diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json index 41ca5da61f8..e7266ca60e1 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-04-17T14:08:08.000-02:00", "cisco.ftd.connection_id": "110577675", "cisco.ftd.destination_interface": "Inside", "cisco.ftd.message_id": "302016", @@ -63,6 +64,7 @@ ] }, { + "@timestamp": "2020-04-17T14:00:31.000-02:00", "cisco.ftd.destination_interface": "Outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "Inside_access_in", @@ -114,6 +116,7 @@ ] }, { + "@timestamp": "2013-04-15T09:36:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "acl_dmz", @@ -162,6 +165,7 @@ ] }, { + "@timestamp": "2020-04-17T14:16:20.000-02:00", "cisco.ftd.destination_interface": "Outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "Inside_access_in", @@ -220,6 +224,7 @@ ] }, { + "@timestamp": "2020-04-17T14:15:07.000-02:00", "cisco.ftd.message_id": "106017", "destination.address": "10.123.123.123", "destination.ip": "10.123.123.123", diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json index 7e8eed6799e..3b95629dffb 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -53,6 +54,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11757", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -112,6 +114,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11749", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -172,6 +175,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11748", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -232,6 +236,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11745", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -292,6 +297,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11744", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -352,6 +358,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11742", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -412,6 +419,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11738", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -472,6 +480,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11739", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -532,6 +541,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11731", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -592,6 +602,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11723", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -652,6 +663,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11715", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -712,6 +724,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11711", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -772,6 +785,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11712", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -832,6 +846,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11708", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -892,6 +907,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11746", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -952,6 +968,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11706", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -1012,6 +1029,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11702", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -1072,6 +1090,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11753", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -1132,6 +1151,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -1185,6 +1205,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11758", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1244,6 +1265,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11758", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -1303,6 +1325,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11759", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1362,6 +1385,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11759", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -1421,6 +1445,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -1474,6 +1499,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11760", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1533,6 +1559,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -1586,6 +1613,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11761", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1645,6 +1673,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11762", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1704,6 +1733,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11763", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1763,6 +1793,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11762", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -1822,6 +1853,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11763", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -1881,6 +1913,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -1934,6 +1967,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11764", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -1993,6 +2027,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -2046,6 +2081,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11772", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2105,6 +2141,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11773", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2164,6 +2201,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11772", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2223,6 +2261,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11773", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2282,6 +2321,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -2335,6 +2375,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11774", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2394,6 +2435,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11775", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2453,6 +2495,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11776", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2512,6 +2555,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11775", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2571,6 +2615,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11776", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2630,6 +2675,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -2683,6 +2729,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11777", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2742,6 +2789,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11777", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -2802,6 +2850,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11779", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -2861,6 +2910,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11778", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2920,6 +2970,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11779", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2979,6 +3030,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3032,6 +3084,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11780", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3091,6 +3144,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3144,6 +3198,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11781", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3203,6 +3258,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3256,6 +3312,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11782", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3315,6 +3372,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11783", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3374,6 +3432,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11783", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -3433,6 +3492,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3486,6 +3546,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11784", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3545,6 +3606,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3598,6 +3660,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11785", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3657,6 +3720,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11786", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3716,6 +3780,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11784", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -3776,6 +3841,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -3829,6 +3895,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11787", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -3888,6 +3955,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11786", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -3947,6 +4015,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -4000,6 +4069,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11788", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -4059,6 +4129,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4116,6 +4187,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -4169,6 +4241,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11797", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.156.80", @@ -4228,6 +4301,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4285,6 +4359,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4342,6 +4417,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4399,6 +4475,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4456,6 +4533,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4513,6 +4591,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305012", "cisco.ftd.source_interface": "inside", @@ -4570,6 +4649,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11564", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -4630,6 +4710,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11797", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302014", @@ -4690,6 +4771,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -4743,6 +4825,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11798", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.156.80", @@ -4802,6 +4885,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -4858,6 +4942,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -4914,6 +4999,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -4970,6 +5056,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5026,6 +5113,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5082,6 +5170,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5138,6 +5227,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5194,6 +5284,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5250,6 +5341,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5306,6 +5398,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5362,6 +5455,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5418,6 +5512,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5474,6 +5569,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "inbound", @@ -5530,6 +5626,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -5583,6 +5680,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11799", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", @@ -5642,6 +5740,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -5695,6 +5794,7 @@ ] }, { + "@timestamp": "2018-10-10T12:34:56.000-02:00", "cisco.ftd.connection_id": "11800", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "172.31.98.44", diff --git a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json index 54cdbd016d5..8353ab7bb65 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -110,6 +111,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -222,6 +224,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -332,6 +335,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -444,6 +448,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -555,6 +560,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -665,6 +671,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -778,6 +785,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -888,6 +896,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -999,6 +1008,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1111,6 +1121,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1213,6 +1224,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1319,6 +1331,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1424,6 +1437,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1528,6 +1542,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1633,6 +1648,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1745,6 +1761,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1855,6 +1872,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -1965,6 +1983,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -2075,6 +2094,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -2183,6 +2203,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-26T21:11:03.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ diff --git a/x-pack/filebeat/module/cisco/ftd/test/filtered.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/filtered.log-expected.json index 147ede5cdb8..6e77e652aff 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/filtered.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/filtered.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-01-01T01:00:27.000-02:00", "cisco.ftd.message_id": "999999", "event.action": "firewall-rule", "event.category": [ diff --git a/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json index 820241d9abc..605eba1e2a7 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/firepower-management.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-08-14T13:56:30.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", @@ -22,6 +23,7 @@ ] }, { + "@timestamp": "2019-08-14T13:57:19.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=Banner, Page View\u0000x0a\u0000x00", @@ -44,6 +46,7 @@ ] }, { + "@timestamp": "2019-08-14T13:57:26.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/ChangeReconciliation.cgi, Page View\u0000x0a\u0000x00", @@ -66,6 +69,7 @@ ] }, { + "@timestamp": "2019-08-14T13:57:34.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=IntrusionPolicyPrefs, Page View\u0000x0a\u0000x00", @@ -88,6 +92,7 @@ ] }, { + "@timestamp": "2019-08-14T13:57:43.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /admin/lights_out_mgmt.cgi, Page View\u0000x0a\u0000x00", @@ -110,6 +115,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:02.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Cloud Services, View url filtering settings\u0000x0a\u0000x00", @@ -132,6 +138,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:02.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Cloud Services, View amp settings\u0000x0a\u0000x00", @@ -154,6 +161,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:20.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", @@ -176,6 +184,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:41.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management, Page View\u0000x0a\u0000x00", @@ -198,6 +207,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:47.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Interfaces, Page View\u0000x0a\u0000x00", @@ -220,6 +230,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:52.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", @@ -242,6 +253,7 @@ ] }, { + "@timestamp": "2019-08-14T13:58:54.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", @@ -264,6 +276,7 @@ ] }, { + "@timestamp": "2019-08-14T13:59:10.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings, Page View\u0000x0a\u0000x00", @@ -286,6 +299,7 @@ ] }, { + "@timestamp": "2019-08-14T13:59:15.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", @@ -308,6 +322,7 @@ ] }, { + "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", @@ -330,6 +345,7 @@ ] }, { + "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", @@ -352,6 +368,7 @@ ] }, { + "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", @@ -374,6 +391,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:12.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", @@ -396,6 +414,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:12.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", @@ -418,6 +437,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:13.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", @@ -440,6 +460,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:20.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", @@ -462,6 +483,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", @@ -484,6 +506,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Global Configuration Generation\u0000x0a\u0000x00", @@ -506,6 +529,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:35.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", @@ -528,6 +552,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:36.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Device Configuration for siem-ftd\u0000x0a\u0000x00", @@ -550,6 +575,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:55.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", @@ -572,6 +598,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:56.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Policy Deployment to siem-ftd - SUCCESS\u0000x0a\u0000x00", @@ -594,6 +621,7 @@ ] }, { + "@timestamp": "2019-08-14T14:01:57.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", @@ -616,6 +644,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:03.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", @@ -638,6 +667,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:11.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Audit, Page View\u0000x0a\u0000x00", @@ -660,6 +690,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:19.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", @@ -682,6 +713,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", @@ -704,6 +736,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:38.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Local System Configuration, Save Local System Configuration\u0000x0a\u0000x00", @@ -726,6 +759,7 @@ ] }, { + "@timestamp": "2019-08-14T14:02:38.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Audit Log Settings > Modified: Send Audit Log to Syslog enabled > Disabled", diff --git a/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json index 9856bb5368f..709c0b6a9a2 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/intrusion.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-08-16T07:54:00.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430001", "cisco.ftd.rule_name": [ @@ -87,6 +88,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T07:57:02.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430001", "cisco.ftd.rule_name": [ @@ -174,6 +176,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T08:04:44.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "430001", "cisco.ftd.rule_name": [ @@ -257,6 +260,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T08:09:47.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "430001", "cisco.ftd.rule_name": [ diff --git a/x-pack/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json index 70bb2b7b135..500a6538886 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/no-type-id.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2018-01-11T01:00:27.000-02:00", "cisco.ftd.message_id": "430001", "cisco.ftd.security.application_protocol": "http", "cisco.ftd.security.client": "webserver", @@ -52,6 +53,7 @@ ] }, { + "@timestamp": "2018-01-11T01:00:27.000-02:00", "cisco.ftd.message_id": "430001", "cisco.ftd.security.http_response": "404", "cisco.ftd.security.message": "Some message here (1:36330:2).", @@ -92,6 +94,7 @@ ] }, { + "@timestamp": "2018-01-11T01:00:27.000-02:00", "cisco.ftd.message_id": "430002", "cisco.ftd.security.http_response": "404", "cisco.ftd.security.message": "Some message here (1:36330:2)", @@ -133,6 +136,7 @@ ] }, { + "@timestamp": "2018-01-11T01:00:27.000-02:00", "cisco.ftd.message_id": "430005", "cisco.ftd.security.dst_ip": "192.168.3.33", "cisco.ftd.security.dst_port": "64311", diff --git a/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json index 95560519ec2..2d85b823a65 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/not-ip.