in Oracle -== More examples +This `sql.yml` configuration shows how to get the buffer cache hit ratio: -=== Oracle: - -Get the buffer cache hit ratio: - -.sql.yml [source,yaml] ---- - module: sql @@ -205,6 +223,7 @@ Get the buffer cache hit ratio: sql_response_format: table ---- +The example generates this event: [source,json] ---- @@ -259,11 +278,11 @@ Get the buffer cache hit ratio: } ---- -=== MSSQL +[float] +=== Example: get the buffer cache hit ratio for MSSQL -Get the buffer cache hit ratio: +This `sql.yml` configuration gets the buffer cache hit ratio: -.sql.yml [source,yaml] ---- - module: sql @@ -277,6 +296,8 @@ Get the buffer cache hit ratio: sql_response_format: table ---- +The example generates this event: + [source,json] ---- { @@ -328,11 +349,12 @@ Get the buffer cache hit ratio: } ---- -=== Two or more queries +[float] +=== Example: launch two or more queries -If you want to launch two or more queries, you need to specify them with their full configuration for each query. For example: +To launch two or more queries, specify the full configuration for each query. +For example: -.sql.yml [source,yaml] ---- - module: sql diff --git a/x-pack/metricbeat/module/sql/query/_meta/docs.asciidoc b/x-pack/metricbeat/module/sql/query/_meta/docs.asciidoc index df05a99c95c..8f48f8507de 100644 --- a/x-pack/metricbeat/module/sql/query/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/sql/query/_meta/docs.asciidoc @@ -1,4 +1,4 @@ -The sql `query` metricset collect rows returned by a query. +The sql `query` metricset collects rows returned by a query. -Fields names (columns) will be returned as lowercase. -Values will be returned as numeric or string. \ No newline at end of file +Field names (columns) are returned as lowercase strings. Values are returned as numeric +or string. diff --git a/x-pack/packetbeat/Jenkinsfile.yml b/x-pack/packetbeat/Jenkinsfile.yml index 8496265e0ac..41257081e1f 100644 --- a/x-pack/packetbeat/Jenkinsfile.yml +++ b/x-pack/packetbeat/Jenkinsfile.yml @@ -1,15 +1,15 @@ when: branches: true ## for all the branches changeset: ## when PR contains any of those entries in the changeset - - "^x-pack/winlogbeat/.*" + - "^x-pack/packetbeat/.*" - "@ci" ## special token regarding the changeset for the ci - "@xpack" ## special token regarding the changeset for the xpack comments: ## when PR comment contains any of those entries - - "/test x-pack/winlogbeat" + - "/test x-pack/packetbeat" labels: ## when PR labels matches any of those entries - - "x-pack-winlogbeat" + - "x-pack-packetbeat" parameters: ## when parameter was selected in the UI. - - "x-pack-winlogbeat" + - "x-pack-packetbeat" tags: true ## for all the tags platform: "linux && ubuntu-18" ## default label for all the stages stages: diff --git a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js index 71ce567ccc7..4ef1155086b 100644 --- a/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js +++ b/x-pack/winlogbeat/module/powershell/config/winlogbeat-powershell.js @@ -5,7 +5,7 @@ var powershell = (function () { var path = require("path"); var processor = require("processor"); - var winlogbeat = require("winlogbeat"); + var windows = require("windows"); var normalizeCommonFieldNames = new processor.Convert({ fields: [ @@ -183,7 +183,7 @@ var powershell = (function () { if (!commandLine) { return; } - evt.Put(target, winlogbeat.splitCommandLine(commandLine)); + evt.Put(target, windows.splitCommandLine(commandLine)); }; var addProcessArgs = function (evt) { diff --git a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js index 9a0899165b9..5a8e91b677b 100644 --- a/x-pack/winlogbeat/module/security/config/winlogbeat-security.js +++ b/x-pack/winlogbeat/module/security/config/winlogbeat-security.js @@ -5,7 +5,7 @@ var security = (function () { var path = require("path"); var processor = require("processor"); - var winlogbeat = require("winlogbeat"); + var windows = require("windows"); // Logon Types // https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/basic-audit-logon-events @@ -1670,7 +1670,7 @@ var security = (function () { if (!cl) { return; } - evt.Put("process.args", winlogbeat.splitCommandLine(cl)); + evt.Put("process.args", windows.splitCommandLine(cl)); evt.Put("process.command_line", cl); }) .Build(); diff --git a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js index 5fcedb9e40e..5b09c98fc32 100644 --- a/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js +++ b/x-pack/winlogbeat/module/sysmon/config/winlogbeat-sysmon.js @@ -15,7 +15,7 @@ if (!String.prototype.startsWith) { var sysmon = (function () { var path = require("path"); var processor = require("processor"); - var winlogbeat = require("winlogbeat"); + var windows = require("windows"); var net = require("net"); // Windows error codes for DNS. This list was generated using @@ -311,7 +311,7 @@ var sysmon = (function () { if (!commandLine) { return; } - evt.Put(target, winlogbeat.splitCommandLine(commandLine)); + evt.Put(target, windows.splitCommandLine(commandLine)); }; var splitProcessArgs = function (evt) { diff --git a/x-pack/winlogbeat/module/testing_windows.go b/x-pack/winlogbeat/module/testing_windows.go index 12b2102070f..058e2320a9d 100644 --- a/x-pack/winlogbeat/module/testing_windows.go +++ b/x-pack/winlogbeat/module/testing_windows.go @@ -28,7 +28,6 @@ import ( // Register javascript modules. _ "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module" - _ "github.com/elastic/beats/v7/winlogbeat/processors/script/javascript/module/winlogbeat" ) var update = flag.Bool("update", false, "update golden files")