diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c101d8747b88..213de0754d40 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -720,6 +720,7 @@ from being added to events by default. {pull}18159[18159] - Add SSL option to checkpoint module {pull}19560[19560] - Add max_number_of_messages config into s3 input. {pull}21993[21993] - Update Okta documentation for new stateful restarts. {pull}22091[22091] +- Rename googlecloud module to gcp module. {pull}22214[22214] - Rename awscloudwatch input to aws-cloudwatch. {pull}22228[22228] - Rename google-pubsub input to gcp-pubsub. {pull}22213[22213] - Copy tag names from MISP data into events. {pull}21664[21664] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 18968522656b..40f4fab79c64 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -37,7 +37,7 @@ grouped in the following categories: * <> * <> * <> -* <> +* <> * <> * <> * <> @@ -68452,8 +68452,8 @@ type: integer -- -[[exported-fields-googlecloud]] -== Google Cloud fields +[[exported-fields-gcp]] +== Google Cloud Platform (GCP) fields Module for handling logs from Google Cloud. diff --git a/filebeat/docs/images/filebeat-googlecloud-audit.png b/filebeat/docs/images/filebeat-gcp-audit.png similarity index 100% rename from filebeat/docs/images/filebeat-googlecloud-audit.png rename to filebeat/docs/images/filebeat-gcp-audit.png diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 30e0ec38f462..69633f6836d6 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -64,4 +64,6 @@ include::./faq.asciidoc[] include::{libbeat-dir}/contributing-to-beats.asciidoc[] +include::redirects.asciidoc[] + diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/gcp.asciidoc similarity index 85% rename from filebeat/docs/modules/googlecloud.asciidoc rename to filebeat/docs/modules/gcp.asciidoc index bc0e62e93b85..ee700d812813 100644 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ b/filebeat/docs/modules/gcp.asciidoc @@ -2,10 +2,10 @@ This file is generated! See scripts/docs_collector.py //// -[[filebeat-module-googlecloud]] +[[filebeat-module-gcp]] [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -29,18 +29,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -80,12 +80,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -125,12 +125,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -170,5 +170,5 @@ field. Defaults to `false`, meaning the original message is not saved. === Fields For a description of each field in the module, see the -<> section. +<> section. diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 6c862dc2c77a..d3a02fee8629 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -22,7 +22,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> - * <> + * <> * <> * <> * <> @@ -91,7 +91,7 @@ include::modules/elasticsearch.asciidoc[] include::modules/envoyproxy.asciidoc[] include::modules/f5.asciidoc[] include::modules/fortinet.asciidoc[] -include::modules/googlecloud.asciidoc[] +include::modules/gcp.asciidoc[] include::modules/gsuite.asciidoc[] include::modules/haproxy.asciidoc[] include::modules/ibmmq.asciidoc[] diff --git a/filebeat/docs/redirects.asciidoc b/filebeat/docs/redirects.asciidoc new file mode 100644 index 000000000000..7a41406099b8 --- /dev/null +++ b/filebeat/docs/redirects.asciidoc @@ -0,0 +1,10 @@ +["appendix",role="exclude",id="redirects"] += Deleted pages + +The following pages have moved or been deleted. + +[role="exclude",id="filebeat-module-googlecloud"] +== Google Cloud module + +See <>. + diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 42b7e32547f7..720acde3df3e 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -813,8 +813,8 @@ filebeat.modules: # "+02:00" for GMT+02:00 # var.tz_offset: local -#----------------------------- Google Cloud Module ----------------------------- -- module: googlecloud +#--------------------- Google Cloud Platform (GCP) Module --------------------- +- module: gcp vpcflow: enabled: true @@ -823,11 +823,11 @@ filebeat.modules: # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -841,11 +841,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -859,11 +859,68 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + +#----------------------------- Googlecloud Module ----------------------------- +# googlecloud module is deprecated, please use gcp instead +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index dd98b643c3f9..48ff49e7aa93 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -29,7 +29,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/envoyproxy" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/f5" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/fortinet" - _ "github.com/elastic/beats/v7/x-pack/filebeat/module/googlecloud" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gcp" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gsuite" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/ibmmq" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/imperva" diff --git a/x-pack/filebeat/module/gcp/_meta/config.yml b/x-pack/filebeat/module/gcp/_meta/config.yml new file mode 100644 index 000000000000..613f8b1b8d12 --- /dev/null +++ b/x-pack/filebeat/module/gcp/_meta/config.yml @@ -0,0 +1,54 @@ +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc similarity index 87% rename from x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc rename to x-pack/filebeat/module/gcp/_meta/docs.asciidoc index adda332e62f1..17f989377f9b 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc @@ -1,6 +1,6 @@ [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -24,18 +24,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -75,12 +75,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -120,12 +120,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- diff --git a/x-pack/filebeat/module/googlecloud/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml similarity index 98% rename from x-pack/filebeat/module/googlecloud/_meta/fields.yml rename to x-pack/filebeat/module/gcp/_meta/fields.yml index 8f97f9b19c09..f574d666eb77 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -1,5 +1,5 @@ -- key: googlecloud - title: Google Cloud +- key: gcp + title: Google Cloud Platform (GCP) description: > Module for handling logs from Google Cloud. fields: diff --git a/x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json rename to x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json index b87e6793afbc..0c6cc78c153d 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json +++ b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json @@ -120,7 +120,7 @@ } ], "timeRestore": false, - "title": "[Filebeat GoogleCloud] Audit", + "title": "[Filebeat GCP] Audit", "version": 1 }, "id": "6576c480-73a2-11ea-a345-f985c61fe654", @@ -198,9 +198,9 @@ "type": "Polygon" }, "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:googlecloud.audit\",\"language\":\"kuery\"}}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:gcp.audit\",\"language\":\"kuery\"}}]", "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", - "title": "Audit Source Locations [Filebeat GoogleCloud]", + "title": "Audit Source Locations [Filebeat GCP]", "uiStateJSON": { "isLayerTOCOpen": true, "openTOCDetails": [] @@ -231,7 +231,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Events Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Events Outcome over time [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -356,7 +356,7 @@ } ] }, - "title": "Audit Event Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Event Outcome over time [Filebeat GCP]", "type": "histogram" } }, @@ -388,7 +388,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -430,7 +430,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "type": "pie" } }, @@ -462,7 +462,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -498,7 +498,7 @@ "scale": "linear", "showLabel": true }, - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "type": "tagcloud" } }, @@ -530,7 +530,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -572,7 +572,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "type": "pie" } }, @@ -604,7 +604,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -620,7 +620,7 @@ "enabled": true, "id": "2", "params": { - "field": "googlecloud.audit.resource_name", + "field": "gcp.audit.resource_name", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -646,7 +646,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "type": "pie" } }, @@ -670,7 +670,7 @@ "columns": [ "user.email", "service.name", - "googlecloud.audit.type", + "gcp.audit.type", "event.action", "event.outcome", "source.ip", @@ -692,13 +692,13 @@ "key": "event.dataset", "negate": false, "params": { - "query": "googlecloud.audit" + "query": "gcp.audit" }, "type": "phrase" }, "query": { "match_phrase": { - "event.dataset": "googlecloud.audit" + "event.dataset": "gcp.audit" } } } @@ -713,7 +713,7 @@ } }, "sort": [], - "title": "Audit [Filebeat GoogleCloud]", + "title": "Audit [Filebeat GCP]", "version": 1 }, "id": "d88364c0-73a1-11ea-a345-f985c61fe654", diff --git a/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml b/x-pack/filebeat/module/gcp/audit/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml rename to x-pack/filebeat/module/gcp/audit/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/audit/config/input.yml rename to x-pack/filebeat/module/gcp/audit/config/input.yml index f1c71d4b84fd..3b89f0f630eb 100644 --- a/x-pack/filebeat/module/googlecloud/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_audit_script - file: ${path.home}/module/googlecloud/audit/config/pipeline.js + id: gcp_audit_script + file: ${path.home}/module/gcp/audit/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/config/pipeline.js rename to x-pack/filebeat/module/gcp/audit/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/manifest.yml b/x-pack/filebeat/module/gcp/audit/manifest.yml similarity index 92% rename from x-pack/filebeat/module/googlecloud/audit/manifest.yml rename to x-pack/filebeat/module/gcp/audit/manifest.yml index 42b5c4880d6f..ebe77788fe35 100644 --- a/x-pack/filebeat/module/googlecloud/audit/manifest.yml +++ b/x-pack/filebeat/module/gcp/audit/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-audit - name: subscription_name - default: filebeat-googlecloud-audit + default: filebeat-gcp-audit - name: credentials_file - name: credentials_json - name: keep_original_message diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index d8efe2892a51..8b4b2ed642df 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -3,10 +3,10 @@ "@timestamp": "2019-12-19T00:49:36.086Z", "cloud.project.id": "elastic-beats", "event.action": "GetResourceBillingInfo", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-uihnmjctwo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -29,7 +29,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 0, "service.name": "cloudbilling.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -40,10 +40,10 @@ "@timestamp": "2019-12-19T00:45:51.228Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.machineTypes.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-h6onuze1h7dg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -73,7 +73,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 945, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -91,10 +91,10 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau2dg2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -130,7 +130,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 2252, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -148,10 +148,10 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau3dc2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -182,7 +182,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 3776, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -200,10 +200,10 @@ "@timestamp": "2020-08-05T21:07:30.974Z", "cloud.project.id": "elastic-siem", "event.action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "87efd529-6349-45d2-b905-fc607e6c5d3b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", @@ -228,7 +228,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 5100, "service.name": "k8s.io", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "10.11.12.13", "tags": [ "forwarded" @@ -243,10 +243,10 @@ "@timestamp": "2020-08-05T21:59:26.456Z", "cloud.project.id": "foo", "event.action": "v1.compute.images.insert", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "v2spcwdzmc2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", @@ -278,7 +278,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 7530, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", @@ -304,10 +304,10 @@ "cloud.instance.id": "590261181", "cloud.project.id": "foo", "event.action": "beta.compute.instances.stop", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-c7ctxmd2zab", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "unknown", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", @@ -322,7 +322,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 9946, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.as.number": 3215, "source.as.organization.name": "Orange", "source.geo.city_name": "Clermont-Ferrand", diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go new file mode 100644 index 000000000000..0e5675483bb9 --- /dev/null +++ b/x-pack/filebeat/module/gcp/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package gcp + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "gcp", asset.ModuleFieldsPri, AssetGcp); err != nil { + panic(err) + } +} + +// AssetGcp returns asset data. +// This is the base64 encoded gzipped contents of module/gcp. +func AssetGcp() string { + return "eJzsWktv48gRvvtX1M27gIeLXH0IYMjjjZFx4LWVCZCL0GqWyI6b3Uw/pGh+fdAvik9ZtuhJBhidbD6++lhVXfV1kZ/gBffXUND6AsAww/Eafpey4AgLLm0Oj5yYjVQV/PL74vHXC4AcNVWsNkyKa/jzBQDAg8wtR9hIBSUROWeiAC4LDRslqw5cdgGwYchzfe3v/ASCVHgNhb+Gukv8cQCzr91xJW0dj4wYdr87Dzc05Rlk8bK2zbbdHLVhgjjMjAltiKDYXDRG4ggR97vfgCmxDQsyHKJSCKT+yI5oIPD1AbikxGAOUvhLNKkQvj4urjqQpmQ68AemoZa15f6mHTOlA0m0IUdDGNcZ3Asg8FwShbmD66BRKTassMpzu4JayX8hNSuWA5VKoa6lyDUY6QnFs2BKYkDuhHZHO3DJ+BVYbQnn+/AgqLaMNvdnrVv6gWgH40CmczqF4QX3O6n6544EwwfkNgUgPQyVwhAmXI66w18fsotRNgoLJsV8TJ48XmIzafabFDif0X9KgaMmxxbAtqY/VO4/LkCg2Un1Mnvuu3wP3EupzY+dyNuartxf83FxnnexLBkto20XH1mj860oJohou47xmpnPcwN8Kq2GkrSK4pylPyC+J/N9tncgf1b9n1X/Q6p+TPt5Cv53yfiftf5nrfe/k2t9nxGxOTPnpHvaaEjV3Wd44M5uA0ZzJhFxhi9O88ZRXyz3tU+QGpXZZyOGiDUlCsOoXwQrJjZyxG7fA69YvemAggNVVdCPMFzKk4uGCcpqwldYEcbny45lieAhgeS5Qq3TQmr5AnOwGhVU5CWtJ4X/tqhN7wnafpSKmf1KI0dqpJqXcIMPCR90jZRtGOaw3rcZSnUFbANE7DO4Ny7jhTRQWKKIMIg5DAz4+hZKSfR5qMucyx3mrgJajUFoNzw6fuh54dvRZCJKkf3bkqnBbOeSX2WOdVzQUmSnJxeqimk9axtfxhAw12vubx5aRiaSpvARGW8Kayk5kj69Vyj8o0RTogKpfMw74fDuUhg7MRF5i58Pd2QzwTXduSLGKLa2BvUo72GpOC2/G9S0GpPBrHf9WFhbPSUIzGGKH4nrqwQDRWcgkYtm+twSi5F2NjuFKf9MtpCZODiIYxyS/QpNKfNhZ39vJxuPQDTjMv5QBuBOKrh5vAdKONdBQvarni6l5Tms0aO1kd2NATXr3+Rw8T+kqjlewWUYSGY5McRVXcy2f8pum3+erPjDotpfjjlH2GoVFKbGFTNY6REfcSmKNzrIVmu3/DfgMUGhsUpgHiafBL4wbZyrPLHWg4aGUdecUbLmo+GMzeV8cbBsV+ymq75BFkgjZ9aLHZV0yO0RZonFhnGDM7b4O493kul5H/1vnYpyTOE0DeDDCRzKypjGiBetKjTELb3zM/IhIgFZS2umI3AsLV2lQbVi/dYXCA0On9AR7x/7+jTYmAhPJKCtW8WYr5x8XZEChZlX4XhZ7HH7tJauyrb1WVSeXVnthMcAuFWMFYbLKJUqZ6Lgo9uWVDvnL0cB9/+yHo1RO8zo/cBjTkkWIY/bf02PjdmeXQp5I1M66IWJoYkZCDjcvm+audP/VheexMUOplGzULHsRK80it0QY8cT9z2L59nDDZJ2vJNMdbQzNGqzw5IKqOQ8zjn9Fpv5MTkYogpsymdLtk5JXrfvBk1LrPATdw3h70/3V762MkG5zdOIwgm6pIvdja/oV10i36L+7fkvn7/cre5vf1tL+aJH9WrjKj+m7W+b3114E9rxPc3RvmuVQmEaXvMlEiwCdEPy6M60t//8sG1PO8Q1KtdsU/SnE6kT9sN2JexfSM10RmU1+jTDtfnuWOvOwpRbVITzSdJHYy7z8WbLhMFiIMtPaHWRmwO+ivPigyQhAlDYCraEWx+HuO9TNc0WMu+vssP+V2tSzKgKbiDHLXLnsU8bQl3YUSmpkqUhcybgsyg402UGN2LvtVu6dQDfwWqBuPTn7FuUbtqtCBbe0bT8EKpuliTDANyH88rVxANcnFpSzlC0Nx2HPZbCHeHtye9s8/i7iP2GkbyyHFdjMutdK+L2cDItifS83lJoGBUxtMQ8DDAOb81eL4+dMbqf1070+sGMYcB8GebCYficRq4drlMKg9BBp4C3iYybVvP0ldd5JpY9DVIEB03Zz5nCsyncJhAfJkU2G0bbwdEhOMf8oHCDCsV5U8mnBJJewZ8Ugti1FRGDSvQm62FwtEnvcT2ePsSlm7p+kOROy8nIHL7/mY9b+6OiSYKvc4suM2S4Ls6Ux4mo49F6KW5IcYYrg5j8HnSjbD2PLqtXtVRm+G4IjrwfehNdVoc9OZVc+5Z1mGuCM51yw78OsRwnN0gxEZKiI5RKO5imfFRSJI0XrZ6fIN/5MWKynPMYre8VNlzuPkIGfH1cgMN+iwxAl0Q9kXmGuNcsxyjcInQe/MPlLoMFEU6DIfOv9S6fnxaXTkRd3n5+XrY2amM8jclmeKvwhRgUdA9EQ4VEW4U5/OL8uFw8eo6uDfP9r5BblTYihrk9qzCotoSnueBgY5YuRE5q7eQgmh2icArTb2gJPH/+wy9ghRTZNhw7fJnj/r9Z/LUH665nzbcwYb+dvgV5Wi7dc+zQ9YFwKtaGOPsLHxPlyMk+u/hvAAAA///1JdgD" +} diff --git a/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml b/x-pack/filebeat/module/gcp/firewall/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml rename to x-pack/filebeat/module/gcp/firewall/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/firewall/config/input.yml rename to x-pack/filebeat/module/gcp/firewall/config/input.yml index 1ddda931c498..e2999de6ade0 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -27,11 +27,11 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_firewall_script + id: gcp_firewall_script params: debug: {{ .debug }} keep_original_message: {{ .keep_original_message }} - file: ${path.home}/module/googlecloud/firewall/config/pipeline.js + file: ${path.home}/module/gcp/firewall/config/pipeline.js - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js rename to x-pack/filebeat/module/gcp/firewall/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml b/x-pack/filebeat/module/gcp/firewall/manifest.yml similarity index 92% rename from x-pack/filebeat/module/googlecloud/firewall/manifest.yml rename to x-pack/filebeat/module/gcp/firewall/manifest.yml index 009ace59c235..9f2b2840df38 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml +++ b/x-pack/filebeat/module/gcp/firewall/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-firewall - name: subscription_name - default: filebeat-googlecloud-firewall + default: filebeat-gcp-firewall - name: credentials_file - name: credentials_json - name: debug diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log b/x-pack/filebeat/module/gcp/firewall/test/rare.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log rename to x-pack/filebeat/module/gcp/firewall/test/rare.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json index fb34db024222..1d799e8edbcf 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json @@ -7,10 +7,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -57,7 +57,7 @@ "10.128.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.10", "source.domain": "test-es", "source.ip": "10.142.0.10", @@ -74,10 +74,10 @@ "destination.port": 57794, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -124,7 +124,7 @@ "10.128.0.10" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.16", "source.domain": "local-adrian-test", "source.ip": "10.142.0.16", diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log b/x-pack/filebeat/module/gcp/firewall/test/test.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log rename to x-pack/filebeat/module/gcp/firewall/test/test.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index 73f9e79c29aa..908b2436bd9a 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -13,10 +13,10 @@ "destination.port": 53, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "4zuj4nfn4llkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -56,7 +56,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.128.0.16", "source.domain": "adrian-test", "source.ip": "10.128.0.16", @@ -73,10 +73,10 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1f21ciqfpfssuo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -119,7 +119,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.126", "source.geo.continent_name": "Asia", "source.geo.country_name": "omn", @@ -137,10 +137,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "8vcfeailjd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -184,7 +184,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.219", "source.geo.city_name": "Krasnodar", "source.geo.continent_name": "Europe", @@ -204,10 +204,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1bqgmw9feiabij", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -251,7 +251,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -269,10 +269,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1jrxaqbfe48bir", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -316,7 +316,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -334,10 +334,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1fw7drlfe2ty27", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -381,7 +381,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.151", "source.geo.city_name": "Berdychiv", "source.geo.continent_name": "Europe", @@ -401,10 +401,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1yre751fekaxzs", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -448,7 +448,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.241", "source.geo.city_name": "Vicenza", "source.geo.continent_name": "Europe", @@ -468,10 +468,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5kanfzfiqepkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -515,7 +515,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.geo.city_name": "Tula", "source.geo.continent_name": "Europe", @@ -535,10 +535,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "59z0t8fiow9vg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -582,7 +582,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.251", "source.geo.city_name": "Stavropol", "source.geo.continent_name": "Europe", @@ -602,10 +602,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1y7e4yzff816cq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -649,7 +649,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -669,10 +669,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "lx5jlsfggpr0q", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -716,7 +716,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -736,10 +736,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "18ynfbufer19m1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -783,7 +783,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.200", "source.geo.city_name": "\u0130zmir", "source.geo.continent_name": "Asia", @@ -809,10 +809,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "tzddthfsr6fv5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -852,7 +852,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -875,10 +875,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1k2b7kefsnhzq7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -918,7 +918,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -935,10 +935,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -987,7 +987,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1006,10 +1006,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1058,7 +1058,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1077,10 +1077,10 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "yot1ojetjdiw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1123,7 +1123,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.7", "source.geo.city_name": "Almelo", "source.geo.continent_name": "Europe", @@ -1143,10 +1143,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks9e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1195,7 +1195,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1214,10 +1214,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks8t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1266,7 +1266,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1285,10 +1285,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -1338,7 +1338,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.42.0.10", "source.domain": "test-es", "source.ip": "10.42.0.10", diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml b/x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml rename to x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml rename to x-pack/filebeat/module/gcp/vpcflow/config/input.yml index 2854b8ed3321..499e13b3dc71 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_vpcflow_script - file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + id: gcp_vpcflow_script + file: ${path.home}/module/gcp/vpcflow/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js rename to x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml similarity index 91% rename from x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml rename to x-pack/filebeat/module/gcp/vpcflow/manifest.yml index 3ddb0800223a..71048699be9a 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-vpcflow - name: subscription_name - default: filebeat-googlecloud-vpcflow + default: filebeat-gcp-vpcflow - name: credentials_file - name: credentials_json - name: keep_original_message diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json similarity index 94% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 9a71b1c35a61..b9d0250b9be0 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -11,11 +11,11 @@ "destination.ip": "203.0.113.12", "destination.port": 33478, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -42,7 +42,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -63,11 +63,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33970, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxzb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -100,7 +100,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 173663, @@ -127,11 +127,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33576, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821143836Z", "event.id": "ut8lbrffooxze", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -164,7 +164,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 155707, "source.domain": "elasticsearch", @@ -189,11 +189,11 @@ "destination.ip": "192.0.2.23", "destination.port": 59679, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -219,7 +219,7 @@ "10.139.99.242", "192.0.2.23" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 0, "source.domain": "elasticsearch", @@ -242,11 +242,11 @@ "destination.ip": "192.0.2.117", "destination.port": 50646, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxz6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -273,7 +273,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -294,11 +294,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxzf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -325,7 +325,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -348,11 +348,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33692, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxz1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -385,7 +385,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 186151, @@ -412,11 +412,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxyp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -449,7 +449,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 15169, "source.domain": "kibana", @@ -470,11 +470,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxzd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -507,7 +507,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 250864, @@ -531,11 +531,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33880, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxz8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -568,7 +568,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 167939, @@ -592,11 +592,11 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyt", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -622,7 +622,7 @@ "192.0.2.23", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.23", "source.as.number": 49505, "source.bytes": 0, @@ -647,11 +647,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821056075Z", "event.id": "ut8lbrffooxz5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -684,7 +684,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11773, @@ -708,11 +708,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxza", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -745,7 +745,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 65699, @@ -772,11 +772,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxyq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -809,7 +809,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 66029, "source.domain": "kibana", @@ -833,11 +833,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -870,7 +870,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65154, "source.domain": "kibana", @@ -894,11 +894,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxyo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -931,7 +931,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 13643, "source.domain": "kibana", @@ -952,11 +952,11 @@ "destination.ip": "10.49.136.133", "destination.port": 46864, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:29.432367659Z", "event.id": "ut8lbrffooxzc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -983,7 +983,7 @@ "203.0.113.93", "10.49.136.133" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.93", "source.bytes": 34509840, "source.ip": "203.0.113.93", @@ -1003,11 +1003,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxz7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1034,7 +1034,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -1060,11 +1060,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxyu", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1097,7 +1097,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63671, "source.domain": "kibana", @@ -1122,11 +1122,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65320, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxyv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1153,7 +1153,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 51075, "source.domain": "elasticsearch", @@ -1177,11 +1177,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33562, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxz0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1214,7 +1214,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 197840, "source.domain": "elasticsearch", @@ -1234,11 +1234,11 @@ "destination.ip": "203.0.113.93", "destination.port": 9243, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:58.716492806Z", "event.id": "ut8lbrffooxys", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1265,7 +1265,7 @@ "10.49.136.133", "203.0.113.93" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.49.136.133", "source.bytes": 173805495, "source.domain": "simianhacker-demo", @@ -1286,11 +1286,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1317,7 +1317,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1468, @@ -1343,11 +1343,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393651211Z", "event.id": "ut8lbrffooxz4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1380,7 +1380,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 159704, "source.domain": "elasticsearch", @@ -1401,11 +1401,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxz3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1432,7 +1432,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70775, @@ -1457,11 +1457,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33542, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1494,7 +1494,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 281147, @@ -1518,11 +1518,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.537763242Z", "event.id": "ut8lbrffooxyr", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1555,7 +1555,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 63590, @@ -1581,11 +1581,11 @@ "destination.ip": "203.0.113.12", "destination.port": 34836, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxyy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1612,7 +1612,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -1633,11 +1633,11 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1664,7 +1664,7 @@ "192.0.2.165", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.165", "source.as.number": 45899, "source.bytes": 1239, @@ -1692,11 +1692,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho5r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1729,7 +1729,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63853, "source.domain": "kibana", @@ -1750,11 +1750,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho5k", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1781,7 +1781,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1458, @@ -1807,11 +1807,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho55", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1844,7 +1844,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 252397, "source.domain": "elasticsearch", @@ -1868,11 +1868,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33694, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho60", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1905,7 +1905,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 205787, "source.domain": "elasticsearch", @@ -1930,11 +1930,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65263, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho49", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1961,7 +1961,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 106409, "source.domain": "elasticsearch", @@ -1982,11 +1982,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho4t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2019,7 +2019,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 61242, @@ -2046,11 +2046,11 @@ "destination.ip": "203.0.113.101", "destination.port": 49680, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho68", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2083,7 +2083,7 @@ "10.139.99.242", "203.0.113.101" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248826, "source.domain": "elasticsearch", @@ -2106,11 +2106,11 @@ "destination.ip": "192.0.2.117", "destination.port": 33862, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5n", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2137,7 +2137,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1777, "source.domain": "kibana", @@ -2162,11 +2162,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65321, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5l", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2193,7 +2193,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 116845, "source.domain": "elasticsearch", @@ -2214,11 +2214,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho65", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2251,7 +2251,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 4614, @@ -2278,11 +2278,11 @@ "destination.ip": "192.0.2.177", "destination.port": 60112, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2315,7 +2315,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 50379, "source.domain": "elasticsearch", @@ -2336,11 +2336,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33552, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho4m", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2373,7 +2373,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 200417, @@ -2400,11 +2400,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33524, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho5t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2437,7 +2437,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 30233, "source.domain": "elasticsearch", @@ -2458,11 +2458,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho50", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2495,7 +2495,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 160693, @@ -2519,11 +2519,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho63", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2556,7 +2556,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 59903, @@ -2582,11 +2582,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33924, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho4r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2613,7 +2613,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -2638,11 +2638,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65271, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2669,7 +2669,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 129335, "source.domain": "elasticsearch", @@ -2690,11 +2690,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2721,7 +2721,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -2744,11 +2744,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2775,7 +2775,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 75477, @@ -2804,11 +2804,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65316, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2835,7 +2835,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 102119, "source.domain": "elasticsearch", @@ -2856,11 +2856,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho5p", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2893,7 +2893,7 @@ "203.0.113.101", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.101", "source.as.number": 15169, "source.bytes": 1541638, @@ -2917,11 +2917,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2954,7 +2954,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 755901, @@ -2981,11 +2981,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33558, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.394676451Z", "event.id": "1ulp77rfdvho4o", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3018,7 +3018,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248715, "source.domain": "elasticsearch", @@ -3039,11 +3039,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3070,7 +3070,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69757, @@ -3095,11 +3095,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho59", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3126,7 +3126,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69440, @@ -3151,11 +3151,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho57", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3182,7 +3182,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1457, @@ -3207,11 +3207,11 @@ "destination.ip": "192.0.2.117", "destination.port": 50438, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho5e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3238,7 +3238,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -3263,11 +3263,11 @@ "destination.ip": "192.0.2.165", "destination.port": 59623, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4d", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3294,7 +3294,7 @@ "10.139.99.242", "192.0.2.165" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 2395, "source.domain": "elasticsearch", @@ -3315,11 +3315,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.538257098Z", "event.id": "1ulp77rfdvho5y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3352,7 +3352,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 60335, @@ -3379,11 +3379,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho6a", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3416,7 +3416,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65565, "source.domain": "kibana", @@ -3437,11 +3437,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3468,7 +3468,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70174, @@ -3493,11 +3493,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdk1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3524,7 +3524,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1461, @@ -3547,11 +3547,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3578,7 +3578,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1460, @@ -3601,11 +3601,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdju", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3638,7 +3638,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 66736, @@ -3664,11 +3664,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33602, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3695,7 +3695,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -3716,11 +3716,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdkk", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3747,7 +3747,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -3770,11 +3770,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3807,7 +3807,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 259510, @@ -3833,11 +3833,11 @@ "destination.ip": "203.0.113.27", "destination.port": 52260, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdk8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3864,7 +3864,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -3888,11 +3888,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3925,7 +3925,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65069, "source.domain": "kibana", @@ -3949,11 +3949,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3986,7 +3986,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60530, "source.domain": "kibana", @@ -4007,11 +4007,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821047175Z", "event.id": "bnj3cofh3cdkm", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4044,7 +4044,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11384, @@ -4071,11 +4071,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdjy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4108,7 +4108,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 272063, "source.domain": "elasticsearch", @@ -4131,11 +4131,11 @@ "destination.ip": "203.0.113.27", "destination.port": 53706, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdjv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4162,7 +4162,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1791, "source.domain": "kibana", @@ -4183,11 +4183,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.789039435Z", "event.id": "bnj3cofh3cdkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4220,7 +4220,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 18295, @@ -4244,11 +4244,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdkg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4275,7 +4275,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1467, @@ -4298,11 +4298,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33556, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4335,7 +4335,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 165290, @@ -4359,11 +4359,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdk9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4390,7 +4390,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1458, @@ -4413,11 +4413,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdkj", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4444,7 +4444,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -4469,11 +4469,11 @@ "destination.ip": "203.0.113.27", "destination.port": 34090, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdki", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4500,7 +4500,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4523,11 +4523,11 @@ "destination.ip": "203.0.113.12", "destination.port": 34178, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdkd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4554,7 +4554,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4577,11 +4577,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33064, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdjw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4608,7 +4608,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -4629,11 +4629,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdk3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4660,7 +4660,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1461, @@ -4685,11 +4685,11 @@ "destination.ip": "203.0.113.12", "destination.port": 58216, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4716,7 +4716,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -4740,11 +4740,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4777,7 +4777,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60222, "source.domain": "kibana", @@ -4801,11 +4801,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4838,7 +4838,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 61810, "source.domain": "kibana", @@ -4859,11 +4859,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkl", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4890,7 +4890,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -4913,11 +4913,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33510, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4950,7 +4950,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 136558, @@ -4976,11 +4976,11 @@ "destination.ip": "198.51.100.107", "destination.port": 34906, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdko", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5007,7 +5007,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5030,11 +5030,11 @@ "destination.ip": "203.0.113.27", "destination.port": 52454, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdke", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5061,7 +5061,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5082,11 +5082,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdka", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5113,7 +5113,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1467, @@ -5136,11 +5136,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33530, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkn", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5173,7 +5173,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 170396, @@ -5200,11 +5200,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33570, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821129119Z", "event.id": "bnj3cofh3cdk5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5237,7 +5237,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 171610, "source.domain": "elasticsearch", @@ -5261,11 +5261,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33858, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933164456Z", "event.id": "bnj3cofh3cdk6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5298,7 +5298,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 15186, "source.domain": "elasticsearch", @@ -5322,11 +5322,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33590, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2ero3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5359,7 +5359,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 208416, "source.domain": "elasticsearch", @@ -5383,11 +5383,11 @@ "destination.ip": "192.0.2.177", "destination.port": 60108, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2eroh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5420,7 +5420,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 90977, "source.domain": "elasticsearch", @@ -5444,11 +5444,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33536, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565156020Z", "event.id": "y4wffpfk2erom", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5481,7 +5481,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 187301, "source.domain": "elasticsearch", @@ -5502,11 +5502,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33560, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "y4wffpfk2ero9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5539,7 +5539,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 139106, @@ -5563,11 +5563,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2erog", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5600,7 +5600,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 1733360, @@ -5627,11 +5627,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33874, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933099658Z", "event.id": "y4wffpfk2ero7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5664,7 +5664,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 149157, "source.domain": "elasticsearch", @@ -5685,11 +5685,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.965119632Z", "event.id": "y4wffpfk2eroe", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5722,7 +5722,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11108, @@ -5746,11 +5746,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2eroa", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5783,7 +5783,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 67337, diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/googlecloud/_meta/config.yml index 7ca54bd84c06..2c535fb4664d 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/config.yml +++ b/x-pack/filebeat/module/googlecloud/_meta/config.yml @@ -1,4 +1,5 @@ -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -7,11 +8,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -25,11 +26,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -43,11 +44,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/module/googlecloud/fields.go b/x-pack/filebeat/module/googlecloud/fields.go deleted file mode 100644 index 91fb012da25e..000000000000 --- a/x-pack/filebeat/module/googlecloud/fields.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. - -package googlecloud - -import ( - "github.com/elastic/beats/v7/libbeat/asset" -) - -func init() { - if err := asset.SetFields("filebeat", "googlecloud", asset.ModuleFieldsPri, AssetGooglecloud); err != nil { - panic(err) - } -} - -// AssetGooglecloud returns asset data. -// This is the base64 encoded gzipped contents of module/googlecloud. -func AssetGooglecloud() string { - return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzaYNuipzE3QJ9MRhybLGhSJUXu95fX/Am6+o4sbI9B1g/Jbp882lmOPNxpE/wgvvPsFFqI5AK5dgFgOVW4Gf4SzgIi3SUoaGa15Yr+Rn+fAEAcK+YEwhrpaEkkgkuNyDUxsBaq6pzf3EBsOYomPkc7vwEklTYN+x/dl/741q5Oh0ZMex/twFuaCowKNJlbZttuwyN5ZJ4zIJLY4mk2Fw0RuIIEf+7W4MtsQ0LKh6iSkqk4ciOGCDw7R6EosQiAyXDJYZUCN8eFlcdSFtyE/kDN1Cr2olw047b0oNk2sDQEi5MAXcSCDyVRCPzcB00quSab5wO3K6g1urfSO2KM6BKazS1ksyAVYFQOgu2JBbUThp/tAOXjV+BM44IsY8PgnrLaXN/0bqlH4h2MA5kOqdzGF5wv1O6f+5IMEJAbnIA8sNQJS3h0ueoP/ztvrgYZaNxw5Wcj8ljwMtsJs1+VxLnM/ovJXHU5NgC2Nb0d5X7DwuQaHdKv8ye+z7fI/dSGfv7TuRtTVf+r/m4eM/7WJaclsm2j4+q0ftWbiaIGPec4jUzn6cG+FRaDSXlNMU5S39EfE/mh2zvQP6s+j+r/odU/ZT28xT8H5LxP2v9z1offifX+j4j4hi356R73mgo3d1nBODObgNGcyYT8YYvTvPGUV8s93VIkBq13RcjhoizJUrLaVgEKy7XasRu3wOvWL3ugIIH1VXUjzBcypOLhkvKayJWWBEu5suOZYkQIIEwptGYvJBavkAGzqCGirzk9aTxPw6N7T1B249Kc7tfGRRIrdLzEm7wIeODqZHyNUcGz/s2Q6WvgK+ByH0Bd9ZnvFQWNo5oIi0ig4GBUN9iKUk+j3VZCLVD5iugMxiFdsOj44eeF74fTSaiNdm/LZkazHYuhVXmWacFrWRxenKhrrgxs7bxZQoB973m7vq+ZWQiaTYhIuNN4VkpgaRP7xUK/yzRlqhB6RDzTjiCuzSmTkwka/EL4U5sJrjmO1fEWs2fnUUzyntYKk7L7wY1r8ZssOhdPxbWVk+JAnOY4kfi+irBSNEbyOSSmT63zGKknc1OYco/ky1kJg4e4hiHbL9CWyo27Ozv7WTjEUhmfMYfygDcKg3XD3dAiRAmSsh+1TOlcoLBMwa0NrK/MaIW/Zs8Lv6XVLXAK7iMA8mCEUt81cVi+6fipvnn0clfHer95ZhzpKtWUWEaXHGLlRnxkVBy80YHuerZL/81BEzQaJ2WyOLkk8BXbqx3VSDWetDYMOpacEqexWg4U3M5Xxws2xW76apvkAXKqpn1YkclHXJ7hFlmsebC4owt/jbgnWR63kf/e6eiHFM4TQP4cAKHsjKmMdJFqwot8Uvv/Iy8T0hAnpWz0xE4lpa+0qBe8X7ri4QGh0/oiHcPfX0abUyEJxEwzq9iZCsvX1dkg9LOq3CCLA64fVpLX2Xb+iwpz66s9sJjANwqxhrjZZQqzbjciNFtS66d85ejiPubrEdj1A4z+jDwmFOSJcjj9l/TY2O2Z5dCwciUDnrhcmhiBgIet++bZu70/9WFJ3Fxg2nULFQcP9ErjWK3xLrxxH3P4nkKcIOkHe8kUx3tDI3a7LCUBqqESHPOsMXmYUwOlugNNuWzJVunJK/fd4OhJVb4SfiG8I/Hu6tQW7mkwrE8ovCCLutif+Mr+tWUKLZofnn665evt6u7m1+elXoxo3q1cVUY0/a3ze8uvBnt+J7maN91WqO0Da/5EgkWEboheXRn2tt/fti2px3iGrVvtjn604nUCfthuxL3L6TmpqCqGn2a4dp8d6xNZ2GqLWoixCTpozFXbLzZcmlxM5DlJ7S6xM0DX6V58UGSEAkoXQVbIlyIQ9r36ZoWC8X6q+yw/zWGbGZUBdfAcIvCe+zTmlAfdtRa6WxpyJxL+CI3gpuygGu5D9ot3zqA72C1QHz6C/49STfjVwSP72hafohVt8iSYQAewnnla+IBLk0tqeAo25uOwx5L446I9uR3tnn8bcJ+w0heO4GrMZn1rhVxcziZl0R+3mApNoyKWFoiiwOMw1uz18tjZ4we5rUTvX4wYxgwX8a5cBw+55Frh+uUwiB00CngbSLjutU8Q+X1nkllz4CS0UFT9hnXeDaFmwwSwqTJes1pOzgmBueYHzSuUaM8byr5mEHyK/iTQpC6tiZyUIneZD0Ojtb5PW7AM4e4dFM3DJL8aTUZmcP3P/Nxa39UNEnwdW7JZZYM18WZ8jgT9TxaL8Ut2ZzhyigmfwTdJFvPo8vrVa20Hb4bgiPvh95El9dxT06VMKFlHeaa4E3n3AivQ5zAyQ1SSoSs6Ailyg2mKR+VFFnjJavnJ8gPfoyULOc8Rut7hbVQu4+QAd8eFuCx3yID0CdRT2SeIe4NZ5iEW4Jm0T9C7QpYEOk1GPLwWu/y6XFx6UXU5c2Xp2VrozbG09pihrcKX4lFSfdADFRIjNPI4A/ej8vFQ+Do27DY/xGY03kjYrnfs0qLektEngsONmb5QhSkNl4Oot0hSq8ww4aWwNOXX8MC1kiRb+Oxw5c5/v/rxd96sP563nwLE/fb+VuQx+XSP8cOfR+Ip1JtSLO/+DERQ0H2xcX/AgAA//8iHdat" -} diff --git a/x-pack/filebeat/module/googlecloud/module.yml b/x-pack/filebeat/module/googlecloud/module.yml new file mode 100644 index 000000000000..e5d6de048869 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/module.yml @@ -0,0 +1 @@ +movedTo: gcp diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled new file mode 100644 index 000000000000..330c7d375e17 --- /dev/null +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -0,0 +1,57 @@ +# Module: gcp +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-gcp.html + +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index 9bf81802677a..6f3e6b53e21d 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -1,7 +1,8 @@ # Module: googlecloud # Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -10,11 +11,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -28,11 +29,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -46,11 +47,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription.