diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2d986597364..377fd1c9d79 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -130,6 +130,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add an SSL config example in config.yml for filebeat MISP module. {pull}16320[16320] - Improve ECS categorization, container & process field mappings in auditd module. {issue}16153[16153] {pull}16280[16280] - Improve ECS field mappings in aws module. {issue}16154[16154] {pull}16307[16307] +- Improve ECS categorization field mappings in googlecloud module. {issue}16030[16030] {pull}16500[16500] *Heartbeat* diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js index 65819ff6a92..ac151fae7d8 100644 --- a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js @@ -38,6 +38,7 @@ function Audit(keep_original_message) { var saveMetadata = new processor.Convert({ fields: [ {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, ], ignore_missing: true }); @@ -103,6 +104,7 @@ function Audit(keep_original_message) { {from: "googlecloud.audit.authentication_info.principal_email", to: "user.email"}, {from: "googlecloud.audit.service_name", to: "service.name"}, {from: "googlecloud.audit.request_metadata.caller_supplied_user_agent", to: "user_agent.original"}, + {from: "googlecloud.audit.method_name", to: "event.action"}, ], fail_on_error: false, }); @@ -123,8 +125,8 @@ function Audit(keep_original_message) { } }; - // Set event.outcome based on authentication_info and status. - var setEventOutcome = function(evt) { + // Set ECS categorization fields. + var setECSCategorization = function(evt) { if (evt.Get("googlecloud.audit.status.code") == null) { var authorization_info = evt.Get("googlecloud.audit.authorization_info"); if (authorization_info.length === 1) { @@ -143,6 +145,7 @@ function Audit(keep_original_message) { } else { evt.Put("event.outcome", "failure"); } + evt.Put("event.kind", "event"); }; var pipeline = new processor.Chain() @@ -157,7 +160,7 @@ function Audit(keep_original_message) { .Add(copyFields) .Add(dropExtraFields) .Add(RenameNestedFields) - .Add(setEventOutcome) + .Add(setECSCategorization) .Build(); return { diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json index 37ef7275861..cf665ca41d1 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json @@ -2,7 +2,10 @@ { "@timestamp": "2019-12-19T00:49:36.086Z", "cloud.project.id": "elastic-beats", + "event.action": "GetResourceBillingInfo", "event.dataset": "googlecloud.audit", + "event.id": "-uihnmjctwo", + "event.kind": "event", "event.module": "googlecloud", "event.outcome": "success", "fileset.name": "audit", @@ -33,7 +36,10 @@ { "@timestamp": "2019-12-19T00:45:51.228Z", "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.machineTypes.aggregatedList", "event.dataset": "googlecloud.audit", + "event.id": "-h6onuze1h7dg", + "event.kind": "event", "event.module": "googlecloud", "event.outcome": "failure", "fileset.name": "audit", @@ -78,7 +84,10 @@ { "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.instances.aggregatedList", "event.dataset": "googlecloud.audit", + "event.id": "yonau2dg2zi", + "event.kind": "event", "event.module": "googlecloud", "event.outcome": "success", "fileset.name": "audit", @@ -123,7 +132,10 @@ { "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", + "event.action": "beta.compute.instances.aggregatedList", "event.dataset": "googlecloud.audit", + "event.id": "yonau3dc2zi", + "event.kind": "event", "event.module": "googlecloud", "event.outcome": "failure", "fileset.name": "audit", diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js index fab3c5a91c9..ef184bc8620 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js @@ -101,15 +101,18 @@ function FirewallProcessor(keep_original_message, debug) { builder.Add("categorizeEvent", new processor.AddFields({ target: "event", fields: { - category: "firewall-rule", - type: "firewall" + kind: "event", + category: "network", + type: "connection", + action: "firewall-rule" }, })); builder.Add("saveMetadata", new processor.Convert({ fields: [ {from: "json.logName", to: "log.logger"}, - {from: "json.resource.labels.subnetwork_name", to: "network.name"} + {from: "json.resource.labels.subnetwork_name", to: "network.name"}, + {from: "json.insertId", to: "event.id"} ], ignore_missing: true })); @@ -125,15 +128,12 @@ function FirewallProcessor(keep_original_message, debug) { mode: "rename" })); - builder.Add("addOutcome", makeMapper({ - from: "json.disposition", - to: "event.outcome", - mappings: { - ALLOWED: "allow", - DENIED: "deny" - }, - default: "unknown" - })); + builder.Add("addType", function(evt) { + var disp = evt.Get("json.disposition"); + if (disp != null) { + evt.AppendTo("event.type", disp.toLowerCase()); + } + }); builder.Add("addDirection", makeMapper({ from: "json.rule_details.direction", @@ -228,7 +228,7 @@ function FirewallProcessor(keep_original_message, debug) { {from: "json.dest_vpc", to: "googlecloud.destination.vpc"}, {from: "json.src_instance", to: "googlecloud.source.instance"}, {from: "json.src_vpc", to: "googlecloud.source.vpc"}, - + {from: "json.rule_details.reference", to: "rule.name"}, {from: "json", to: "googlecloud.firewall"}, ], mode: "rename", diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json index b5e1d71beec..c109a99ac29 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json @@ -5,11 +5,16 @@ "destination.domain": "local-adrian-test", "destination.ip": "10.128.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f5", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "local-test", "googlecloud.destination.instance.region": "us-central1", @@ -29,7 +34,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -52,6 +56,7 @@ "10.142.0.10", "10.128.