Skip to content

Commit

Permalink
[Filebeat] Improve ECS field mapping for auditd module (elastic#16280)
Browse files Browse the repository at this point in the history 
* Improve ECS field mapping for auditd module

- event.kind
- event.type
- event.category
- container.name
- container.runtime
- process.args_count
- process.exit_code
- process.working_directory

Closes elastic#16153

(cherry picked from commit 43463f1)
  • Loading branch information
@leehinman @andrewkroh
leehinman authored and andrewkroh committed May 6, 2020
1 parent 470834c commit afcef62
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Change the `json.*` input settings implementation to merge parsed json objects with existing objects in the event instead of fully replacing them. {pull}17958[17958]
- Improve ECS categorization field mappings in osquery module. {issue}16176[16176] {pull}17881[17881]
- Add support for v10, v11 and v12 logs on Postgres {issue}13810[13810] {pull}17732[17732]
- Add an SSL config example in config.yml for filebeat MISP module. {pull}16320[16320]
- Improve ECS categorization, container & process field mappings in auditd module. {issue}16153[16153] {pull}16280[16280]

*Heartbeat*

Expand Down

0 comments on commit afcef62

Please sign in to comment.