Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Auditbeat] auditd network.direction should use inbound/outbound #12445

Closed
andrewkroh opened this issue Jun 5, 2019 · 2 comments · Fixed by #20695
Closed

[Auditbeat] auditd network.direction should use inbound/outbound #12445

andrewkroh opened this issue Jun 5, 2019 · 2 comments · Fixed by #20695

Comments

@andrewkroh
Copy link
Member

As per ECS the network.direction values should be inbound or outbound or unknown.

https://github.com/elastic/ecs/blob/v1.0.1/schemas/network.yml#L88-L92

But the auditd modules uses incoming and outgoing for audit events that include a socket message.

func (d Direction) String() string {
switch d {
case IncomingDir:
return "incoming"
case OutgoingDir:
return "outgoing"
}
return "unknown"
}

@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@leehinman leehinman self-assigned this Aug 17, 2020
@leehinman
Copy link
Contributor

elastic/go-libaudit#76

leehinman added a commit to leehinman/beats that referenced this issue Aug 20, 2020
- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes elastic#12445
leehinman added a commit that referenced this issue Aug 20, 2020
* upgrade to go-libaudit 2.0.2

- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes #12445
leehinman added a commit to leehinman/beats that referenced this issue Aug 20, 2020
* upgrade to go-libaudit 2.0.2

- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes elastic#12445

(cherry picked from commit 98d3925)
andrewkroh pushed a commit that referenced this issue Aug 24, 2020
* upgrade to go-libaudit 2.0.2

- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes #12445

(cherry picked from commit 98d3925)
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this issue Oct 14, 2020
* upgrade to go-libaudit 2.0.2

- changes network.direction to use ECS recommended values
  of inbound & outbound

Closes elastic#12445
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants