Skip to content

Commit

Permalink
[filebeat] Threat intel sync (#29014)
Browse files Browse the repository at this point in the history 
* abusemalware changes

* abuseurl changes

* malwarebazaar changes

* anomali changes

* otx changes

* threatq changes

* misp changes

* anomalithreatstream changes

* recordedfuture changes

* Change dashboards field names and fields files

* Change base to '' in field definition

* Add changelog entry

* Add threat.feed.name and threat.feed.dashboard_id
  • Loading branch information
@marc-gr
marc-gr authored Nov 18, 2021
1 parent df3fcec commit 3a75570
Show file tree
Hide file tree
Showing 147 changed files with 12,593 additions and 12,280 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- All modules: Replace usages of deprecated ECS fields `process.ppid` and `log.original` with `process.parent.pid` and `event.original`. {pull}28620[28620]
- Replace usages of `host.user.*` fields with `user.*` in `cisco`, `microsoft` and `oracle` modules. {pull}28620[28620]
- Remove `docker` input. Please use `filestream` input with `container` parser or `container` input. {pull}28817[28817]
- Change `threatintel` module to use new `threat.*` ECS fields. {pull}29014[29014]

*Heartbeat*

Expand Down Expand Up @@ -183,6 +184,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Upgrade azure-eventhub sdk reference, contains potential checkpoint fixes. {pull}28919[28919]
- Revert usageDetails api version to 2019-01-01. {pull}28995[28995]
- Fix in `aws-s3` input regarding provider discovery through endpoint {pull}28963[28963]
- Fix `threatintel.misp` filters configuration. {issue}27970[27970]

*Heartbeat*

Expand Down
Loading

0 comments on commit 3a75570

Please sign in to comment.