[Filebeat] Improve ECS categorization field mappings in cisco module (e…

…lastic#18537) * Improve ECS categorization field mappings in cisco module - asa + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ftd + explicitly set ECS version + event.kind + event.category + event.type + related.hash + related.ip + related.user - ios + explicitly set ECS version + event.kind + event.category + event.type Closes elastic#16028 Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co> (cherry picked from commit f1139f2)
leehinman · Jun 4, 2020 · 449b70f · 449b70f
1 parent d068c98
commit 449b70f
Show file tree

Hide file tree

Showing 24 changed files with 4,742 additions and 77 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -430,8 +430,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - The `logstash` module can now automatically detect the log file format (JSON or plaintext) and process it accordingly. {issue}9964[9964] {pull}18095[18095]
 - Improve ECS categorization field mappings in coredns module. {issue}16159[16159] {pull}18424[18424]
 - Improve ECS categorization field mappings in envoyproxy module. {issue}16161[16161] {pull}18395[18395]
+- Improve ECS categorization field mappings in cisco module. {issue}16028[16028] {pull}18537[18537]
 - The s3 input can now automatically detect gzipped objects. {issue}18283[18283] {pull}18764[18764]
 
+
 *Heartbeat*
 
 - Allow a list of status codes for HTTP checks. {pull}15587[15587]

diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml
@@ -19,3 +19,7 @@ tags: {{.tags}}
 
 processors:
   - add_locale: ~
+  - add_fields:
+      target: ''
+      fields:
+        ecs.version: 1.5.0