Add network.direction classification to rsa2elk modules #23114
Labels
Comments
botelastic
bot
added
the
needs_team
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
botelastic
bot
removed
the
needs_team
|
I started some of this in #24620 |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement:
In order to support
network.directionsetting in our rsa2elk modules, we can leverage the newadd_network_directionprocessor in any of our modules that use "perimeter"-based network models (i.e. firewalls, etc.). Currently however, all rsa2elk modules have the same module configuration. Since certain modules, such as AV modules, are "host"-based, we should have a way of making each module have the ability to leverage distinct configuration.This issue is to track adding support for distinct configuration in the generated modules and also leveraging the new procssor for
network.directionenrichment in the "perimeter"-based modules.The text was updated successfully, but these errors were encountered: