From 898cd123a84cd5ff37f644258951ebf31918fff5 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Wed, 1 Jul 2020 17:23:38 +0200 Subject: [PATCH 01/13] feat(firewall): add tls config --- .../checkpoint/firewall/config/firewall.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index 12440f8fffe..6222d9e1b54 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -3,6 +3,22 @@ type: syslog protocol.udp: host: "{{.syslog_host}}:{{.syslog_port}}" + {{ if ne .pipeline "" }} + pipeline: "{{.pipeline}}" + {{ end }} + +{{ else if eq .input "tls" }} +type: tcp +host: "{{.syslog_host}}:{{.syslog_port}}" +ssl: + enabled: true + certificate_authorities: ["{{.cafile}}"] + certificate: "{{.certfile}}" + key: "{{.keyfile}}" + client_authentication: "required" +{{ if ne .pipeline "" }} +pipeline: "{{.pipeline}}" +{{ end }} {{ else if eq .input "file" }} From 72e5a44ff2132c47d3afe42116ab600bb815349f Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Wed, 1 Jul 2020 17:25:34 +0200 Subject: [PATCH 02/13] feat(firewall): add vars to manifest --- .../filebeat/module/checkpoint/firewall/manifest.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml index 849c20fafe2..848f235d31f 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml @@ -9,6 +9,16 @@ var: default: 9001 - name: input default: syslog + - name: log_level + default: 7 + - name: certfile + default: "" + - name: keyfile + default: "" + - name: cafile + default: "" + - name: pipeline + default: "" ingest_pipeline: - ingest/pipeline.yml From 336e8e21ca18144ccbd5389f57366b69f8608e81 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Thu, 2 Jul 2020 08:50:21 +0200 Subject: [PATCH 03/13] chore(checkpoint): add tls to example --- x-pack/filebeat/modules.d/checkpoint.yml.disabled | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index 6963ecbef99..dbb2e56f8e9 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -5,8 +5,16 @@ firewall: enabled: true - # Set which input to use between syslog (default) or file. + # Set which input to use between syslog (default), file or (m)tls. #var.input: syslog + + # In case you are using var.input: tls + #var.cafile: /my/ca.ct + #var.certfile: /my/cert.crt + #var.keyfile: /my/key.key + + # Set the pipeline name + #var.pipeline: mypipeline # The interface to listen to UDP based syslog traffic. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. From 4a0cf49c873d7d215677e7971909cd1a3cb6ea41 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Fri, 7 Aug 2020 10:03:13 +0200 Subject: [PATCH 04/13] chore(checkpoint): run mage fmt update --- x-pack/filebeat/modules.d/checkpoint.yml.disabled | 10 +--------- x-pack/filebeat/tests/system/test_http_endpoint.py | 3 +-- x-pack/filebeat/tests/system/test_xpack_modules.py | 3 +-- 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/x-pack/filebeat/modules.d/checkpoint.yml.disabled b/x-pack/filebeat/modules.d/checkpoint.yml.disabled index dbb2e56f8e9..6963ecbef99 100644 --- a/x-pack/filebeat/modules.d/checkpoint.yml.disabled +++ b/x-pack/filebeat/modules.d/checkpoint.yml.disabled @@ -5,16 +5,8 @@ firewall: enabled: true - # Set which input to use between syslog (default), file or (m)tls. + # Set which input to use between syslog (default) or file. #var.input: syslog - - # In case you are using var.input: tls - #var.cafile: /my/ca.ct - #var.certfile: /my/cert.crt - #var.keyfile: /my/key.key - - # Set the pipeline name - #var.pipeline: mypipeline # The interface to listen to UDP based syslog traffic. Defaults to # localhost. Set to 0.0.0.0 to bind to all available interfaces. diff --git a/x-pack/filebeat/tests/system/test_http_endpoint.py b/x-pack/filebeat/tests/system/test_http_endpoint.py index 8d0b863b70b..96d434bd674 100644 --- a/x-pack/filebeat/tests/system/test_http_endpoint.py +++ b/x-pack/filebeat/tests/system/test_http_endpoint.py @@ -1,3 +1,4 @@ +from filebeat import BaseTest import jinja2 import requests import sys @@ -7,8 +8,6 @@ sys.path.append(os.path.join(os.path.dirname(__file__), '../../../../filebeat/tests/system')) -from filebeat import BaseTest - class Test(BaseTest): """ diff --git