[Filebeat] Update cisco module to ECS 1.4 #16028

leehinman · 2020-02-03T15:34:19Z

Filesets

ftd
shared
ios
asa

rules field for ACLs

elasticmachine · 2020-02-03T15:34:21Z

Pinging @elastic/siem (Team:SIEM)

- asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes elastic#16028

…18537) * Improve ECS categorization field mappings in cisco module - asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes #16028 Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>

…lastic#18537) * Improve ECS categorization field mappings in cisco module - asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes elastic#16028 Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit f1139f2)

…18537) (#18982) * Improve ECS categorization field mappings in cisco module - asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes #16028 Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit f1139f2)

…lastic#18537) * Improve ECS categorization field mappings in cisco module - asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes elastic#16028 Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>

leehinman added enhancement Filebeat Filebeat Team:SIEM labels Feb 3, 2020

andrewkroh mentioned this issue Feb 3, 2020

[meta] Update to ECS 1.2 to 1.4 #13940

Closed

51 tasks

leehinman changed the title ~~[Filebeat] Update cisco asa & ios filesets to support ECS 1.4 fields~~ [Filebeat] Update module to ECS 1.4 Feb 6, 2020

leehinman changed the title ~~[Filebeat] Update module to ECS 1.4~~ [Filebeat] Update cisco module to ECS 1.4 Feb 6, 2020

leehinman self-assigned this May 12, 2020

leehinman mentioned this issue May 14, 2020

[Filebeat] Improve ECS categorization field mappings in cisco module #18537

Merged

3 tasks

leehinman closed this as completed in #18537 Jun 4, 2020

leehinman mentioned this issue Jun 4, 2020

Cherry-pick #18537 to 7.x: [Filebeat] Improve ECS categorization field mappings in cisco module #18982

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Filebeat] Update cisco module to ECS 1.4 #16028

[Filebeat] Update cisco module to ECS 1.4 #16028

leehinman commented Feb 3, 2020 •

edited

Loading

elasticmachine commented Feb 3, 2020

[Filebeat] Update cisco module to ECS 1.4 #16028

[Filebeat] Update cisco module to ECS 1.4 #16028

Comments

leehinman commented Feb 3, 2020 • edited Loading

Filesets

elasticmachine commented Feb 3, 2020

leehinman commented Feb 3, 2020 •

edited

Loading