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-10-04T15:27:55.000-02:00", "cisco.ftd.destination_interface": "OUTSIDE", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "AL-DMZ-LB-IN", @@ -51,6 +52,7 @@ ] }, { + "@timestamp": "2020-01-01T10:42:53.000-02:00", "cisco.ftd.mapped_source_host": "mydomain.example.net", "cisco.ftd.message_id": "302021", "destination.address": "172.24.177.29", @@ -98,6 +100,7 @@ ] }, { + "@timestamp": "2020-01-02T11:33:20.000-02:00", "cisco.ftd.destination_interface": "wan", "cisco.ftd.mapped_destination_host": "www.example.org", "cisco.ftd.mapped_destination_port": 80, diff --git a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json index ad71a4d816a..84c749c8d75 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2013-04-15T09:36:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "acl_dmz", @@ -49,6 +50,7 @@ ] }, { + "@timestamp": "2013-04-15T09:36:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "acl_dmz", @@ -98,6 +100,7 @@ ] }, { + "@timestamp": "2014-04-15T11:34:34.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -148,6 +151,7 @@ ] }, { + "@timestamp": "2013-04-24T16:00:28.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "inside", @@ -202,6 +206,7 @@ ] }, { + "@timestamp": "2013-04-24T16:00:27.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "inside", @@ -256,6 +261,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "outside", @@ -302,6 +308,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "89743274", "cisco.ftd.destination_interface": "outside", "cisco.ftd.mapped_destination_ip": "10.123.3.42", @@ -355,6 +362,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "outside", @@ -401,6 +409,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "89743275", "cisco.ftd.destination_interface": "outside", "cisco.ftd.mapped_destination_ip": "10.123.1.35", @@ -456,6 +465,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "outside", @@ -502,6 +512,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "89743276", "cisco.ftd.destination_interface": "outside", "cisco.ftd.mapped_destination_ip": "10.123.3.130", @@ -557,6 +568,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "89743275", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -609,6 +621,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "666", "cisco.ftd.destination_interface": "inside", "cisco.ftd.destination_username": "user2", @@ -670,6 +683,7 @@ "user.name": "user2" }, { + "@timestamp": "2011-06-04T21:59:52.000-02:00", "cisco.ftd.mapped_source_ip": "192.168.132.46", "cisco.ftd.message_id": "302021", "destination.address": "172.24.177.29", @@ -717,6 +731,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "305011", "cisco.ftd.source_interface": "inside", @@ -763,6 +778,7 @@ ] }, { + "@timestamp": "2013-04-29T12:59:50.000-02:00", "cisco.ftd.connection_id": "89743277", "cisco.ftd.destination_interface": "inside", "cisco.ftd.mapped_destination_ip": "10.0.0.130", @@ -818,6 +834,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:33.000-02:00", "cisco.ftd.message_id": "106007", "destination.address": "10.1.2.60", "destination.ip": "10.1.2.60", @@ -864,6 +881,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:38.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -913,6 +931,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:38.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -962,6 +981,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:39.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1011,6 +1031,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:39.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1060,6 +1081,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:39.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1109,6 +1131,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:40.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1158,6 +1181,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:41.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1207,6 +1231,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:47.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1256,6 +1281,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:48.000-02:00", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1305,6 +1331,7 @@ ] }, { + "@timestamp": "2013-04-30T09:22:56.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1354,6 +1381,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:02.000-02:00", "cisco.ftd.message_id": "106006", "cisco.ftd.source_interface": "inside", "destination.address": "10.1.2.42", @@ -1401,6 +1429,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:03.000-02:00", "cisco.ftd.message_id": "106007", "destination.address": "10.1.5.60", "destination.ip": "10.1.5.60", @@ -1447,6 +1476,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:06.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1496,6 +1526,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:08.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1545,6 +1576,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:15.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1594,6 +1626,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:24.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1643,6 +1676,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:34.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1692,6 +1726,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:40.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "acl_out", @@ -1741,6 +1776,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:41.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "acl_out", @@ -1790,6 +1826,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:43.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1839,6 +1876,7 @@ ] }, { + "@timestamp": "2013-04-30T09:23:43.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1888,6 +1926,7 @@ ] }, { + "@timestamp": "2018-04-15T11:34:34.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106100", "cisco.ftd.rule_name": "acl_in", @@ -1938,6 +1977,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:24.000-02:00", "cisco.ftd.connection_id": "447235", "cisco.ftd.destination_interface": "identity", "cisco.ftd.mapped_destination_ip": "10.0.13.13", @@ -1995,6 +2035,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:24.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "dmz", @@ -2049,6 +2090,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:24.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "dmz", @@ -2103,6 +2145,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:31.000-02:00", "cisco.ftd.connection_id": "447236", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.mapped_destination_host": "OCSP_Server", @@ -2159,6 +2202,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:31.000-02:00", "cisco.ftd.connection_id": "447236", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.mapped_destination_host": "OCSP_Server", @@ -2215,6 +2259,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:31.000-02:00", "cisco.ftd.connection_id": "447236", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.message_id": "302014", @@ -2273,6 +2318,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:38.000-02:00", "cisco.ftd.connection_id": "447234", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.message_id": "302014", @@ -2331,6 +2377,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:38.000-02:00", "cisco.ftd.connection_id": "447234", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.message_id": "302014", @@ -2389,6 +2436,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:38.000-02:00", "cisco.ftd.message_id": "106015", "cisco.ftd.source_interface": "outside", "destination.address": "192.168.1.34", @@ -2440,6 +2488,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:38.000-02:00", "cisco.ftd.message_id": "106015", "cisco.ftd.source_interface": "outside", "destination.address": "192.168.1.34", @@ -2491,6 +2540,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:39.