Skip to content

Commit

Permalink
[Filebeat] Palo_alto module improvements (elastic#12182)
Browse files Browse the repository at this point in the history
This PR adds some missing features to the recently merged palo_alto module:

Dashboards (One for traffic logs, one for threats).
Sets network.type to either ipv4 or ipv6.
Renames palo_alto.pan_os.threat_file_or_url to palo_alto.pan_os.threat.resource.
Splits palo_alto.pan_os.threat_id into palo_alto.pan_os.threat.id and palo_alto.pan_os.threat.name.
  • Loading branch information
adriansr authored and ph committed May 21, 2019
1 parent ae5fd12 commit e1ad9f1
Show file tree
Hide file tree
Showing 17 changed files with 2,701 additions and 378 deletions.
14 changes: 12 additions & 2 deletions filebeat/docs/fields.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12046,7 +12046,7 @@ Log entry identifier that is incremented sequentially. Unique for each log type.
--
*`palo_alto.pan_os.threat_file_or_url`*::
*`palo_alto.pan_os.threat.resource`*::
+
--
type: keyword
Expand All @@ -12056,14 +12056,24 @@ URL or file name for a threat.
--
*`palo_alto.pan_os.threat_id`*::
*`palo_alto.pan_os.threat.id`*::
+
--
type: keyword
Palo Alto Networks identifier for the threat.
--
*`palo_alto.pan_os.threat.name`*::
+
--
type: keyword
Palo Alto Networks name for the threat.
--
[[exported-fields-postgresql]]
Expand Down
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 10 additions & 8 deletions filebeat/docs/modules/palo_alto.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -121,14 +121,16 @@ in ECS that are added under the `palo_alto` prefix:
| Device Name | observer.hostname |
|==============

// [float]
// === Example dashboard
//
// This module comes with a sample dashboard:
//
// (TODO)
// [role="screenshot"]
// image::./images/kibana-cisco-asa.png[]
[float]
=== Example dashboard

This module comes with two sample dashboards:

[role="screenshot"]
image::./images/filebeat-palo-alto-traffic.png[]

[role="screenshot"]
image::./images/filebeat-palo-alto-threat.png[]

include::../include/configuring-intro.asciidoc[]

Expand Down
18 changes: 10 additions & 8 deletions x-pack/filebeat/module/palo_alto/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -116,14 +116,16 @@ in ECS that are added under the `palo_alto` prefix:
| Device Name | observer.hostname |
|==============

// [float]
// === Example dashboard
//
// This module comes with a sample dashboard:
//
// (TODO)
// [role="screenshot"]
// image::./images/kibana-cisco-asa.png[]
[float]
=== Example dashboard

This module comes with two sample dashboards:

[role="screenshot"]
image::./images/filebeat-palo-alto-traffic.png[]

[role="screenshot"]
image::./images/filebeat-palo-alto-threat.png[]

include::../include/configuring-intro.asciidoc[]

Expand Down
Loading

0 comments on commit e1ad9f1

Please sign in to comment.