From ebdc4c2524d3fecaff23631bf5349880a3693e73 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Wed, 28 Aug 2019 21:52:38 +0200 Subject: [PATCH] Missing changes for Cisco FTD (#13286) (#13379) * Rename docs section to Field Mappings * Add explanatory comment to the generator --- filebeat/docs/modules/cisco.asciidoc | 2 +- x-pack/filebeat/module/cisco/_meta/docs.asciidoc | 2 +- x-pack/filebeat/module/cisco/shared/gen.go | 9 +++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/filebeat/docs/modules/cisco.asciidoc b/filebeat/docs/modules/cisco.asciidoc index ec83358d3d9..c94a5fa04b2 100644 --- a/filebeat/docs/modules/cisco.asciidoc +++ b/filebeat/docs/modules/cisco.asciidoc @@ -112,7 +112,7 @@ The Cisco FTD fileset primarily supports parsing IPv4 and IPv6 access list log messages similar to that of ASA devices as well as Security Event Syslog Messages for Intrusion, Connection, File and Malware events. -*ECS Field mapping* +*Field mappings* The `ftd` fileset maps Security Event Syslog Messages to the Elastic Common Schema (ECS) format. The following table illustrates the mapping from diff --git a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc index bc07891dfc6..6ad8a85d628 100644 --- a/x-pack/filebeat/module/cisco/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/cisco/_meta/docs.asciidoc @@ -107,7 +107,7 @@ The Cisco FTD fileset primarily supports parsing IPv4 and IPv6 access list log messages similar to that of ASA devices as well as Security Event Syslog Messages for Intrusion, Connection, File and Malware events. -*ECS Field mapping* +*Field mappings* The `ftd` fileset maps Security Event Syslog Messages to the Elastic Common Schema (ECS) format. The following table illustrates the mapping from diff --git a/x-pack/filebeat/module/cisco/shared/gen.go b/x-pack/filebeat/module/cisco/shared/gen.go index 92f3231ca58..85fd1a40d50 100644 --- a/x-pack/filebeat/module/cisco/shared/gen.go +++ b/x-pack/filebeat/module/cisco/shared/gen.go @@ -4,5 +4,14 @@ package shared +// These generators will output the following files for the FTD: +// - ecs-mapping-processor.yml, an ingest pipeline processor that maps FTD +// security event fields to ECS. +// - ecs-mapping-docs.asciidoc, asciidoc tables to document those mappings. +// +// This files are not picked up by the FTD module. When generated, you need to +// manually update the pipeline in ingest/asa-ftd-pipeline.yml +// and the asciidoc tables into ../_meta/docs.asciidoc. + //go:generate go run gen-ftd-ecs-mapping.go stringset.go -output ecs-mapping-processor.yml security-mappings.csv //go:generate go run gen-ecs-mapping-docs.go stringset.go -output ecs-mapping-docs.asciidoc security-mappings.csv