Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add 21 autogenerated filesets from rsa2elk devices #19713

Merged
merged 19 commits into from
Jul 14, 2020
Merged

Add 21 autogenerated filesets from rsa2elk devices #19713

merged 19 commits into from
Jul 14, 2020

Commits on Jul 13, 2020

  1. Fix assertion in fields validation

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    4cd4aa1 View commit details
    Browse the repository at this point in the history

  2. Terminate fortinet fileset docs

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    2453c87 View commit details
    Browse the repository at this point in the history

  3. Drop @timestamp for comparison in a few new filesets 

    This is caused by the log generator not being able to add valid
timestamps to the logs.
    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    44d6e99 View commit details
    Browse the repository at this point in the history

  4. Ignore custom rsa key in addition to @timestamp in tests

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    ce6baef View commit details
    Browse the repository at this point in the history

  5. Update cisco docs to mention new fileset

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    3bafcf3 View commit details
    Browse the repository at this point in the history

  6. Add 21 autogenerated filesets from rsa2elk devices 

    This adds the following experimental filesets based on Apache 2 license
device parsers:

- tomcat.log
- netscout.sightline
- barracuda.waf
- f5.bigipapm
- bluecoat.director
- cisco.nexus
- citrix.virtualapps
- cylance.protect
- f5.firepass
- fortinet.clientendpoint
- imperva.securesphere
- infoblox.nios
- juniper.junos
- kaspersky.av
- microsoft.dhcp
- tenable.nessus_security
- rapid7.nexpose
- radware.defensepro
- sonicwall.firewall
- squid.log
- zscaler.zia
    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    d8dbfa7 View commit details
    Browse the repository at this point in the history

  7. Fix fortnet/clientendpoint parsing.

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    30f929b View commit details
    Browse the repository at this point in the history

  8. Fixes for sonicwall parsing

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    6e00df1 View commit details
    Browse the repository at this point in the history

  9. Add overwrite: true to fields

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    0e90904 View commit details
    Browse the repository at this point in the history

  10. Prefer event.action to event.category, better user.name / related.user

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    f8097ff View commit details
    Browse the repository at this point in the history

  11. Improved parsers 

    Some pipelines were failing due to trailing space at the end of messages
(which the original XML format ignores). Updated the generator to strip
those spaces.
    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    2bd73b6 View commit details
    Browse the repository at this point in the history

  12. event.action is not an array

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    320c9e2 View commit details
    Browse the repository at this point in the history

  13. event.outcome / group.name / group.id / host.mac / direction 

    This updates the parser to:
- map event.outcome to the standard values.
- populate group.name and group.id.
- set host.mac from the macaddr field.
- Give meaninful direction values to generated logs.
    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    c7e8569 View commit details
    Browse the repository at this point in the history

  14. Update test files

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    b6af936 View commit details
    Browse the repository at this point in the history

  15. Update

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    d5a77a4 View commit details
    Browse the repository at this point in the history

  16. Fix mac address parsers in microsoft/dhcp

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    cac973c View commit details
    Browse the repository at this point in the history

  17. Use file.name instead of http.response.body.content

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    4f80f24 View commit details
    Browse the repository at this point in the history

  18. Changelog entries

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    14e7d41 View commit details
    Browse the repository at this point in the history

  19. Remove questionable log files from squid

    @adriansr
    adriansr committed Jul 13, 2020
    Configuration menu
    Copy the full SHA
    27573b7 View commit details
    Browse the repository at this point in the history