diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index f689a896730..a643e5c5abe 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -63,6 +63,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Adds Gsuite Groups support. {pull}19725[19725] - Move file metrics to dataset endpoint {pull}19977[19977] - Add `while_pattern` type to multiline reader. {pull}19662[19662] +- Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808] *Heartbeat* diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 25d1ba1681b..6e4b7f64d61 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -294,7 +294,7 @@ processors: if: 'ctx?._temp_?.message_subtype == "vulnerability"' - set: field: event.action - value: wildfire_veredict + value: wildfire_verdict if: 'ctx?._temp_?.message_subtype == "wildfire"' - set: field: event.action