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "dmz", @@ -2545,6 +2595,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:53.000-02:00", "cisco.ftd.connection_id": "447237", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.mapped_destination_ip": "192.168.1.34", @@ -2602,6 +2653,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:53.000-02:00", "cisco.ftd.connection_id": "447237", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.mapped_destination_ip": "192.168.1.34", @@ -2659,6 +2711,7 @@ ] }, { + "@timestamp": "2018-12-11T08:01:53.000-02:00", "cisco.ftd.connection_id": "447237", "cisco.ftd.destination_interface": "dmz", "cisco.ftd.message_id": "302014", @@ -2717,6 +2770,7 @@ ] }, { + "@timestamp": "2012-08-15T23:30:09.000-02:00", "cisco.ftd.connection_id": "40", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "302016", @@ -2769,6 +2823,7 @@ ] }, { + "@timestamp": "2014-09-12T06:50:53.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.47", @@ -2815,6 +2870,7 @@ ] }, { + "@timestamp": "2014-09-12T06:51:01.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.57", @@ -2861,6 +2917,7 @@ ] }, { + "@timestamp": "2014-09-12T06:51:05.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.47", @@ -2907,6 +2964,7 @@ ] }, { + "@timestamp": "2014-09-12T06:51:05.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.47", @@ -2953,6 +3011,7 @@ ] }, { + "@timestamp": "2014-09-12T06:51:06.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.57", @@ -2999,6 +3058,7 @@ ] }, { + "@timestamp": "2014-09-12T06:51:17.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.88.99.57", @@ -3045,6 +3105,7 @@ ] }, { + "@timestamp": "2014-09-12T06:52:48.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.168.1.255", @@ -3091,6 +3152,7 @@ ] }, { + "@timestamp": "2014-09-12T06:53:00.000-02:00", "cisco.ftd.message_id": "106016", "cisco.ftd.source_interface": "Mobile_Traffic", "destination.address": "192.168.1.255", @@ -3137,6 +3199,7 @@ ] }, { + "@timestamp": "2014-09-12T06:53:01.000-02:00", "cisco.ftd.destination_interface": "inside", "cisco.ftd.message_id": "106023", "cisco.ftd.rule_name": "PERMIT_IN", @@ -3191,6 +3254,7 @@ ] }, { + "@timestamp": "2014-09-12T06:53:02.000-02:00", "cisco.ftd.icmp_code": 3, "cisco.ftd.icmp_type": 3, "cisco.ftd.message_id": "313001", @@ -3238,6 +3302,7 @@ ] }, { + "@timestamp": "2015-01-14T13:16:13.000-02:00", "cisco.ftd.icmp_type": 0, "cisco.ftd.message_id": "313004", "cisco.ftd.source_interface": "inside", @@ -3283,6 +3348,7 @@ ] }, { + "@timestamp": "2015-01-14T13:16:14.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.mapped_destination_ip": "192.88.99.129", "cisco.ftd.mapped_destination_port": 80, @@ -3344,6 +3410,7 @@ ] }, { + "@timestamp": "2015-01-14T13:16:14.000-02:00", "cisco.ftd.destination_interface": "outsidet", "cisco.ftd.mapped_destination_ip": "192.0.2.225", "cisco.ftd.mapped_destination_port": 80, @@ -3402,6 +3469,7 @@ ] }, { + "@timestamp": "2015-01-14T13:16:14.000-02:00", "cisco.ftd.destination_interface": "outsidet", "cisco.ftd.mapped_destination_ip": "192.0.2.223", "cisco.ftd.mapped_destination_port": 8080, @@ -3460,6 +3528,7 @@ ] }, { + "@timestamp": "2009-11-16T14:12:35.000-02:00", "cisco.ftd.message_id": "304001", "destination.address": "192.0.2.1", "destination.ip": "192.0.2.1", @@ -3501,6 +3570,7 @@ "url.path": "/app" }, { + "@timestamp": "2009-11-16T14:12:36.000-02:00", "cisco.ftd.message_id": "304001", "destination.address": "192.0.2.32", "destination.ip": "192.0.2.32", @@ -3544,6 +3614,7 @@ "url.scheme": "http" }, { + "@timestamp": "2009-11-16T14:12:37.000-02:00", "cisco.ftd.message_id": "304002", "cisco.ftd.source_interface": "inside", "destination.address": "192.0.0.19", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json index f6e5025dbf1..9d37925b3d2 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-08-15T14:03:31.000-02:00", "cisco.ftd.destination_interface": "input", "cisco.ftd.message_id": "430002", "cisco.ftd.rule_name": [ @@ -90,6 +91,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-15T14:05:33.000-02:00", "cisco.ftd.destination_interface": "input", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -184,6 +186,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-15T14:05:37.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430002", "cisco.ftd.rule_name": [ @@ -289,6 +292,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-15T14:07:00.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -400,6 +404,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-15T14:07:18.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430002", "cisco.ftd.rule_name": [ @@ -488,6 +493,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-15T14:07:19.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -600,6 +606,7 @@ "user_agent.original": "Debian APT-HTTP/1.3 (1.6.11)" }, { + "@timestamp": "2019-08-16T07:33:15.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430002", "cisco.ftd.rule_name": [ @@ -688,6 +695,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T07:33:15.000-02:00", "cisco.ftd.destination_interface": "outside", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ @@ -796,6 +804,7 @@ "user_agent.original": "curl/7.58.0" }, { + "@timestamp": "2019-08-16T07:35:15.000-02:00", "cisco.ftd.destination_interface": "input", "cisco.ftd.message_id": "430002", "cisco.ftd.rule_name": [ @@ -882,6 +891,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:09:41.000-02:00", "cisco.ftd.destination_interface": "output", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json index 8e9634b18a4..f6c2477ce20 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2019-08-14T14:54:25.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -79,6 +80,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T14:55:02.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -158,6 +160,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:00:29.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -237,6 +240,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:01:41.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -316,6 +320,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:03:28.