Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Upgrade cef module to ECS 1.4 #16157

Closed
1 task
leehinman opened this issue Feb 6, 2020 · 5 comments · Fixed by #16338
Closed
1 task

[Filebeat] Upgrade cef module to ECS 1.4 #16157

leehinman opened this issue Feb 6, 2020 · 5 comments · Fixed by #16338
Labels
ecs enhancement Filebeat Filebeat

Comments

@leehinman
Copy link
Contributor

Filesets

  • log
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@andrewkroh andrewkroh mentioned this issue Feb 6, 2020
Closed
51 tasks
@leehinman
Copy link
Contributor Author

evaluated and no changes were needed.

@leehinman leehinman reopened this Feb 13, 2020
@leehinman
Copy link
Contributor Author

On further consideration should populate all related.user, related.ip & related.hash fields

@MikePaquette
Copy link

@leehinman Nice - we often forget to populate those fields, which are valuable for pivoting in SIEM timeline.

@webmat
Copy link
Contributor

webmat commented Feb 14, 2020

I'm not sure how close we are to using the default pipeline (#14001), but the related.* fields would be a great candidate to add in there, specifically to make sure they're not forgotten :-)

@leehinman leehinman mentioned this issue Feb 14, 2020
Merged
leehinman added a commit to leehinman/beats that referenced this issue Mar 12, 2020
@leehinman
Improve ECS field mappings for CEF module
6e1e309 
- related.hash
- related.ip
- related.user
- fix description

Closes elastic#16157
Closes elastic#16289
leehinman added a commit that referenced this issue Mar 12, 2020
@leehinman
Improve ECS field mappings for CEF module (#16338)
3e6edf2 
- related.hash
- related.ip
- related.user
- fix description

Closes #16157
Closes #16289
@leehinman leehinman mentioned this issue Mar 12, 2020
Merged
leehinman added a commit to leehinman/beats that referenced this issue Mar 12, 2020
@leehinman
Improve ECS field mappings for CEF module (elastic#16338)
3026054 
- related.hash
- related.ip
- related.user
- fix description

Closes elastic#16157
Closes elastic#16289

(cherry picked from commit 3e6edf2)
leehinman added a commit that referenced this issue Mar 14, 2020
@leehinman
Improve ECS field mappings for CEF module (#16338) (#16989)
c5c1f71 
- related.hash
- related.ip
- related.user
- fix description

Closes #16157
Closes #16289

(cherry picked from commit 3e6edf2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ecs enhancement Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Improve ECS field mappings for CEF module leehinman/beats
4 participants
@webmat @elasticmachine @MikePaquette @leehinman