[Filebeat] Improve ECS categorization in iptables module (elastic#16637)

* Improve ECS categorization in iptables module - event.action, map to accept/drop like gui - event.category - event.kind - event.type - observer.egress.zone - observer.ingress.zone - related.ip - rule.id - rule.name - convert pipeline to yaml - fix tcp_flags grok to get all entries - make iptables.tcp.flags an array - make iptables.fragment_flags an array Closes elastic#16166
leehinman · Mar 17, 2020 · d9c83df · d9c83df
1 parent 99fd13a
commit d9c83df
Show file tree

Hide file tree

Showing 9 changed files with 676 additions and 277 deletions.
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -183,6 +183,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add ECS related fields to CEF module {issue}16157[16157] {pull}16338[16338]
 - Improve ECS categorization field mappings in suricata module. {issue}16181[16181] {pull}16843[16843]
 - Release ActiveMQ module as GA. {issue}17047[17047] {pull}17049[17049]
+- Improve ECS categorization field mappings in iptables module. {issue}16166[16166] {pull}16637[16637]
 
 *Heartbeat*
 

diff --git a/x-pack/filebeat/module/iptables/log/ingest/pipeline.json b/x-pack/filebeat/module/iptables/log/ingest/pipeline.json