diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go index d67ef330d59..ad5e151b5d6 100644 --- a/x-pack/filebeat/module/panw/fields.go +++ b/x-pack/filebeat/module/panw/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPanw returns asset data. // This is the base64 encoded gzipped contents of module/panw. func AssetPanw() string { - return "eJzsWs1uIzcSvs9TFDAH24DlZCaTyyywgHYNBwZsR4gzs0ehRJbUXLPJDsm2omAPeYi97OvlSRYku1utFqWW5R5nAliHGUstsr6q+uqHRY3ggVYfoUC1fAPghJPUvONkmRGFE1p9hL+/AQC41byUBHNtYIJSw1g6DXfklto8WDidjO9GP96fvQGYC5LcfgyLRqAwX2/rX25V0EdYGF0W1ScJYf51FfaBudE5uIzCHpAHFBfVl9qioCNP2/XHKan7RG/I1yaITygddQapF/aivXYLVguZKSVZcpuiKngPtFpqwzvP9mEEgDvMCfQ8YPSbg8vQQY6OZcTBZcKCJWuFVhdJQFaXhlESz5a5+tFURnMa6FdHigdYThcjSY8kK2GgZ/8m5i46q1NmayP9Tasuzj7bHYDYv+4jLC+g8vcuq7XxCOXIzHHLeMOCaqQ8AZnCLsFgr1MPRDTR1o3uxj/XbkTODVl7DmJef+SfCgsFmbk2OfFtjLv93LJsCmCtwI6HB+Df1uB6kgLYZBFtUnasgUitFsNB8cLWYJKhysk6odDv+0Lx2pL41QXtZQvb1xW5bWRfY/i2vdqO4fbnzwvk3lDuCeYDY2iHTumoPiCueyP7ebgOCHFS3BDaHQF+VIPws28Mwp6ANffAkck9rLZjk4BUbHZeKN9U0o7MNQXDYipSQTtAUE+QPZADhoUrDcH1ZQhoBJcZwl1uhWdG9SERxnSel0q4VVr1Q9Q/0AT+9c9aWrCA1MtRhjZrumRP+e9HrizWTfoOYs2FfKmu04s6klJeueP48g+h0KygsU7NlIjGknIe74wAFcrVb5T2y2wVdPmXkPxKGL/OPApGqfyWdnLS9qWRL2T60sgjLc/Q0UKb1ZeJ5qvA1+CPTz/d+PLnTmzA/umnm0Z2uoz4tbVDzsOaRzJcMAc+sWYUPYyKg7DJDUi4jAyc5CgFE7q0J+dwsjC4WqKhk3PQBk5mpMRCnfQFkdTL7bB/RrG49u2KQgmqzMkIBoKTcmIuyAQWE7Jsu4FJHyzpl5IUo6kq8xmZJMZEoe0BeKMXQMqZVRtZOPIKC0IxQzkpR7wS7wRKmfDjJyV+KWmtktSLAKlHpyrZG9pzaj7K7p512kTmeFGHFJcOqCFpkBh2dIgQwvwJ6PybL4qvsVoKWRsQsp0HqEOwjLbAjMOG4PCBVINg78zFS3uikPuCmLd+TFJ+g3roI/UiHX/lbPpsQbac7RSWlPoojCtRTu2qm/ue4e7PcVOwK+soB6GsQ9UKv40Fb9fN9KOnLO883Yfk7X4sb8O/Y7DOCLUAm+ml/98bRrXGcEHujrBYo8u0/QLgfLdfxuR2fRkT4w9Sz1BOjHbEHKC1YqFCxa5COrYYHk4v5hxZJhRtBfNAwNtGLC2ZP37/n61l9qQZJgUpN9V2+rij1hx9eIpbAyffeQVIP977kn9ADWxQfW2IvpCRApYO34riQGjW4eIpNYJ+xbyQ9BFmNNeGRlIvRDev9yBPhnLAUdOQaaVos2LsqSpziYsBfT2GmXCxUwahuGDoPEjR5GJYYrihWKLhxH1MT1Bpgzn2zRmM0QMyIGFHdFFI/DNDC5qx0hjyqgCq1d40uYFzyjRPE0MoR4stKveBVfU6nww1E+j7xaVwWYTlRdoIu4bcg9JQQeiYSl/rHAUypMPQOHsmVt2EjSgDSX2qbKbY6zHe5hxs/TkWhQz80eo8nE1sOQuFPVEivLM4+T8ru4h4rpFoPRsffXfDtOL2YnhTWjIC5b4zw9EpKm7dsmqqzPguPObVHqBYumyak8v0U/ruJmfdXI4nA+Qqj8IX8ejZzcYyCZujw6EPL9VNVbipXWaCZZBjUYRMpeba5NUk3ALTUgZW9V10NCATDewzgN4Sy1AJm3u3860W6HryzSdLpkZva+5jAFRF28HQhz3xeGCj68s65ENIWVLcVsjhdKKNOxsFBW6jAn3DA2ROG6WHS1rXsUZVZ4fShipaGJGjWXWpevruzMcaci78e5QVHgun78/hu7ODwA9Lj8+kuDYNN1qACTBkClhmpOC2lE7AVUDQVUtYKAzZ/soWFWDapwO/0okddOHo9p/htpOdyCmVHXyzUAnsDcFy8axe5j9boC6FLSSurDdhGH/V2TdOHSOjYztTKg68DLmu9YUqKi/gviwKbXyheURZkgU0tD1HDIHwQ1h55Xf84/f/rum5hYHpUnKYUZBSuT/K3Z4dXZaxlFKQkdyXN1/xu1tYkqFKsZBP1mpdrA1z983Yt3ZKt7UWlUF6r4Z9yZqGNdNMkEHDsu7s9Ogh77gZ5vmAridBFatiPa2qfNWlRvpFUFFgqLFS10xsEmvrK9Dgvgj1ei4MLVFKONWmnitUI4AzWJAiE9vhuhcWismSV8knCdKjD+M+VIysj16hQDi7F4bN0DetG185jdPtb8+8f5R2tezg3njJ60zJXGkSo/rrdfu+JjC881nvwzl8+P4cvj0H4SAnVJVZ2+1+pTlxmK0A91spLJ6R1L6aOb2phJcUptTONgaJWDwO/+Td+6dO7YNdpu+2ng8ytH+l4ZA0/OtSsYd971/Z98q+P419372y75V9fxr7Pryy75V9L8S+5jZT5KTLIWefcUPAuQtHbsGyjfnMbT2f8TCZJOwfKz7alR30hxLj+patcy+OHfND+Nld4r66dtkhwIcdJXVv2jqAu4Pc1m3230ArufKEFdwrVutggRTOJPFggryUThSyu7Ht/3VzjXpAN63HS+1ZZPBUfQWxfUPRR/hSKZKpy/VneqW5aQ8C4LT6odD9/c3nyR1oA9eTe2JnF2/+HwAA//+7KjoN" + return "eJzsWs1uIzcSvs9T1M02YDmZyeTiBRbQruHAgO0IcWb2KJTYJTXXbLJDsq0o2EMeYi/7enmSRZHdrbZEqWVJ40wA62JLarK+qvrqh0UN4JEWl1Cinr8D8NIrat9l5ISVpZdGX8Lf3wEA3JmsUgRTY2GEysBQeQP35OfGPjo4HQ3vBz8+nL0DmEpSmbsMiwagsVhuyy+/KOkSZtZUZf1JQhi/rsM+MLWmAJ9T2AOKgOKifqgrClbkGbf8OCV1m+hn8o0N4hNKR51BmZm76K5dg9VBZitFjvxzUTW8R1rMjc1WvtuGEQDusSAw04CRNwefo4cCvcgpA59LB46ck0ZfJAE5U1lBSTxr5upHUxvNG6BfPekswPKmHCh6IlULAzP5Nwl/sbI6ZbYu0t+MXsXZZ7sdEPPrIcJiAbW/N1mti0dqT3aKa8Y7LqhWyguQaVwlGGx16o6IRsb5wf3w58aNmGWWnDsHOW0+4m+lg5Ls1NiCsnWMm/3csWwKYKPAhi93wL+uwc0oBbDNIsam7NgAUUbPjgeFhS3BJEM1I+elRt73leK1I/GrC9qrDravK3K7yL7G8O16tRvD3c8PC+TeUO4J5h1jaINO6ajeIa57I/swXDuEOOnMEroNAb5Xg/AzNwZhT8CGe+DJFgyr69gkIB2bnVfKN7W0PXNNKbAcy1TQHiGoRygeyYPA0leW4OYqBDSCzy3hJrfCgVG9S4QJUxSVln6RVn0X9Xc0Ab/+2UgLFlBmPsjR5W2XzJT/fuCrctmkbyDWVKrX6jpZ1J6UYuX248s/pEa7gNY6DVMiGkfaM94JAWpUi98o7ZfJIujyL6mya2l5nX2SglL5Le3kpO0rq17J9JVVe1peoKeZsYsvE83Xga/BH59+uuXy509cwP7pp9tWdrqM8NrGIedhzRPZTAoPnFhzih5GnYF0yQ1I+pwsnBSopJCmcifncDKzuJijpZNzMBZOJqTlTJ/0BZEy8/WwP6BY3HC7olGBrgqyUoDMSHs5lWQDiwlFvt7ApA+W9EtFWtBYV8WEbBJjotD2ALw1MyDt7aKLLBx5pQOphaWCtKesFu8lKpXw4yctf6loqZIyswCpR6c62Vvacmrey+7MOmMjc1jULsVlBdQxaZAYdqwQIYT5C9Dxmy+Kr7VaClkXEIqNB6hdsAzWwAzDhuDxkXSLYOvMhaW9UMhDSYKtH5MUb9AMfZSZpeOvmowPFuSqyUZhSalP0voK1dgtVnPfAe7+HDcFt3CeCpDaedSd8EsiEUqS9mPjxk8bss/e7XTcGjLiWvzH7/9z8OMDF4EdsmKL6mtD9IWMFLD8oMwE1cgaT8IDluWO0JzH2UuyBv2KRanoEiY0NZYGyszkaqT3IB+C81bqGbjczPlviALG0YSAMFrT8xyyJc9MFc6O6OshTKSPvRNInUmBnkHKNjphjmFmPUebUcZ92Qi1sVhg38nTWnNEBiTsiD4Kif/m6MAIUVlLrAqgXgA9ke49IfMWY2GyNDGk9jRbo3IfWN2sA3TOCMkHY5hLn0dYLNJF2A3kHpSWSkIvdHrQvxdIjqnYSjET6/riIspAUi6A7VxzOdh5PhlZfo5lqQJ/jD4P3aqrJiHVBz2fhyw7KyP+t7aLjJ2uQsdsfOJ6J4zO3MXxTenISlTbusi9U1TcumNV1qlyZEPWKlDkUhP3ZTGv9gDFyufjgnxuXtKJtTnr9mo4OkKuYhTcqUXPPm81krAz9Hjsdra+uwh3d/NcihwKLMuQqfTU2KKejToQRqnAqr7Rdwsy0dIcAPSORI5auoLdHtJl3efGc/fN6JtPjmyD3jXcxwCojradoR+3B2Zgg5urJuRDSDnSmauRw+nIWH82CArcRQX6jpMovLHaHC9p3cQaVXeTlQtVtLSyQLtYperp+zOONcwyye9R1XgcnH44h+/OdgJ/XHp8Jp0Z23KjA5gAQ6aAeU4a7irlJVwHBKtqSQelJddf2aICwnA64JVebqBLhn57V7+e7GRBqezAzUItsDcEq9lBvcx/1kBdSVcqXDg2YRiINNk3zqEio2M7U+kMsirkus4DdVRewENVlsZyoXlCVZEDtLQ+WQqB8ENYec07/vH7f5f0XMMgTKUymFCQUrs/yl2fJlxVsZRSkJHcN2sf4d0dzMlSrVjIJ0u1LpaGuf9myK2dNl2tZW2Q3stCLlnjsGacS7JoRb46Tdt77Ddsxzsc0M1soGZVrKd1la+71Ei/CCoKDDVWmYaJbWLtPAIt7otQr6fS0hyVglNjm5NmfSg8gxlpsrEdbnphqYWqsjr5JEEy+jAA4vOk4+iVGqR3W2G4HLlpffbIaZx3fnvG/tHGN7KDe+O1n7eV8JVNDG9vlu37ksDwnrPex3P4+P05fHsO0kNBqGuzdtv9WnPKYLIA3G6lsHhCynA18+a5EiwpzC29aw0SsTAO/ub9h5fOcYNdxu/Xvj/KGPeNhsek4V+Xij3s+/DGvjf2/Wns++6NfW/s+9PY9/GNfW/seyX2tfdbsiBTHXP2GTcEnPpw5JYifzafuWvmMwxTKML+seKTW7ijXp0PoYqXyis3pbhifgg/xErcYDYu2wX4cUdJYbTc+R35CuDVQW7nfvNvYLRaMGFlxoo1OjggjRNFWTBBUSkvS7W6sev/vWuD+ohuWo6XurPI4KnmCmL9hqKP8JXWpFLXrQd6pb17DQLgtP7pyMPD7efRPRgLN6MHEmcX7/4fAAD//9P+vRI=" } diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 116e5c60805..0ef46712191 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -1346,7 +1346,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1646,7 +1646,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3291,7 +3291,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3389,7 +3389,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3487,7 +3487,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3587,7 +3587,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3685,7 +3685,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3782,7 +3782,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3882,7 +3882,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3979,7 +3979,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4077,7 +4077,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4174,7 +4174,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4365,7 +4365,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4461,7 +4461,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4557,7 +4557,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4654,7 +4654,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4753,7 +4753,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4852,7 +4852,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4952,7 +4952,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5052,7 +5052,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5152,7 +5152,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5242,7 +5242,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -5346,7 +5346,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5436,7 +5436,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -5530,7 +5530,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -5633,7 +5633,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5723,7 +5723,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -5814,7 +5814,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -5915,7 +5915,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6012,7 +6012,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6109,7 +6109,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6199,7 +6199,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -6303,7 +6303,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6953,7 +6953,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7043,7 +7043,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -7137,7 +7137,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7227,7 +7227,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7317,7 +7317,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7407,7 +7407,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7589,7 +7589,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7951,7 +7951,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8045,7 +8045,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8135,7 +8135,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8319,7 +8319,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8593,7 +8593,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8775,7 +8775,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -8865,7 +8865,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -9047,7 +9047,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -9137,7 +9137,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -9227,7 +9227,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -9317,7 +9317,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -9498,7 +9498,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 4ffdc338032..ef9975180c1 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -27,7 +27,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -132,7 +132,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -237,7 +237,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -342,7 +342,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -447,7 +447,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -552,7 +552,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -657,7 +657,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -762,7 +762,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -867,7 +867,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -972,7 +972,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1077,7 +1077,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1182,7 +1182,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1287,7 +1287,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1392,7 +1392,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1497,7 +1497,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1602,7 +1602,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1707,7 +1707,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1812,7 +1812,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -1917,7 +1917,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2022,7 +2022,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2127,7 +2127,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2232,7 +2232,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2337,7 +2337,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2442,7 +2442,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2547,7 +2547,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2652,7 +2652,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2757,7 +2757,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2862,7 +2862,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -2967,7 +2967,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3072,7 +3072,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3177,7 +3177,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3282,7 +3282,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3387,7 +3387,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3492,7 +3492,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3597,7 +3597,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3702,7 +3702,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3810,7 +3810,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -3918,7 +3918,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4026,7 +4026,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4134,7 +4134,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4242,7 +4242,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4350,7 +4350,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4458,7 +4458,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4566,7 +4566,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4674,7 +4674,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4782,7 +4782,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4890,7 +4890,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -4998,7 +4998,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5106,7 +5106,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5214,7 +5214,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5319,7 +5319,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5424,7 +5424,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5529,7 +5529,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5634,7 +5634,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5739,7 +5739,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5844,7 +5844,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -5949,7 +5949,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6054,7 +6054,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6159,7 +6159,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6264,7 +6264,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6372,7 +6372,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6480,7 +6480,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6588,7 +6588,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6696,7 +6696,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6804,7 +6804,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -6912,7 +6912,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7020,7 +7020,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7128,7 +7128,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7236,7 +7236,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7344,7 +7344,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7452,7 +7452,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7560,7 +7560,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7668,7 +7668,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7776,7 +7776,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7884,7 +7884,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [ @@ -7992,7 +7992,7 @@ "event.dataset": "panw.panos", "event.kind": "alert", "event.module": "panw", - "event.outcome": "failure", + "event.outcome": "success", "event.severity": 5, "event.timezone": "-02:00", "event.type": [