Skip to content

Commit

Permalink
Move logic to ingest pipeline nad upgrade ECS to 1.8.0 (#23875)
Browse files Browse the repository at this point in the history
  • Loading branch information
marc-gr authored Feb 8, 2021
1 parent c51272d commit 005266e
Show file tree
Hide file tree
Showing 15 changed files with 971 additions and 530 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -841,6 +841,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724]
- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819]
- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709]
- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875]

*Heartbeat*

Expand Down
17 changes: 12 additions & 5 deletions x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,18 @@ tags: {{.tags | tojson}}
publisher_pipeline.disable_host: {{ inList .tags "forwarded" }}

processors:
- script:
lang: javascript
id: crowdstrike_falcon
file: ${path.home}/module/crowdstrike/falcon/config/pipeline.js
- decode_json_fields:
fields:
- message
target: crowdstrike
process_array: true
max_depth: 8
- drop_fields:
fields:
- message
- host.name
ignore_missing: true
- add_fields:
target: ''
fields:
ecs.version: 1.7.0
ecs.version: 1.8.0
Loading

0 comments on commit 005266e

Please sign in to comment.