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -404,6 +409,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:03:33.000-02:00", "cisco.ftd.message_id": "430004", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -492,6 +498,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-14T15:09:43.000-02:00", "cisco.ftd.message_id": "430005", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -584,6 +591,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T07:39:03.000-02:00", "cisco.ftd.message_id": "430005", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -674,6 +682,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T07:40:45.000-02:00", "cisco.ftd.message_id": "430005", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", @@ -763,6 +772,7 @@ "user.name": "No Authentication Required" }, { + "@timestamp": "2019-08-16T07:42:07.000-02:00", "cisco.ftd.message_id": "430005", "cisco.ftd.rule_name": "malware-and-file-policy", "cisco.ftd.security.application_protocol": "HTTP", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json index b5d8bc61cb4..0d16d660155 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-02-29T23:02:36.000-02:00", "cisco.ftd.destination_interface": "s1p2", "cisco.ftd.message_id": "430003", "cisco.ftd.rule_name": [ diff --git a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json index e9f59c544f5..63c66bbeb3a 100644 --- a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2016-01-29T06:09:59.000Z", "destination.ip": "10.193.124.51", "destination.port": 5293, "event.action": "deny", @@ -44,6 +45,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-02-12T13:12:33.000Z", "destination.mac": "01:00:5e:0f:87:e3", "event.code": "events", "event.dataset": "cisco.meraki", @@ -79,6 +81,7 @@ ] }, { + "@timestamp": "2016-02-26T20:15:08.000Z", "event.action": "ceroinBC flows src=10.179.60.216 dst=10.69.53.104 protocol=udp pattern: 0 reprehe", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -108,6 +111,7 @@ ] }, { + "@timestamp": "2016-03-12T03:17:42.000Z", "destination.ip": "10.112.46.169", "event.action": "radip flows block", "event.code": "flows", @@ -145,6 +149,7 @@ ] }, { + "@timestamp": "2016-03-26T10:20:16.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -173,6 +178,7 @@ ] }, { + "@timestamp": "2016-04-09T17:22:51.000Z", "destination.ip": "10.108.180.105", "destination.mac": "01:00:5e:40:9b:83", "destination.port": 5098, @@ -209,6 +215,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-04-24T00:25:25.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -237,6 +244,7 @@ ] }, { + "@timestamp": "2016-05-08T07:27:59.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -261,6 +269,7 @@ ] }, { + "@timestamp": "2016-05-22T14:30:33.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -289,6 +298,7 @@ ] }, { + "@timestamp": "2016-06-05T21:33:08.000Z", "event.action": "ids-alerts", "event.code": "ids-alerts", "event.dataset": "cisco.meraki", @@ -319,6 +329,7 @@ ] }, { + "@timestamp": "2016-06-20T04:35:42.000Z", "destination.ip": "10.134.0.141", "destination.port": 2703, "event.action": "accept", @@ -363,6 +374,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-07-04T11:38:16.000Z", "destination.ip": "10.74.237.180", "event.action": "security_event", "event.code": "security_event", @@ -397,6 +409,7 @@ ] }, { + "@timestamp": "2016-07-18T18:40:50.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -425,6 +438,7 @@ ] }, { + "@timestamp": "2016-08-02T01:43:25.000Z", "event.action": "ids-alerts", "event.code": "ids-alerts", "event.dataset": "cisco.meraki", @@ -455,6 +469,7 @@ ] }, { + "@timestamp": "2016-08-16T08:45:59.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -483,6 +498,7 @@ ] }, { + "@timestamp": "2016-08-30T15:48:33.000Z", "destination.mac": "01:00:5e:46:17:35", "event.code": "events", "event.dataset": "cisco.meraki", @@ -518,6 +534,7 @@ ] }, { + "@timestamp": "2016-09-13T22:51:07.000Z", "destination.ip": "10.187.77.245", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -549,6 +566,7 @@ ] }, { + "@timestamp": "2016-09-28T05:53:42.000Z", "destination.ip": "10.186.58.115", "destination.mac": "01:00:5e:8f:16:6d", "destination.port": 7238, @@ -585,6 +603,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-10-12T12:56:16.000Z", "destination.mac": "01:00:5e:87:e1:a0", "event.code": "events", "event.dataset": "cisco.meraki", @@ -620,6 +639,7 @@ ] }, { + "@timestamp": "2016-10-26T19:58:50.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -648,6 +668,7 @@ ] }, { + "@timestamp": "2016-11-10T03:01:24.000Z", "destination.ip": "10.63.194.87", "destination.mac": "01:00:5e:e3:b1:24", "event.action": "texp", @@ -692,6 +713,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-11-24T10:03:59.000Z", "destination.ip": "10.163.154.210", "destination.mac": "01:00:5e:9e:7b:a4", "event.action": "rau", @@ -736,6 +758,7 @@ "url.scheme": "https" }, { + "@timestamp": "2016-12-08T17:06:33.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -764,6 +787,7 @@ ] }, { + "@timestamp": "2016-12-23T00:09:07.000Z", "event.action": "ese flows allow src=10.145.248.111 dst=10.57.6.252 mac=01:00:5e:94:6a:cf protocol=udp", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -793,6 +817,7 @@ ] }, { + "@timestamp": "2017-01-06T07:11:41.000Z", "destination.ip": "10.12.182.70", "event.action": "security_event", "event.code": "security_event", @@ -827,6 +852,7 @@ ] }, { + "@timestamp": "2017-01-20T14:14:16.000Z", "event.action": "cancel", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -856,6 +882,7 @@ ] }, { + "@timestamp": "2017-02-03T21:16:50.000Z", "destination.ip": "10.135.217.12", "event.action": "cteturad flows deny", "event.code": "flows", @@ -893,6 +920,7 @@ ] }, { + "@timestamp": "2017-02-18T04:19:24.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -917,6 +945,7 @@ ] }, { + "@timestamp": "2017-03-04T11:21:59.000Z", "destination.ip": "10.66.89.5", "event.action": "iscinge flows", "event.code": "flows", @@ -954,6 +983,7 @@ ] }, { + "@timestamp": "2017-03-18T18:24:33.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -977,6 +1007,7 @@ ] }, { + "@timestamp": "2017-04-02T01:27:07.000Z", "destination.ip": "10.173.136.186", "destination.mac": "01:00:5e:c1:53:b1", "event.action": "security_event", @@ -1011,6 +1042,7 @@ ] }, { + "@timestamp": "2017-04-16T08:29:41.000Z", "destination.ip": "10.54.37.86", "destination.mac": "01:00:5e:1f:c6:29", "event.action": "ids-alerts", @@ -1044,6 +1076,7 @@ ] }, { + "@timestamp": "2017-04-30T15:32:16.000Z", "destination.ip": "10.163.93.20", "event.action": "veli flows block", "event.code": "flows", @@ -1081,6 +1114,7 @@ ] }, { + "@timestamp": "2017-05-14T22:34:50.000Z", "destination.ip": "10.183.44.198", "destination.mac": "01:00:5e:35:71:1e", "destination.port": 1702, @@ -1117,6 +1151,7 @@ ] }, { + "@timestamp": "2017-05-29T05:37:24.000Z", "destination.mac": "01:00:5e:06:12:98", "event.code": "events", "event.dataset": "cisco.meraki", @@ -1152,6 +1187,7 @@ ] }, { + "@timestamp": "2017-06-12T12:39:58.000Z", "destination.ip": "10.98.194.212", "destination.mac": "01:00:5e:bb:60:a6", "event.action": "utaliqu", @@ -1196,6 +1232,7 @@ "url.scheme": "https" }, { + "@timestamp": "2017-06-26T19:42:33.000Z", "destination.ip": "10.197.13.39", "destination.port": 5912, "event.code": "events", @@ -1231,6 +1268,7 @@ "url.scheme": "https" }, { + "@timestamp": "2017-07-11T02:45:07.