a/x-pack/filebeat/tests/system/test_xpack_modules.py b/x-pack/filebeat/tests/system/test_xpack_modules.py index 566850a4720..90b4e44f172 100644 --- a/x-pack/filebeat/tests/system/test_xpack_modules.py +++ b/x-pack/filebeat/tests/system/test_xpack_modules.py @@ -1,10 +1,9 @@ +import test_modules import os import sys sys.path.append(os.path.join(os.path.dirname(__file__), '../../../../filebeat/tests/system')) -import test_modules - class XPackTest(test_modules.Test): From e5d28abe2717430f29f0a3907e15d3b706a03575 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Thu, 27 Aug 2020 11:03:58 +0200 Subject: [PATCH 05/13] cleanup(checkpoint): remove obsolete log_level --- x-pack/filebeat/module/checkpoint/firewall/manifest.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml index 848f235d31f..ef6fee6facc 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml @@ -9,8 +9,6 @@ var: default: 9001 - name: input default: syslog - - name: log_level - default: 7 - name: certfile default: "" - name: keyfile From a8f1b066000d22bb536a4b33ffb43c8a520ffc07 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Thu, 27 Aug 2020 11:16:05 +0200 Subject: [PATCH 06/13] refactor(checkpoint): move to .ssl --- .../filebeat/module/cef/_meta/docs.asciidoc | 12 +++++++++ .../checkpoint/firewall/config/firewall.yml | 25 ++++++++----------- .../module/checkpoint/firewall/manifest.yml | 7 +----- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/x-pack/filebeat/module/cef/_meta/docs.asciidoc b/x-pack/filebeat/module/cef/_meta/docs.asciidoc index 365a07b933a..8daaecb035f 100644 --- a/x-pack/filebeat/module/cef/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/cef/_meta/docs.asciidoc @@ -41,6 +41,18 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[cef, forwarded]`. +*`var.ssl`*:: + +The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. +```yaml +ssl: + enabled: true + certificate_authorities: ["my-ca.pem"] + certificate: "filebeat-cert.pem" + key: "filebeat-key.pem" + client_authentication: "required" +``` + [float] ==== Forcepoint NGFW Security Management Center diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index 6222d9e1b54..105eaef8b55 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -1,4 +1,10 @@ -{{ if eq .input "syslog" }} +{{ if .ssl }} + +type: tcp +host: "{{.syslog_host}}:{{.syslog_port}}" +ssl: {{ .ssl | tojson }} + +{{ else if eq .input "syslog" }} type: syslog protocol.udp: @@ -7,19 +13,6 @@ protocol.udp: pipeline: "{{.pipeline}}" {{ end }} -{{ else if eq .input "tls" }} -type: tcp -host: "{{.syslog_host}}:{{.syslog_port}}" -ssl: - enabled: true - certificate_authorities: ["{{.cafile}}"] - certificate: "{{.certfile}}" - key: "{{.keyfile}}" - client_authentication: "required" -{{ if ne .pipeline "" }} -pipeline: "{{.pipeline}}" -{{ end }} - {{ else if eq .input "file" }} type: log @@ -31,6 +24,10 @@ exclude_files: [".gz$"] {{ end }} +{{ if ne .pipeline "" }} +pipeline: "{{.pipeline}}" +{{ end }} + tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} diff --git a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml index ef6fee6facc..c3591e7ed9f 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml @@ -9,12 +9,7 @@ var: default: 9001 - name: input default: syslog - - name: certfile - default: "" - - name: keyfile - default: "" - - name: cafile - default: "" + - name: ssl - name: pipeline default: "" From ae683e9284f101957d7e44caf213b134cb3caef2 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Thu, 27 Aug 2020 11:17:38 +0200 Subject: [PATCH 07/13] chore(x-pack): revert ide fix --- x-pack/filebeat/tests/system/test_http_endpoint.py | 2 +- x-pack/filebeat/tests/system/test_xpack_modules.