diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index dc6a588dc1b..27a2a77064e 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -69,6 +69,8 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add `while_pattern` type to multiline reader. {pull}19662[19662]
 - Tracking session end reason in panw module. {pull}18705[18705]
 - Fix PANW field spelling "veredict" to "verdict" on event.action {pull}18808[18808]
+- Removed experimental modules `citrix`, `kaspersky`, `rapid7` and `tenable`. {pull}20706[20706]
+- Add support for GMT timezone offsets in `decode_cef`. {pull}20993[20993]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/processors/decode_cef/cef/types.go b/x-pack/filebeat/processors/decode_cef/cef/types.go
index c2c6776dcdb..a0e39c27b4c 100644
--- a/x-pack/filebeat/processors/decode_cef/cef/types.go
+++ b/x-pack/filebeat/processors/decode_cef/cef/types.go
@@ -105,6 +105,7 @@ var timeLayouts = []string{
 	"Jan _2 15:04:05.000 MST",
 	"Jan _2 15:04:05.000 Z0700",
 	"Jan _2 15:04:05.000 Z07:00",
+	"Jan _2 15:04:05.000 GMT-07:00",
 
 	// MMM dd HH:mm:sss.SSS
 	"Jan _2 15:04:05.000",
@@ -113,6 +114,7 @@ var timeLayouts = []string{
 	"Jan _2 15:04:05 MST",
 	"Jan _2 15:04:05 Z0700",
 	"Jan _2 15:04:05 Z07:00",
+	"Jan _2 15:04:05 GMT-07:00",
 
 	// MMM dd HH:mm:ss
 	"Jan _2 15:04:05",
@@ -121,6 +123,7 @@ var timeLayouts = []string{
 	"Jan _2 2006 15:04:05.000 MST",
 	"Jan _2 2006 15:04:05.000 Z0700",
 	"Jan _2 2006 15:04:05.000 Z07:00",
+	"Jan _2 2006 15:04:05.000 GMT-07:00",
 
 	// MMM dd yyyy HH:mm:ss.SSS
 	"Jan _2 2006 15:04:05.000",
@@ -129,6 +132,7 @@ var timeLayouts = []string{
 	"Jan _2 2006 15:04:05 MST",
 	"Jan _2 2006 15:04:05 Z0700",
 	"Jan _2 2006 15:04:05 Z07:00",
+	"Jan _2 2006 15:04:05 GMT-07:00",
 
 	// MMM dd yyyy HH:mm:ss
 	"Jan _2 2006 15:04:05",
diff --git a/x-pack/filebeat/processors/decode_cef/cef/types_test.go b/x-pack/filebeat/processors/decode_cef/cef/types_test.go
index 142538eece4..fe44c13abb8 100644
--- a/x-pack/filebeat/processors/decode_cef/cef/types_test.go
+++ b/x-pack/filebeat/processors/decode_cef/cef/types_test.go
@@ -21,6 +21,7 @@ func TestToTimestamp(t *testing.T) {
 		"Jun 23 17:37:24.000 +05",
 		"Jun 23 17:37:24.000 +0500",
 		"Jun 23 17:37:24.000 +05:00",
+		"Jun 23 17:37:24.000 GMT+05:00",
 
 		// MMM dd HH:mm:sss.SSS
 		"Jun 23 17:37:24.000",
@@ -31,6 +32,7 @@ func TestToTimestamp(t *testing.T) {
 		"Jun 23 17:37:24 +05",
 		"Jun 23 17:37:24 +0500",
 		"Jun 23 17:37:24 +05:00",
+		"Jun 23 17:37:24 GMT+05:00",
 
 		// MMM dd HH:mm:ss
 		"Jun 23 17:37:24",
@@ -41,6 +43,7 @@ func TestToTimestamp(t *testing.T) {
 		"Jun 23 2020 17:37:24.000 +05",
 		"Jun 23 2020 17:37:24.000 +0500",
 		"Jun 23 2020 17:37:24.000 +05:00",
+		"Jun 23 2020 17:37:24.000 GMT+05:00",
 
 		// MMM dd yyyy HH:mm:ss.SSS
 		"Jun 23 2020 17:37:24.000",
@@ -51,6 +54,7 @@ func TestToTimestamp(t *testing.T) {
 		"Jun 23 2020 17:37:24 +05",
 		"Jun 23 2020 17:37:24 +0500",
 		"Jun 23 2020 17:37:24 +05:00",
+		"Jun 23 2020 17:37:24 GMT+05:00",
 
 		// MMM dd yyyy HH:mm:ss
 		"Jun 23 2020 17:37:24",