Skip to content

Commit

Permalink
Deprecate RSA2ELK Filebeat modules (#36887)
Browse files Browse the repository at this point in the history
- Add deprecation notices to RSA2ELK Filebeat modules.
- Add doc page for migrating off of deprecated modules.
  • Loading branch information
taylor-swanson authored Oct 26, 2023
1 parent 8982110 commit ee864b5
Show file tree
Hide file tree
Showing 41 changed files with 125 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,7 @@ is collected by it.

*Filebeat*

- Deprecate rsa2elk Filebeat modules. {issue}36125[36125] {pull}36887[36887]

*Heartbeat*

Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/howto/howto.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ Learn how to perform common {beatname_uc} configuration tasks.
* <<using-environ-vars>>
* <<yaml-tips>>
* <<migrate-to-filestream>>
* <<migrate-from-deprecated-module>>


--
Expand Down Expand Up @@ -46,4 +47,5 @@ include::{libbeat-dir}/yaml.asciidoc[]

include::migrate-to-filestream.asciidoc[]

include::migrate-from-deprecated-module.asciidoc[]

30 changes: 30 additions & 0 deletions filebeat/docs/howto/migrate-from-deprecated-module.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[[migrate-from-deprecated-module]]
== Migrating from a Deprecated Filebeat Module

If a Filebeat module has been deprecated, there are a few options available for
a path forward:

1. Migrate to an Elastic integration, if available. The deprecation notice will
link to an appropriate integration, if one exists.

2. https://www.elastic.co/guide/en/fleet/current/migrate-beats-to-agent.html[Migrate to Elastic Agent]
for ingesting logs. If a specific integration for the vendor/product does not
exist, then one of the custom integrations can be used for ingesting events. A
https://www.elastic.co/guide/en/fleet/current/data-streams-pipeline-tutorial.html[custom pipeline]
may also be attached to the integration for further processing.
- https://docs.elastic.co/integrations/cel[CEL Custom API] - Collect events from an API using CEL (Common Expression Language)
- https://docs.elastic.co/integrations/httpjson[Custom API] - Collect events from an API using the HTTPJSON input
- https://docs.elastic.co/integrations/gcp_pubsub[Custom Google Pub/Sub] - Collect events from Google Pub/Sub topics
- https://docs.elastic.co/integrations/http_endpoint[Custom HTTP Endpoint] - Collect events from a listening HTTP port
- https://docs.elastic.co/integrations/journald[Custom Journald] - Collect events from journald
- https://docs.elastic.co/integrations/kafka_log[Custom Kafka] - Collect events from a Kafka topic
- https://docs.elastic.co/integrations/log[Custom Logs] - Collect events from files
- https://docs.elastic.co/integrations/tcp[Custom TCP] - Collect events from a listening TCP port
- https://docs.elastic.co/integrations/udp[Custom UDP] - Collect events from a listening UDP port
- https://docs.elastic.co/integrations/winlog[Custom Windows Event] - Collect events from a Windows Event Log channel

3. Migrate to a different Filebeat module. In some cases, a Filebeat module may
be superseded by a new module. The deprecation notice will link to an appropriate
module, if one exists.

4. Use a custom Filebeat input, processors, and ingest pipeline (if necessary).
2 changes: 2 additions & 0 deletions filebeat/docs/modules/barracuda.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Barracuda module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/barracuda[Barracuda Web Application Firewall] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/bluecoat.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Bluecoat module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
4 changes: 4 additions & 0 deletions filebeat/docs/modules/cisco.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,8 @@ include::../include/timezone-support.asciidoc[]
[float]
==== `nexus` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/cisco_nexus[Cisco Nexus] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "cisconxos" device revision 134.
Expand Down Expand Up @@ -326,6 +328,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `meraki` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/cisco_meraki[Cisco Meraki] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "ciscomeraki" device revision 118.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/cylance.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Cylance module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/f5.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== F5 module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/f5_bigip[F5 BIG-IP] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
6 changes: 6 additions & 0 deletions filebeat/docs/modules/fortinet.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,8 @@ events. Defaults to `[fortinet-firewall, forwarded]`.
[float]
==== `clientendpoint` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_forticlient[Fortinet FortiClient Logs] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "forticlientendpoint" device revision 0.
Expand Down Expand Up @@ -126,6 +128,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `fortimail` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_fortimail[Fortinet FortiMail] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "fortinetfortimail" device revision 131.
Expand Down Expand Up @@ -171,6 +175,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `fortimanager` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_fortimanager[Fortinet FortiManager Logs] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "fortinetmgr" device revision 134.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/imperva.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Imperva module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/infoblox.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Infoblox module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/infoblox_nios[Infoblox NIOS] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
4 changes: 4 additions & 0 deletions filebeat/docs/modules/juniper.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,8 @@ This is a list of JunOS fields that are mapped to ECS.
[float]
==== `junos` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/juniper_srx[Juniper SRX] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "junosrouter" device revision 134.
Expand Down Expand Up @@ -187,6 +189,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `netscreen` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "netscreen" device revision 134.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/microsoft.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,8 @@ And for all other Defender ATP event types, go to Host -> Events.
[float]
==== `dhcp` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/microsoft_dhcp[Microsoft DHCP] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "msdhcp" device revision 99.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/netscout.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Netscout module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

