Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ML] Edits to fields used in auditbeat module configurations #25866

Merged
merged 1 commit into from
Nov 19, 2018
Merged

[ML] Edits to fields used in auditbeat module configurations #25866

merged 1 commit into from
Nov 19, 2018

Conversation

peteharverson
Copy link
Contributor

Summary

Minor edits to the configuration files used in the auditbeat process data recognizer modules following discussion with @tsg:

  • Query used to match against Kibana index patterns replaces test for existence of auditd field with auditd.summary (check against auditd would result in false positives against auditd filebeat module.
  • hosts module jobs and 'Event volume' visualization use beat.name in place of beat.hostname (use of beat.name preferred over beat.hostname in 6.x since beat.name defaults to the hostname but can be changed by the user).

Checklist

N/A

@peteharverson peteharverson added review non-issue Indicates to automation that a pull request should not appear in the release notes v7.0.0 :ml Feature:Anomaly Detection ML anomaly detection v6.6.0 labels Nov 19, 2018
@elasticmachine
Copy link
Contributor

Pinging @elastic/ml-ui

@tsg
Copy link
Contributor

tsg commented Nov 19, 2018

Pinging @elastic/secops for visibility.

alvarezmelissa87
alvarezmelissa87 approved these changes Nov 19, 2018
View reviewed changes
Copy link
Contributor

@alvarezmelissa87 alvarezmelissa87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ⚡️

@webmat
Copy link

webmat commented Nov 19, 2018

Note that beat.hostname is being renamed to agent.hostname for 7.0, in the move to ECS schema.

See elastic/beats#8873 (and elastic/beats#8655 for more upcoming changes)

walterra
walterra approved these changes Nov 19, 2018
View reviewed changes
Copy link
Contributor

@walterra walterra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💯

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@peteharverson peteharverson merged commit cc07aa2 into elastic:master Nov 19, 2018
@peteharverson peteharverson deleted the ml-auditbeat-module-fields branch November 19, 2018 16:22
@peteharverson peteharverson mentioned this pull request Nov 19, 2018
Merged
peteharverson added a commit to peteharverson/kibana that referenced this pull request Nov 19, 2018
@peteharverson
[ML] Edits to fields used in auditbeat module configurations (elastic…
f25cd12 
…#25866)
peteharverson added a commit that referenced this pull request Nov 20, 2018
@peteharverson
[ML] Edits to fields used in auditbeat module configurations (#25866) (
0643155 
…#25871)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@walterra walterra walterra approved these changes

@alvarezmelissa87 alvarezmelissa87 alvarezmelissa87 approved these changes

@jgowdyelastic jgowdyelastic Awaiting requested review from jgowdyelastic

Assignees
No one assigned
Labels
Feature:Anomaly Detection ML anomaly detection :ml non-issue Indicates to automation that a pull request should not appear in the release notes review v6.6.0 v7.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@peteharverson @elasticmachine @tsg @webmat @walterra @alvarezmelissa87