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/filebeat/tests/system/test_http_endpoint.py b/x-pack/filebeat/tests/system/test_http_endpoint.py index 96d434bd674..e1d323da6c5 100644 --- a/x-pack/filebeat/tests/system/test_http_endpoint.py +++ b/x-pack/filebeat/tests/system/test_http_endpoint.py @@ -1,4 +1,3 @@ -from filebeat import BaseTest import jinja2 import requests import sys @@ -8,6 +7,7 @@ sys.path.append(os.path.join(os.path.dirname(__file__), '../../../../filebeat/tests/system')) +from filebeat import BaseTest class Test(BaseTest): """ diff --git a/x-pack/filebeat/tests/system/test_xpack_modules.py b/x-pack/filebeat/tests/system/test_xpack_modules.py index 90b4e44f172..ca0a435ff92 100644 --- a/x-pack/filebeat/tests/system/test_xpack_modules.py +++ b/x-pack/filebeat/tests/system/test_xpack_modules.py @@ -1,9 +1,9 @@ -import test_modules import os import sys sys.path.append(os.path.join(os.path.dirname(__file__), '../../../../filebeat/tests/system')) +import test_modules class XPackTest(test_modules.Test): From 8b8c15ef4fb93d1be10f47a628825d909be53b1e Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Tue, 8 Sep 2020 10:05:17 +0200 Subject: [PATCH 08/13] chore(changelog): add f5 asm ref --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1e9a4eb011b..a37fbe6ba04 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -334,6 +334,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* +- Add F5 ASM filebeat module {issue}20800[20800] {pull}19560[19560] - Set event.outcome field based on googlecloud audit log output. {pull}15731[15731] - Add dashboard for AWS ELB fileset. {pull}15804[15804] - Add dashboard for AWS vpcflow fileset. {pull}16007[16007] From 645ac3870edbb9c171e6353c62abbcd70676df58 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Tue, 8 Sep 2020 10:09:07 +0200 Subject: [PATCH 09/13] revert(changelog): remove f5 asm mod --- CHANGELOG.next.asciidoc | 1 - 1 file changed, 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a37fbe6ba04..1e9a4eb011b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -334,7 +334,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* -- Add F5 ASM filebeat module {issue}20800[20800] {pull}19560[19560] - Set event.outcome field based on googlecloud audit log output. {pull}15731[15731] - Add dashboard for AWS ELB fileset. {pull}15804[15804] - Add dashboard for AWS vpcflow fileset. {pull}16007[16007] From 09adc6894d2a7b162fba6bc7309837903229bbd8 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Tue, 8 Sep 2020 10:11:40 +0200 Subject: [PATCH 10/13] chore(changelog): add checkpoint tls --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 1e9a4eb011b..a9dbfebcd4c 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -25,6 +25,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* +- Add TLS + pipeline options to checkpoint module {pull}19560[19560] - Improve ECS field mappings in panw module. event.outcome now only contains success/failure per ECS specification. {issue}16025[16025] {pull}17910[17910] - Improve ECS categorization field mappings for nginx module. http.request.referrer only populated when nginx sets a value {issue}16174[16174] {pull}17844[17844] - Improve ECS field mappings in santa module. move hash.sha256 to process.hash.sha256 & move certificate fields to santa.certificate . {issue}16180[16180] {pull}17982[17982] From 4077c6ec1c1594d4dd83288b4e536136402c9ce2 Mon Sep 17 00:00:00 2001 From: Niels Hofmans Date: Tue, 8 Sep 2020 11:31:19 +0200 Subject: [PATCH 11/13] chore: fix lint warnings --- filebeat/docs/modules/cef.asciidoc | 12 ++++++++++++ filebeat/tests/system/filebeat.py | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/filebeat/docs/modules/cef.asciidoc b/filebeat/docs/modules/cef.asciidoc index cb5af4a9230..164a4113e3d 100644 --- a/filebeat/docs/modules/cef.asciidoc +++ b/filebeat/docs/modules/cef.asciidoc @@ -46,6 +46,18 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[cef, forwarded]`. +*`var.ssl`*:: + +The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. +```yaml +ssl: + enabled: true + certificate_authorities: ["my-ca.pem"] + certificate: "filebeat-cert.pem" + key: "filebeat-key.pem" + client_authentication: "required" +``` + [float] ==== Forcepoint NGFW Security Management Center diff --git a/filebeat/tests/system/filebeat.py b/filebeat/tests/system/filebeat.py index 39c14518476..7e926b6365b 100644 --- a/filebeat/tests/system/filebeat.py +++ b/filebeat/tests/system/filebeat.py @@ -1,3 +1,4 @@ +from beat.beat import