This is a module for receiving Arbor Peakflow SP logs over Syslog or a file.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/proofpoint.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Proofpoint module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/proofpoint_tap[Proofpoint TAP] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/radware.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Radware module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/snort.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Snort module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/snort[Snort] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/sonicwall.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Sonicwall module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/sonicwall[SonicWall Firewall] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/sophos.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@ This is a list of SophosXG fields that are mapped to ECS.
[float]
==== `utm` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/sophos[Sophos] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "astarosg" device revision 123.
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/squid.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Squid module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/tomcat.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Tomcat module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/apache_tomcat[Apache Tomcat] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions filebeat/docs/modules/zscaler.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ This file is generated! See scripts/docs_collector.py

== Zscaler module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/zscaler_zia[Zscaler Internet Access] Elastic integration instead."]

experimental[]

//temporarily override modulename to create working link
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/barracuda/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Barracuda module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/barracuda[Barracuda Web Application Firewall] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/bluecoat/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Bluecoat module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/cisco/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -274,6 +274,8 @@ include::../include/timezone-support.asciidoc[]
[float]
==== `nexus` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/cisco_nexus[Cisco Nexus] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "cisconxos" device revision 134.
Expand Down Expand Up @@ -319,6 +321,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `meraki` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/cisco_meraki[Cisco Meraki] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "ciscomeraki" device revision 118.
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/cylance/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Cylance module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/f5/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== F5 module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/f5_bigip[F5 BIG-IP] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
6 changes: 6 additions & 0 deletions x-pack/filebeat/module/fortinet/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ events. Defaults to `[fortinet-firewall, forwarded]`.
[float]
==== `clientendpoint` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_forticlient[Fortinet FortiClient Logs] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "forticlientendpoint" device revision 0.
Expand Down Expand Up @@ -119,6 +121,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `fortimail` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_fortimail[Fortinet FortiMail] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "fortinetfortimail" device revision 131.
Expand Down Expand Up @@ -164,6 +168,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `fortimanager` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/fortinet_fortimanager[Fortinet FortiManager Logs] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "fortinetmgr" device revision 134.
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/imperva/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Imperva module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/infoblox/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Infoblox module

deprecated::[8.12.0,"This module is deprecated. Use the https://docs.elastic.co/integrations/infoblox_nios[Infoblox NIOS] Elastic integration instead."]

experimental[]

include::{libbeat-dir}/shared/integration-link.asciidoc[]
Expand Down
4 changes: 4 additions & 0 deletions x-pack/filebeat/module/juniper/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,8 @@ This is a list of JunOS fields that are mapped to ECS.
[float]
==== `junos` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/juniper_srx[Juniper SRX] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "junosrouter" device revision 134.
Expand Down Expand Up @@ -180,6 +182,8 @@ will be found under `rsa.raw`. The default is false.
[float]
==== `netscreen` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "netscreen" device revision 134.
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/microsoft/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,8 @@ And for all other Defender ATP event types, go to Host -> Events.
[float]
==== `dhcp` fileset settings

deprecated::[8.12.0,"This fileset is deprecated. Use the https://docs.elastic.co/integrations/microsoft_dhcp[Microsoft DHCP] Elastic integration instead."]

experimental[]

NOTE: This was converted from RSA NetWitness log parser XML "msdhcp" device revision 99.
Expand Down
2 changes: 2 additions & 0 deletions x-pack/filebeat/module/netscout/_meta/docs.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@

== Netscout module

deprecated::[8.12.0,"This module is deprecated. See <<migrate-from-deprecated-module>> for migration options."]

experimental[]

This is a module for receiving Arbor Peakflow SP logs over Syslog or a file.
Expand Down
Loading

0 comments on commit ee864b5

Please sign in to comment.