Skip to content

Commit

Permalink
[Filebeat] Improve ECS field mappings in suricata module (#16843) (#1…
Browse files Browse the repository at this point in the history 
…6990)

* Improve ECS field mappings in suricata module

- destination.domain
- dns.question.top_level_domain
- event.category
- event.kind
- event.outcome
- event.type
- related.hash
- related.ip
- rule.category
- rule.id
- rule.name
- tls.client.server_name
- tls.resumed
- tls.server.certificate
- tls.server.certificate_chain
- tls.server.hash.sha1
- tls.server.issuer
- tls.server.ja3s
- tls.server.not_after
- tls.server.not_before
- tls.server.subject
- tls.version
- tls.version_protocol

Closes #16181

(cherry picked from commit 7eb2fba)
  • Loading branch information
@leehinman
leehinman authored Mar 17, 2020
1 parent fec800f commit 0eeb109
Show file tree
Hide file tree
Showing 6 changed files with 1,015 additions and 207 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add custom string mapping to CEF module to support Forcepoint NGFW {issue}14663[14663] {pull}15910[15910]
- Add ECS related fields to CEF module {issue}16157[16157] {pull}16338[16338]
- Improve ECS categorization, host field mappings in elasticsearch module. {issue}16160[16160] {pull}16469[16469]
- Improve ECS categorization field mappings in suricata module. {issue}16181[16181] {pull}16843[16843]

*Heartbeat*

Expand Down
Loading

0 comments on commit 0eeb109

Please sign in to comment.