TestCase, TimeoutError, REGEXP_TYPE import json import os import stat @@ -6,7 +7,6 @@ curdir = os.path.dirname(__file__) sys.path.append(os.path.join(curdir, '../../../libbeat/tests/system')) -from beat.beat import TestCase, TimeoutError, REGEXP_TYPE default_registry_file = 'registry/filebeat/data.json' From d820d7a6b20a7a86aad45493f6cd155417d1f1f0 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 16 Sep 2020 15:28:39 +0200 Subject: [PATCH 12/13] Undo some changes and move docs to checkpoint --- CHANGELOG.next.asciidoc | 2 +- filebeat/docs/modules/cef.asciidoc | 12 ------------ filebeat/docs/modules/checkpoint.asciidoc | 12 ++++++++++++ filebeat/tests/system/filebeat.py | 5 +---- x-pack/filebeat/module/cef/_meta/docs.asciidoc | 12 ------------ .../filebeat/module/checkpoint/_meta/docs.asciidoc | 12 ++++++++++++ .../module/checkpoint/firewall/config/firewall.yml | 7 ------- .../filebeat/module/checkpoint/firewall/manifest.yml | 2 -- x-pack/filebeat/tests/system/test_http_endpoint.py | 1 + x-pack/filebeat/tests/system/test_xpack_modules.py | 1 + 10 files changed, 28 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c641f382b6c..5d1823b7de7 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -30,7 +30,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* -- Add TLS + pipeline options to checkpoint module {pull}19560[19560] - Improve ECS field mappings in panw module. event.outcome now only contains success/failure per ECS specification. {issue}16025[16025] {pull}17910[17910] - Improve ECS categorization field mappings for nginx module. http.request.referrer only populated when nginx sets a value {issue}16174[16174] {pull}17844[17844] - Improve ECS field mappings in santa module. move hash.sha256 to process.hash.sha256 & move certificate fields to santa.certificate . {issue}16180[16180] {pull}17982[17982] @@ -577,6 +576,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] - Added new module for Zoom webhooks {pull}20414[20414] - Add type and sub_type to panw panos fileset {pull}20912[20912] +- Add SSL option to checkpoint module {pull}19560[19560] *Heartbeat* diff --git a/filebeat/docs/modules/cef.asciidoc b/filebeat/docs/modules/cef.asciidoc index 164a4113e3d..cb5af4a9230 100644 --- a/filebeat/docs/modules/cef.asciidoc +++ b/filebeat/docs/modules/cef.asciidoc @@ -46,18 +46,6 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[cef, forwarded]`. -*`var.ssl`*:: - -The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. -```yaml -ssl: - enabled: true - certificate_authorities: ["my-ca.pem"] - certificate: "filebeat-cert.pem" - key: "filebeat-key.pem" - client_authentication: "required" -``` - [float] ==== Forcepoint NGFW Security Management Center diff --git a/filebeat/docs/modules/checkpoint.asciidoc b/filebeat/docs/modules/checkpoint.asciidoc index de72aabb2b3..b7905cca533 100644 --- a/filebeat/docs/modules/checkpoint.asciidoc +++ b/filebeat/docs/modules/checkpoint.asciidoc @@ -68,6 +68,18 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[checkpoint-firewall, forwarded]`. +*`var.ssl`*:: + +The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. +```yaml +ssl: + enabled: true + certificate_authorities: ["my-ca.pem"] + certificate: "filebeat-cert.pem" + key: "filebeat-key.pem" + client_authentication: "required" +``` + [float] ==== Check Point devices diff --git a/filebeat/tests/system/filebeat.py b/filebeat/tests/system/filebeat.py index 6b5cf3add41..92df15911bb 100644 --- a/filebeat/tests/system/filebeat.py +++ b/filebeat/tests/system/filebeat.py @@ -1,12 +1,9 @@ -from beat.beat import TestCase, TimeoutError, REGEXP_TYPE import json import os import stat import sys -curdir = os.path.dirname(__file__) -sys.path.append(os.path.join(curdir, '../../../libbeat/tests/system')) - +from beat.beat import TestCase, TimeoutError, REGEXP_TYPE default_registry_path = 'registry/filebeat' diff --git a/x-pack/filebeat/module/cef/_meta/docs.asciidoc b/x-pack/filebeat/module/cef/_meta/docs.asciidoc index 8daaecb035f..365a07b933a 100644 --- a/x-pack/filebeat/module/cef/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/cef/_meta/docs.asciidoc @@ -41,18 +41,6 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[cef, forwarded]`. -*`var.ssl`*:: - -The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. -```yaml -ssl: - enabled: true - certificate_authorities: ["my-ca.pem"] - certificate: "filebeat-cert.pem" - key: "filebeat-key.pem" - client_authentication: "required" -``` - [float] ==== Forcepoint NGFW Security Management Center diff --git a/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc b/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc index b09dcde2333..dd8e45318d5 100644 --- a/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/checkpoint/_meta/docs.asciidoc @@ -63,6 +63,18 @@ A list of tags to include in events. Including `forwarded` indicates that the events did not originate on this host and causes `host.name` to not be added to events. Defaults to `[checkpoint-firewall, forwarded]`. +*`var.ssl`*:: + +The SSL/TLS configuration for the filebeat instance. This can be used to enforce mutual TLS. +```yaml +ssl: + enabled: true + certificate_authorities: ["my-ca.pem"] + certificate: "filebeat-cert.pem" + key: "filebeat-key.pem" + client_authentication: "required" +``` + [float] ==== Check Point devices diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index 105eaef8b55..51f7ad3b47f 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -9,9 +9,6 @@ ssl: {{ .ssl | tojson }} type: syslog protocol.udp: host: "{{.syslog_host}}:{{.syslog_port}}" - {{ if ne .pipeline "" }} - pipeline: "{{.pipeline}}" - {{ end }} {{ else if eq .input "file" }} @@ -24,10 +21,6 @@ exclude_files: [".gz$"] {{ end }} -{{ if ne .pipeline "" }} -pipeline: "{{.pipeline}}" -{{ end }} - tags: {{.tags | tojson}} publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} diff --git a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml index c3591e7ed9f..69301541669 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/manifest.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/manifest.yml @@ -10,8 +10,6 @@ var: - name: input default: syslog - name: ssl - - name: pipeline - default: "" ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/tests/system/test_http_endpoint.py b/x-pack/filebeat/tests/system/test_http_endpoint.py index 8035dcafd06..cfb8aa37ebf 100644 --- a/x-pack/filebeat/tests/system/test_http_endpoint.py +++ b/x-pack/filebeat/tests/system/test_http_endpoint.py @@ -6,6 +6,7 @@ from filebeat import BaseTest from requests.auth import HTTPBasicAuth + class Test(BaseTest): """ Test filebeat with the http_endpoint input diff --git a/x-pack/filebeat/tests/system/test_xpack_modules.py b/x-pack/filebeat/tests/system/test_xpack_modules.py index 98d9b46f90f..e0397a99811 100644 --- a/x-pack/filebeat/tests/system/test_xpack_modules.py +++ b/x-pack/filebeat/tests/system/test_xpack_modules.py @@ -2,6 +2,7 @@ import sys import test_modules + class XPackTest(test_modules.Test): @classmethod From 4f9f621c0432ec0823f60edf1c5ad67645e8544c Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 19 Oct 2020 10:26:41 +0200 Subject: [PATCH 13/13] Move changelog entry --- CHANGELOG.next.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 58f05dcd878..ea32a3d7f58 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -620,7 +620,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Improve Suricata Eve module with `x509` ECS mappings {pull}20973[20973] - Added new module for Zoom webhooks {pull}20414[20414] - Add type and sub_type to panw panos fileset {pull}20912[20912] -- Add SSL option to checkpoint module {pull}19560[19560] - Always attempt community_id processor on zeek module {pull}21155[21155] - Add related.hosts ecs field to all modules {pull}21160[21160] - Keep cursor state between httpjson input restarts {pull}20751[20751] @@ -631,6 +630,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - New juniper.srx dataset for Juniper SRX logs. {pull}20017[20017] - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) {pull}21446[21446] - Adding support for FIPS in s3 input {pull}21446[21446] +- Add SSL option to checkpoint module {pull}19560[19560] *Heartbeat*