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "10.142.0.10", "source.domain": "test-es", @@ -64,11 +69,16 @@ "destination.domain": "test-es", "destination.ip": "10.128.0.10", "destination.port": 57794, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f7", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "remote-beats", "googlecloud.destination.instance.region": "us-east1", @@ -88,7 +98,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -111,6 +120,7 @@ "10.142.0.16", "10.128.0.10" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "10.142.0.16", "source.domain": "local-adrian-test", diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json index 57f0e35608b..161bf3dbfdb 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json @@ -10,11 +10,16 @@ "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", "destination.port": 53, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "4zuj4nfn4llkb", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.firewall.rule_details.action": "DENY", "googlecloud.firewall.rule_details.destination_range": [ @@ -27,7 +32,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], @@ -50,6 +54,7 @@ "10.128.0.16", "8.8.8.8" ], + "rule.name": "network:default/firewall:adrian-test-1", "service.type": "googlecloud", "source.address": "10.128.0.16", "source.domain": "adrian-test", @@ -62,11 +67,16 @@ "destination.domain": "test-windows", "destination.ip": "10.42.0.2", "destination.port": 3389, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1f21ciqfpfssuo", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -85,7 +95,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:windows-isolated/firewall:windows-isolated-allow-rdp", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -105,6 +114,7 @@ "192.0.2.126", "10.42.0.2" ], + "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", "service.type": "googlecloud", "source.address": "192.0.2.126", "source.geo.continent_name": "Asia", @@ -118,11 +128,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 8080, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "8vcfeailjd", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -142,7 +157,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -162,6 +176,7 @@ "192.0.2.219", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.219", "source.geo.city_name": "Krasnodar", @@ -177,11 +192,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1bqgmw9feiabij", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -201,7 +221,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -221,6 +240,7 @@ "192.0.2.14", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", @@ -234,11 +254,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1jrxaqbfe48bir", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -258,7 +283,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -278,6 +302,7 @@ "192.0.2.14", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", @@ -291,11 +316,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 8080, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1fw7drlfe2ty27", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -315,7 +345,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -335,6 +364,7 @@ "192.0.2.151", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.151", "source.geo.city_name": "Berdychiv", @@ -350,11 +380,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 8080, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1yre751fekaxzs", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -374,7 +409,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -394,6 +428,7 @@ "192.0.2.241", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.241", "source.geo.city_name": "Vicenza", @@ -409,11 +444,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "5kanfzfiqepkh", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -433,7 +473,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -453,6 +492,7 @@ "192.0.2.114", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.114", "source.geo.city_name": "Tula", @@ -468,11 +508,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "59z0t8fiow9vg", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -492,7 +537,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -512,6 +556,7 @@ "192.0.2.251", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.251", "source.geo.city_name": "Stavropol", @@ -527,11 +572,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1y7e4yzff816cq", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -551,7 +601,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -571,6 +620,7 @@ "192.0.2.189", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", @@ -586,11 +636,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "lx5jlsfggpr0q", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -610,7 +665,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -630,6 +684,7 @@ "192.0.2.189", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", @@ -645,11 +700,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 8080, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "18ynfbufer19m1", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -669,7 +729,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -689,6 +748,7 @@ "192.0.2.200", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "192.0.2.200", "source.geo.city_name": "\u0130zmir", @@ -709,11 +769,16 @@ "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "tzddthfsr6fv5", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.firewall.rule_details.action": "DENY", "googlecloud.firewall.rule_details.destination_range": [ @@ -726,7 +791,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], @@ -749,6 +813,7 @@ "10.28.0.16", "8.8.8.8" ], + "rule.name": "network:default/firewall:adrian-test-1", "service.type": "googlecloud", "source.address": "10.28.0.16", "source.domain": "adrian-test", @@ -766,11 +831,16 @@ "destination.geo.location.lon": -97.822, "destination.ip": "8.8.8.8", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1k2b7kefsnhzq7", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.firewall.rule_details.action": "DENY", "googlecloud.firewall.rule_details.destination_range": [ @@ -783,7 +853,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-1", "googlecloud.firewall.rule_details.target_tag": [ "adrian-test" ], @@ -806,6 +875,7 @@ "10.28.0.16", "8.8.8.8" ], + "rule.name": "network:default/firewall:adrian-test-1", "service.type": "googlecloud", "source.address": "10.28.0.16", "source.domain": "adrian-test", @@ -818,11 +888,16 @@ "destination.domain": "test-es", "destination.ip": "10.42.0.10", "destination.port": 9200, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1sdfuwxfk8hq1c", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -841,7 +916,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -867,6 +941,7 @@ "192.0.2.114", "10.42.0.10" ], + "rule.name": "network:default/firewall:allow9200", "service.type": "googlecloud", "source.address": "192.0.2.114", "source.domain": "test-kibana", @@ -881,11 +956,16 @@ "destination.domain": "test-es", "destination.ip": "10.42.0.10", "destination.port": 9200, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1sdfuwxfk8hq1b", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -904,7 +984,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -930,6 +1009,7 @@ "192.0.2.114", "10.42.0.10" ], + "rule.name": "network:default/firewall:allow9200", "service.type": "googlecloud", "source.address": "192.0.2.114", "source.domain": "test-kibana", @@ -944,11 +1024,16 @@ "destination.domain": "test-windows", "destination.ip": "10.42.0.2", "destination.port": 3389, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "yot1ojetjdiw", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -967,7 +1052,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:windows-isolated/firewall:windows-isolated-allow-rdp", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -987,6 +1071,7 @@ "192.0.2.7", "10.42.0.2" ], + "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", "service.type": "googlecloud", "source.address": "192.0.2.7", "source.geo.city_name": "Almelo", @@ -1002,11 +1087,16 @@ "destination.domain": "test-es", "destination.ip": "10.42.0.10", "destination.port": 9200, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "5a27u1g22jks9e", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -1025,7 +1115,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -1051,6 +1140,7 @@ "192.0.2.114", "10.42.0.10" ], + "rule.name": "network:default/firewall:allow9200", "service.type": "googlecloud", "source.address": "192.0.2.114", "source.domain": "test-kibana", @@ -1065,11 +1155,16 @@ "destination.domain": "test-es", "destination.ip": "10.42.0.10", "destination.port": 9200, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "5a27u1g22jks8t", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "allow", - "event.type": "firewall", + "event.type": [ + "connection", + "allowed" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-east1", @@ -1088,7 +1183,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:allow9200", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -1114,6 +1208,7 @@ "192.0.2.114", "10.42.0.10" ], + "rule.name": "network:default/firewall:allow9200", "service.type": "googlecloud", "source.address": "192.0.2.114", "source.domain": "test-kibana", @@ -1128,11 +1223,16 @@ "destination.domain": "adrian-test", "destination.ip": "10.28.0.16", "destination.port": 80, - "event.category": "firewall-rule", + "event.action": "firewall-rule", + "event.category": "network", "event.dataset": "googlecloud.firewall", + "event.id": "1dobeotg13df9f5", + "event.kind": "event", "event.module": "googlecloud", - "event.outcome": "deny", - "event.type": "firewall", + "event.type": [ + "connection", + "denied" + ], "fileset.name": "firewall", "googlecloud.destination.instance.project_id": "test-beats", "googlecloud.destination.instance.region": "us-central1", @@ -1152,7 +1252,6 @@ } ], "googlecloud.firewall.rule_details.priority": 1000, - "googlecloud.firewall.rule_details.reference": "network:default/firewall:adrian-test-3", "googlecloud.firewall.rule_details.source_range": [ "0.0.0.0/0" ], @@ -1178,6 +1277,7 @@ "10.42.0.10", "10.28.0.16" ], + "rule.name": "network:default/firewall:adrian-test-3", "service.type": "googlecloud", "source.address": "10.42.0.10", "source.domain": "test-es", diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js index fdeb6c4e46a..dd7e3e0ea7e 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js +++ b/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js @@ -39,8 +39,9 @@ function VPCFlow(keep_original_message) { var categorizeEvent = new processor.AddFields({ target: "event", fields: { - category: "network_traffic", - type: "flow", + kind: "event", + category: "network", + type: "connection", }, }); @@ -48,6 +49,7 @@ function VPCFlow(keep_original_message) { var saveMetadata = new processor.Convert({ fields: [ {from: "json.logName", to: "log.logger"}, + {from: "json.insertId", to: "event.id"}, ], ignore_missing: true }); diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 7b1048b7a6d..203a89dcd2e 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -10,12 +10,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.12", "destination.port": 33478, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", + "event.id": "ut8lbrffooxyw", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:45:37.186193305Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -57,12 +59,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33970, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", + "event.id": "ut8lbrffooxzb", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.466657665Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -116,12 +120,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33576, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821143836Z", + "event.id": "ut8lbrffooxze", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:20.510622432Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -173,12 +179,14 @@ "destination.geo.region_name": "Saint Petersburg", "destination.ip": "192.0.2.23", "destination.port": 59679, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", + "event.id": "ut8lbrffooxyz", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:45.860349247Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -221,12 +229,14 @@ "destination.geo.country_name": "usa", "destination.ip": "192.0.2.117", "destination.port": 50646, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", + "event.id": "ut8lbrffooxz6", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:36.895188084Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -268,12 +278,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", + "event.id": "ut8lbrffooxzf", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:36.895188084Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -317,12 +329,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33692, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "ut8lbrffooxz1", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500498059Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -376,12 +390,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", + "event.id": "ut8lbrffooxyp", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.469099728Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -429,12 +445,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33554, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", + "event.id": "ut8lbrffooxzd", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500506974Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -485,12 +503,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33880, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", + "event.id": "ut8lbrffooxz8", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.469099728Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -541,12 +561,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 22, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", + "event.id": "ut8lbrffooxyt", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:45.860349247Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -591,12 +613,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821056075Z", + "event.id": "ut8lbrffooxz5", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:20.510622432Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -647,12 +671,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", + "event.id": "ut8lbrffooxza", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:01.074897435Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -706,12 +732,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "ut8lbrffooxyq", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500498059Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -762,12 +790,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", + "event.id": "ut8lbrffooxz2", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.150720950Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -818,12 +848,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", + "event.id": "ut8lbrffooxyo", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.466657665Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -871,12 +903,14 @@ "destination.domain": "simianhacker-demo", "destination.ip": "10.49.136.133", "destination.port": 46864, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:29.432367659Z", + "event.id": "ut8lbrffooxzc", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:17.343890802Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -917,12 +951,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", + "event.id": "ut8lbrffooxz7", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:48:38.961050187Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -969,12 +1005,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", + "event.id": "ut8lbrffooxyu", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500506974Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1026,12 +1064,14 @@ "destination.geo.region_name": "Colorado", "destination.ip": "203.0.113.58", "destination.port": 65320, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", + "event.id": "ut8lbrffooxyv", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.560917237Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -1076,12 +1116,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33562, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", + "event.id": "ut8lbrffooxz0", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:01.074897435Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1128,12 +1170,14 @@ "destination.address": "203.0.113.93", "destination.ip": "203.0.113.93", "destination.port": 9243, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:58.716492806Z", + "event.id": "ut8lbrffooxys", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:17.306085222Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -1175,12 +1219,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", + "event.id": "ut8lbrffooxyx", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:45:37.186193305Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1227,12 +1273,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33548, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.393651211Z", + "event.id": "ut8lbrffooxz4", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147252064Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1280,12 +1328,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", + "event.id": "ut8lbrffooxz3", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.560917237Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1331,12 +1381,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33542, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", + "event.id": "ut8lbrffooxz9", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.150720950Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1387,12 +1439,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:48.537763242Z", + "event.id": "ut8lbrffooxyr", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147252064Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1445,12 +1499,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.12", "destination.port": 34836, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", + "event.id": "ut8lbrffooxyy", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:48:38.961050187Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -1492,12 +1548,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 22, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", + "event.id": "1ulp77rfdvho4g", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:46.541094678Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1546,12 +1604,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", + "event.id": "1ulp77rfdvho5r", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075811571Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1599,12 +1659,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", + "event.id": "1ulp77rfdvho5k", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:20.634435179Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1651,12 +1713,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33534, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", + "event.id": "1ulp77rfdvho55", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075942176Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1707,12 +1771,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33694, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", + "event.id": "1ulp77rfdvho60", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.566551903Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1764,12 +1830,14 @@ "destination.geo.region_name": "Colorado", "destination.ip": "203.0.113.58", "destination.port": 65263, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", + "event.id": "1ulp77rfdvho49", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:01.270990648Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -1811,12 +1879,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", + "event.id": "1ulp77rfdvho4t", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075942176Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1870,12 +1940,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.101", "destination.port": 49680, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", + "event.id": "1ulp77rfdvho68", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.711043814Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -1925,12 +1997,14 @@ "destination.geo.country_name": "usa", "destination.ip": "192.0.2.117", "destination.port": 33862, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", + "event.id": "1ulp77rfdvho5n", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:11.655143526Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -1976,12 +2050,14 @@ "destination.geo.region_name": "Colorado", "destination.ip": "203.0.113.58", "destination.port": 65321, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", + "event.id": "1ulp77rfdvho5l", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.843986502Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -2023,12 +2099,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", + "event.id": "1ulp77rfdvho65", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:24.790136141Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2082,12 +2160,14 @@ "destination.geo.country_name": "usa", "destination.ip": "192.0.2.177", "destination.port": 60112, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", + "event.id": "1ulp77rfdvho4b", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:14.031541248Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-central1", @@ -2135,12 +2215,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33552, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", + "event.id": "1ulp77rfdvho4m", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075811571Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2194,12 +2276,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33524, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", + "event.id": "1ulp77rfdvho5t", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:24.790136141Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2247,12 +2331,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33548, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", + "event.id": "1ulp77rfdvho50", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147072949Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2303,12 +2389,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", + "event.id": "1ulp77rfdvho63", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.566551903Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2361,12 +2449,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.107", "destination.port": 33924, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", + "event.id": "1ulp77rfdvho4r", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:20.634545217Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -2412,12 +2502,14 @@ "destination.geo.region_name": "Colorado", "destination.ip": "203.0.113.58", "destination.port": 65271, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", + "event.id": "1ulp77rfdvho4i", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.155378070Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -2459,12 +2551,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", + "event.id": "1ulp77rfdvho5v", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:11.655143526Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2508,12 +2602,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", + "event.id": "1ulp77rfdvho5i", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.843986502Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2563,12 +2659,14 @@ "destination.geo.region_name": "Colorado", "destination.ip": "203.0.113.58", "destination.port": 65316, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", + "event.id": "1ulp77rfdvho5c", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.565831992Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -2610,12 +2708,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", + "event.id": "1ulp77rfdvho5p", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.711043814Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2666,12 +2766,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", + "event.id": "1ulp77rfdvho4y", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:14.031541248Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2725,12 +2827,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33558, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.394676451Z", + "event.id": "1ulp77rfdvho4o", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:58.492572765Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2778,12 +2882,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", + "event.id": "1ulp77rfdvho5g", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.565831992Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2829,12 +2935,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", + "event.id": "1ulp77rfdvho59", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:01.270990648Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2880,12 +2988,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", + "event.id": "1ulp77rfdvho57", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:20.454046087Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -2931,12 +3041,14 @@ "destination.geo.country_name": "usa", "destination.ip": "192.0.2.117", "destination.port": 50438, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", + "event.id": "1ulp77rfdvho5e", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:20.454046087Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -2982,12 +3094,14 @@ "destination.geo.region_name": "Vinh Phuc Province", "destination.ip": "192.0.2.165", "destination.port": 59623, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", + "event.id": "1ulp77rfdvho4d", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:46.541094678Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -3029,12 +3143,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:48.538257098Z", + "event.id": "1ulp77rfdvho5y", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:58.492572765Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3088,12 +3204,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", + "event.id": "1ulp77rfdvho6a", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147072949Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3141,12 +3259,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", + "event.id": "1ulp77rfdvho4v", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.155378070Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3192,12 +3312,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", + "event.id": "bnj3cofh3cdk1", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:51.237256499Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3241,12 +3363,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", + "event.id": "bnj3cofh3cdjx", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:45:50.954948790Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3290,12 +3414,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", + "event.id": "bnj3cofh3cdju", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:02.143837873Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3348,12 +3474,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.107", "destination.port": 33602, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", + "event.id": "bnj3cofh3cdjz", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:45:50.954948790Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -3395,12 +3523,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", + "event.id": "bnj3cofh3cdkk", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:42:40.779893091Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3444,12 +3574,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33534, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", + "event.id": "bnj3cofh3cdk0", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075756033Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3502,12 +3634,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.27", "destination.port": 52260, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", + "event.id": "bnj3cofh3cdk8", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:42:11.063146265Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -3552,12 +3686,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", + "event.id": "bnj3cofh3cdkp", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.140119099Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3608,12 +3744,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdkc", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500498059Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3661,12 +3799,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821047175Z", + "event.id": "bnj3cofh3cdkm", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.469473010Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3720,12 +3860,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33554, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", + "event.id": "bnj3cofh3cdjy", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:02.143837873Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3775,12 +3917,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.27", "destination.port": 53706, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", + "event.id": "bnj3cofh3cdjv", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:43:50.703302550Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -3822,12 +3966,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.789039435Z", + "event.id": "bnj3cofh3cdkh", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.458515996Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3878,12 +4024,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", + "event.id": "bnj3cofh3cdkg", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:44:40.125336665Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3927,12 +4075,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33556, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdk7", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500498059Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -3983,12 +4133,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", + "event.id": "bnj3cofh3cdk9", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:43:50.703302550Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4032,12 +4184,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", + "event.id": "bnj3cofh3cdkj", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:42:11.063146265Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4083,12 +4237,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.27", "destination.port": 34090, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", + "event.id": "bnj3cofh3cdki", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:37.712749588Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4132,12 +4288,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.12", "destination.port": 34178, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", + "event.id": "bnj3cofh3cdkd", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:51.237256499Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4181,12 +4339,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.107", "destination.port": 33064, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", + "event.id": "bnj3cofh3cdjw", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:44:40.125336665Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4228,12 +4388,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", + "event.id": "bnj3cofh3cdk3", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:48:50.642206049Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4279,12 +4441,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.12", "destination.port": 58216, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", + "event.id": "bnj3cofh3cdkb", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:49:36.865198297Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4329,12 +4493,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", + "event.id": "bnj3cofh3cdk4", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075756033Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4385,12 +4551,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.248", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdkf", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500418290Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4438,12 +4606,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", + "event.id": "bnj3cofh3cdkl", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:49:36.865198297Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4487,12 +4657,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33510, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", + "event.id": "bnj3cofh3cdk2", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:39:59.500418290Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4545,12 +4717,14 @@ "destination.geo.country_name": "usa", "destination.ip": "198.51.100.107", "destination.port": 34906, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", + "event.id": "bnj3cofh3cdko", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:48:50.642206049Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4594,12 +4768,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.27", "destination.port": 52454, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", + "event.id": "bnj3cofh3cdke", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:42:40.779893091Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.source.instance.project_id": "my-sample-project", "googlecloud.source.instance.region": "us-east1", @@ -4641,12 +4817,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 5601, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", + "event.id": "bnj3cofh3cdka", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:46:37.712749588Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4690,12 +4868,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33530, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", + "event.id": "bnj3cofh3cdkn", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.140119099Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4749,12 +4929,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33570, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:51.821129119Z", + "event.id": "bnj3cofh3cdk5", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.469473010Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4805,12 +4987,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33858, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:37.933164456Z", + "event.id": "bnj3cofh3cdk6", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.458515996Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4861,12 +5045,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33590, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", + "event.id": "y4wffpfk2ero3", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147151100Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -4917,12 +5103,14 @@ "destination.geo.country_name": "usa", "destination.ip": "192.0.2.177", "destination.port": 60108, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", + "event.id": "y4wffpfk2eroh", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.762958327Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-central1", @@ -4973,12 +5161,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33536, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565156020Z", + "event.id": "y4wffpfk2erom", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.150481417Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -5026,12 +5216,14 @@ "destination.domain": "kibana", "destination.ip": "10.87.40.76", "destination.port": 33560, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", + "event.id": "y4wffpfk2ero9", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:06.075859688Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -5082,12 +5274,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", + "event.id": "y4wffpfk2erog", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:00.762958327Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -5141,12 +5335,14 @@ "destination.geo.country_name": "usa", "destination.ip": "203.0.113.134", "destination.port": 33874, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:37.933099658Z", + "event.id": "y4wffpfk2ero7", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:20.513551480Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -5194,12 +5390,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:37.965119632Z", + "event.id": "y4wffpfk2eroe", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:08.480430427Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1", @@ -5250,12 +5448,14 @@ "destination.domain": "elasticsearch", "destination.ip": "10.139.99.242", "destination.port": 9200, - "event.category": "network_traffic", + "event.category": "network", "event.dataset": "googlecloud.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", + "event.id": "y4wffpfk2eroa", + "event.kind": "event", "event.module": "googlecloud", "event.start": "2019-06-14T03:40:05.147151100Z", - "event.type": "flow", + "event.type": "connection", "fileset.name": "vpcflow", "googlecloud.destination.instance.project_id": "my-sample-project", "googlecloud.destination.instance.region": "us-east1",