Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature panw endreason #18705

Merged
merged 5 commits into from
Aug 10, 2020
Merged

Feature panw endreason #18705

merged 5 commits into from
Aug 10, 2020

Conversation

dainok
Copy link
Contributor

@dainok dainok commented May 22, 2020
edited by andrewkroh
Loading

What does this PR do?

PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.

Why is it important?

End reason is important to track down why a specific session is ended (timeout, rst from client/server...)

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

1 similar comment
@elasticmachine
Copy link
Collaborator

Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 22, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 25, 2020
andrewkroh
andrewkroh requested changes Jun 4, 2020
View reviewed changes
Copy link
Member

@andrewkroh andrewkroh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution. A few changes are needed:

@dainok dainok requested review from a team as code owners June 7, 2020 07:46
@dainok
Copy link
Contributor Author

dainok commented Jun 7, 2020

Done, thank you @andrewkroh
Anything I can do regarding 7.7.1 update?

@adriansr
Copy link
Contributor

adriansr commented Jul 14, 2020
edited
Loading

Thanks for your contribution!

This PR needs a rebase on master and re-generation of the -expected.json files.

I can commit those changes is you prefer.

@adriansr adriansr self-assigned this Jul 14, 2020
@andrewkroh
Copy link
Member

jenkins run tests

@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 10, 2020
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [andrewkroh commented: jenkins run tests]

  • Start Time: 2020-08-10T22:40:41.692+0000

  • Duration: 52 min 51 sec

Test stats 🧪

Test Results
Failed 0
Passed 4204
Skipped 574
Total 4778

@andrewkroh andrewkroh added the needs_backport PR is waiting to be backported to other branches. label Aug 10, 2020
@andrewkroh andrewkroh merged commit 6c0c3bf into elastic:master Aug 10, 2020
andrewkroh pushed a commit to andrewkroh/beats that referenced this pull request Aug 10, 2020
@dainok @andrewkroh
Add panw.panos.endreason field (elastic#18705)
ac7388c 
PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <[email protected]>
Co-authored-by: Adrian Serrano <[email protected]>
(cherry picked from commit 6c0c3bf)
@andrewkroh andrewkroh mentioned this pull request Aug 10, 2020
Merged
6 tasks
@andrewkroh andrewkroh added v7.10.0 and removed needs_backport PR is waiting to be backported to other branches. labels Aug 10, 2020
andrewkroh pushed a commit to andrewkroh/beats that referenced this pull request Aug 10, 2020
@dainok @andrewkroh
Add panw.panos.endreason field (elastic#18705)
ed0e041 
PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <[email protected]>
Co-authored-by: Adrian Serrano <[email protected]>
(cherry picked from commit 6c0c3bf)
andrewkroh added a commit that referenced this pull request Aug 11, 2020
@andrewkroh @dainok
Add panw.panos.endreason field (#18705) (#20531)
ba9c7a1 
PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <[email protected]>
Co-authored-by: Adrian Serrano <[email protected]>
(cherry picked from commit 6c0c3bf)

Co-authored-by: dainok <[email protected]>
v1v added a commit to v1v/beats that referenced this pull request Aug 12, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/ci-pipeli…
23c69ce 
…ne-2.0

* upstream/master: (39 commits)
  [ITs] Revert healthcheck for elasticsearchssl service to the previous behaviour (elastic#20558)
  [Heartbeat] Fix packaging (elastic#20566)
  [Heartbeat] Add Magefile to X-Pack (elastic#20549)
  [Packetbeat] Add "network" to event.category (elastic#20392)
  fix typo in docs (elastic#20541)
  Add service resource in k8s cluster role (elastic#20546)
  Update Golang version to 1.14.7 (elastic#20508)
  Add missing inputs to filebeat spec (elastic#20388)
  add warning log in aws and googlecloud module for API cost (elastic#20523)
  Fix fortinet.firewall.mem value to be interpreted as integer (elastic#19335)
  [CI] add more resilience (elastic#20505)
  [JJBB] fix credentials with a service account for golang-crossbuild (elastic#20537)
  [ITs] change healthcheck for elasticsearch (elastic#20514)
  [JJBB] fix credentials with a service account (elastic#20535)
  chore(ci): use build step for checking if is PR (elastic#20536)
  [CI] runbld project name (elastic#20466)
  Add panw.panos.endreason field (elastic#18705)
  [Filebeat] Fix PANW field spelling "veredict" to "verdict" (elastic#18808)
  Fix typo in netflow module docs (elastic#18992)
  Modified auditd ingest pipeline to handle node=hostname (elastic#19659)
  ...
@webmat
Copy link
Contributor

webmat commented Aug 20, 2020

Perhaps this could be migrated to the new ECS field event.reason?

@dainok
Copy link
Contributor Author

dainok commented Aug 20, 2020

Totally agree. Should I rewrite the PR? Or can you notify the PANW team?

@webmat
Copy link
Contributor

webmat commented Aug 20, 2020

Simplest approach here would be to open a new PR that now also populates event.reason.

Since this PR was already merged, I would not remove the panw.panos.endreason field in the new PR, but I'd bring this up in the PR description. If this is not yet released, perhaps we can remove it, and we'll discuss on the new PR :-)

Thanks @dainok

melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@dainok @adriansr @melchiormoulin
Add panw.panos.endreason field (elastic#18705)
fe041ae 
PANW firewalls expone why a session is ended (endreason). Currenlty it's not tracked.
End reason is important to track down why a specific session is ended (timeout, rst from client/server...). This adds panw.panos.endreason.

Co-authored-by: Andrea Dainese <[email protected]>
Co-authored-by: Adrian Serrano <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

@adriansr adriansr

Labels
enhancement review v7.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dainok @elasticmachine @adriansr @andrewkroh @webmat @andresrc