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1255,6 +1293,7 @@ ] }, { + "@timestamp": "2017-07-25T09:47:41.000Z", "destination.ip": "10.150.245.88", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -1286,6 +1325,7 @@ ] }, { + "@timestamp": "2017-08-08T16:50:15.000Z", "destination.ip": "10.180.195.43", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -1319,6 +1359,7 @@ ] }, { + "@timestamp": "2017-08-22T23:52:50.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1343,6 +1384,7 @@ ] }, { + "@timestamp": "2017-09-06T06:55:24.000Z", "destination.ip": "10.147.15.213", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -1374,6 +1416,7 @@ ] }, { + "@timestamp": "2017-09-20T13:57:58.000Z", "destination.ip": "10.111.157.56", "event.action": "obeata flows block", "event.code": "flows", @@ -1411,6 +1454,7 @@ ] }, { + "@timestamp": "2017-10-04T21:00:32.000Z", "destination.ip": "10.193.219.34", "destination.mac": "01:00:5e:58:2d:1c", "event.action": "inBC", @@ -1455,6 +1499,7 @@ "url.scheme": "https" }, { + "@timestamp": "2017-10-19T04:03:07.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1483,6 +1528,7 @@ ] }, { + "@timestamp": "2017-11-02T11:05:41.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1511,6 +1557,7 @@ ] }, { + "@timestamp": "2017-11-16T18:08:15.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1534,6 +1581,7 @@ ] }, { + "@timestamp": "2017-12-01T01:10:49.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1557,6 +1605,7 @@ ] }, { + "@timestamp": "2017-12-15T08:13:24.000Z", "destination.ip": "10.124.63.4", "destination.mac": "01:00:5e:01:60:e0", "event.action": "security_event", @@ -1591,6 +1640,7 @@ ] }, { + "@timestamp": "2017-12-29T15:15:58.000Z", "destination.ip": "10.249.7.146", "destination.port": 2010, "event.code": "events", @@ -1626,6 +1676,7 @@ "url.scheme": "https" }, { + "@timestamp": "2018-01-12T22:18:32.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1649,6 +1700,7 @@ ] }, { + "@timestamp": "2018-01-27T05:21:06.000Z", "destination.ip": "10.81.234.34", "destination.mac": "01:00:5e:c9:b7:22", "event.action": "security_event", @@ -1683,6 +1735,7 @@ ] }, { + "@timestamp": "2018-02-10T12:23:41.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1706,6 +1759,7 @@ ] }, { + "@timestamp": "2018-02-24T19:26:15.000Z", "destination.mac": "01:00:5e:7c:01:ab", "event.code": "events", "event.dataset": "cisco.meraki", @@ -1746,6 +1800,7 @@ ] }, { + "@timestamp": "2018-03-11T02:28:49.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -1774,6 +1829,7 @@ ] }, { + "@timestamp": "2018-03-25T09:31:24.000Z", "destination.ip": "10.39.172.93", "event.action": "pteurs flows deny", "event.code": "flows", @@ -1811,6 +1867,7 @@ ] }, { + "@timestamp": "2018-04-08T16:33:58.000Z", "destination.mac": "01:00:5e:7e:cd:15", "event.code": "events", "event.dataset": "cisco.meraki", @@ -1846,6 +1903,7 @@ ] }, { + "@timestamp": "2018-04-22T23:36:32.000Z", "destination.ip": "10.122.204.151", "destination.port": 3903, "event.action": "deny", @@ -1890,6 +1948,7 @@ "url.scheme": "https" }, { + "@timestamp": "2018-05-07T06:39:06.000Z", "event.action": "luptatem flows accept", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -1919,6 +1978,7 @@ ] }, { + "@timestamp": "2018-05-21T13:41:41.000Z", "destination.ip": "10.120.4.9", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -1950,6 +2010,7 @@ ] }, { + "@timestamp": "2018-06-04T20:44:15.000Z", "destination.ip": "10.165.173.162", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -1981,6 +2042,7 @@ ] }, { + "@timestamp": "2018-06-19T03:46:49.000Z", "destination.mac": "01:00:5e:f2:d3:12", "event.code": "events", "event.dataset": "cisco.meraki", @@ -2021,6 +2083,7 @@ ] }, { + "@timestamp": "2018-07-03T10:49:23.000Z", "destination.ip": "10.54.44.231", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -2054,6 +2117,7 @@ ] }, { + "@timestamp": "2018-07-17T17:51:58.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2082,6 +2146,7 @@ ] }, { + "@timestamp": "2018-08-01T00:54:32.000Z", "event.action": "orem flows src=10.71.22.225 dst=10.4.76.100 protocol=ggp pattern: allow serrorsi", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -2111,6 +2176,7 @@ ] }, { + "@timestamp": "2018-08-15T07:57:06.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2139,6 +2205,7 @@ ] }, { + "@timestamp": "2018-08-29T14:59:40.000Z", "destination.ip": "10.103.49.129", "destination.mac": "01:00:5e:59:bf:36", "event.action": "olor", @@ -2183,6 +2250,7 @@ "url.scheme": "https" }, { + "@timestamp": "2018-09-12T22:02:15.000Z", "destination.ip": "10.132.176.96", "destination.mac": "01:00:5e:e6:a6:a2", "event.action": "rvelill", @@ -2227,6 +2295,7 @@ "url.scheme": "https" }, { + "@timestamp": "2018-09-27T05:04:49.000Z", "destination.mac": "01:00:5e:69:92:4a", "event.code": "events", "event.dataset": "cisco.meraki", @@ -2267,6 +2336,7 @@ ] }, { + "@timestamp": "2018-10-11T12:07:23.000Z", "destination.ip": "10.123.62.215", "destination.mac": "01:00:5e:1f:7f:1d", "event.code": "flows", @@ -2301,6 +2371,7 @@ ] }, { + "@timestamp": "2018-10-25T19:09:57.000Z", "event.action": "cancel src=10.239.105.121 dst=10.70.7.23 mac=01:00:5e:8e:82:f0 protocol=ipv6", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -2330,6 +2401,7 @@ ] }, { + "@timestamp": "2018-11-09T02:12:32.000Z", "destination.ip": "10.16.230.121", "destination.mac": "01:00:5e:99:a6:b4", "event.action": "nonpro", @@ -2374,6 +2446,7 @@ "url.scheme": "https" }, { + "@timestamp": "2018-11-23T09:15:06.000Z", "destination.ip": "10.34.62.190", "destination.mac": "01:00:5e:6a:c8:f8", "destination.port": 1641, @@ -2410,6 +2483,7 @@ ] }, { + "@timestamp": "2018-12-07T16:17:40.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2434,6 +2508,7 @@ ] }, { + "@timestamp": "2018-12-21T23:20:14.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2458,6 +2533,7 @@ ] }, { + "@timestamp": "2019-01-05T06:22:49.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2482,6 +2558,7 @@ ] }, { + "@timestamp": "2019-01-19T13:25:23.000Z", "destination.ip": "10.121.9.5", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -2513,6 +2590,7 @@ ] }, { + "@timestamp": "2019-02-02T20:27:57.000Z", "destination.ip": "10.41.124.15", "destination.port": 333, "event.code": "events", @@ -2548,6 +2626,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-02-17T03:30:32.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2572,6 +2651,7 @@ ] }, { + "@timestamp": "2019-03-03T10:33:06.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2600,6 +2680,7 @@ ] }, { + "@timestamp": "2019-03-17T17:35:40.000Z", "destination.ip": "10.103.91.159", "destination.port": 7116, "event.action": "ids-alerts", @@ -2635,6 +2716,7 @@ ] }, { + "@timestamp": "2019-04-01T00:38:14.000Z", "destination.ip": "10.65.0.157", "destination.mac": "01:00:5e:49:c4:17", "event.action": "Deny", @@ -2673,6 +2755,7 @@ ] }, { + "@timestamp": "2019-04-15T07:40:49.000Z", "event.action": "cancel", "event.code": "flows", "event.dataset": "cisco.meraki", @@ -2702,6 +2785,7 @@ ] }, { + "@timestamp": "2019-04-29T14:43:23.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2730,6 +2814,7 @@ ] }, { + "@timestamp": "2019-05-13T21:45:57.000Z", "destination.ip": "10.140.242.86", "event.action": "ids-alerts", "event.code": "ids-alerts", @@ -2761,6 +2846,7 @@ ] }, { + "@timestamp": "2019-05-28T04:48:31.000Z", "destination.ip": "10.51.121.223", "destination.port": 24, "event.action": "security_event", @@ -2797,6 +2883,7 @@ ] }, { + "@timestamp": "2019-06-11T11:51:06.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2825,6 +2912,7 @@ ] }, { + "@timestamp": "2019-06-25T18:53:40.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -2849,6 +2937,7 @@ ] }, { + "@timestamp": "2019-07-10T01:56:14.000Z", "destination.ip": "10.113.152.241", "event.action": "uira flows deny", "event.code": "flows", @@ -2886,6 +2975,7 @@ ] }, { + "@timestamp": "2019-07-24T08:58:48.000Z", "destination.ip": "10.254.96.130", "destination.mac": "01:00:5e:10:8b:c3", "event.action": "ionu", @@ -2930,6 +3020,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-08-07T16:01:23.000Z", "destination.ip": "10.200.98.243", "destination.mac": "01:00:5e:95:ae:d0", "event.action": "ntium", @@ -2974,6 +3065,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-08-21T23:03:57.000Z", "destination.ip": "10.247.205.185", "destination.mac": "01:00:5e:6f:21:c8", "destination.port": 7676, @@ -3010,6 +3102,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-09-05T06:06:31.000Z", "destination.ip": "10.147.165.30", "destination.mac": "01:00:5e:0a:88:bb", "destination.port": 7662, @@ -3045,6 +3138,7 @@ ] }, { + "@timestamp": "2019-09-19T13:09:05.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -3068,6 +3162,7 @@ ] }, { + "@timestamp": "2019-10-03T20:11:40.000Z", "destination.ip": "10.162.202.14", "destination.mac": "01:00:5e:dd:cb:5b", "event.action": "ids-alerts", @@ -3101,6 +3196,7 @@ ] }, { + "@timestamp": "2019-10-18T03:14:14.000Z", "destination.ip": "10.227.135.142", "destination.port": 6598, "event.code": "events", @@ -3136,6 +3232,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-11-01T10:16:48.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -3164,6 +3261,7 @@ ] }, { + "@timestamp": "2019-11-15T17:19:22.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", @@ -3188,6 +3286,7 @@ ] }, { + "@timestamp": "2019-11-30T00:21:57.000Z", "destination.ip": "10.75.122.111", "destination.mac": "01:00:5e:92:d8:95", "event.action": "modoco", @@ -3232,6 +3331,7 @@ "url.scheme": "https" }, { + "@timestamp": "2019-12-14T07:24:31.000Z", "event.code": "events", "event.dataset": "cisco.meraki", "event.module": "cisco", diff --git a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-cloudfirewalllogs.log-expected.json b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-cloudfirewalllogs.log-expected.json index 8ed76cd7999..ae62751926b 100644 --- a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-cloudfirewalllogs.log-expected.json +++ b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-cloudfirewalllogs.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-07-23T18:03:46.000Z", "cisco.umbrella.datacenter": "ams1.edc", "cisco.umbrella.identity_types": "CDFW Tunnel Device", "cisco.umbrella.origin_id": "[211039844]", @@ -36,6 +37,7 @@ "source.user.name": "Passive Monitor" }, { + "@timestamp": "2020-07-23T18:03:46.000Z", "cisco.umbrella.datacenter": "ams1.edc", "cisco.umbrella.identity_types": "CDFW Tunnel Device", "cisco.umbrella.origin_id": "[211039844]", diff --git a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-dnslogs.log-expected.json b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-dnslogs.log-expected.json index 64031ef9de4..6833ac5cd8f 100644 --- a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-dnslogs.log-expected.json +++ b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-dnslogs.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-07-23T23:49:54.000Z", "cisco.umbrella.blocked_categories": "SomeIdentityType", "cisco.umbrella.categories": "elastic.co.", "cisco.umbrella.identities": [ @@ -44,6 +45,7 @@ "source.user.name": "elasticuser" }, { + "@timestamp": "2020-07-23T23:50:25.000Z", "cisco.umbrella.blocked_categories": "SomeIdentityType", "cisco.umbrella.categories": "elastic.co/something.", "cisco.umbrella.identities": [ @@ -88,6 +90,7 @@ "source.user.name": "elasticuser" }, { + "@timestamp": "2021-05-14T19:39:58.000Z", "cisco.umbrella.categories": "Infrastructure", "cisco.umbrella.identities": [ "Elastic User (ElasticUser@elastic.co)", diff --git a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-iplogs.log-expected.json b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-iplogs.log-expected.json index a4f7a7e0914..87e53f4aca0 100644 --- a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-iplogs.log-expected.json +++ b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-iplogs.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-08-26T20:32:46.000Z", "cisco.umbrella.categories": "Test Category", "destination.address": "175.16.199.1", "destination.ip": "175.16.199.1", @@ -28,6 +29,7 @@ "source.user.name": "elasticuser" }, { + "@timestamp": "2020-08-26T20:32:45.000Z", "cisco.umbrella.categories": "Test Category", "destination.address": "175.16.199.1", "destination.ip": "175.16.199.1", diff --git a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-proxylogs.log-expected.json b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-proxylogs.log-expected.json index 8369a767949..ca887172a2b 100644 --- a/x-pack/filebeat/module/cisco/umbrella/test/umbrella-proxylogs.log-expected.json +++ b/x-pack/filebeat/module/cisco/umbrella/test/umbrella-proxylogs.log-expected.json @@ -1,5 +1,6 @@ [ { + "@timestamp": "2020-07-23T23:48:56.000Z", "cisco.umbrella.amp_disposition": "MalwareName", "cisco.umbrella.av_detections": "AVDetectionName", "cisco.umbrella.categories": "Business Services", @@ -40,6 +41,7 @@ "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" }, { + "@timestamp": "2020-07-23T23:48:56.000Z", "cisco.umbrella.amp_disposition": "MalwareName", "cisco.umbrella.av_detections": "AVDetectionName", "cisco.umbrella.categories": "Business Services", @@ -80,6 +82,7 @@ "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" }, { + "@timestamp": "2017-10-02T23:52:53.000Z", "cisco.umbrella.amp_score": "Networks", "cisco.umbrella.identities": "elasticuser", "destination.address": "1.1.1.91",