Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #20973 to 7.x: [Filebeat][suricata] Map x509 for suricata/eve fileset #21018

Merged
merged 1 commit into from
Sep 10, 2020
Merged

Cherry-pick #20973 to 7.x: [Filebeat][suricata] Map x509 for suricata/eve fileset #21018

merged 1 commit into from
Sep 10, 2020

Conversation

marc-gr
Copy link
Contributor

@marc-gr marc-gr commented Sep 8, 2020
edited by zube bot
Loading

Cherry-pick of PR #20973 to 7.x branch. Original message:

What does this PR do?

Maps new ecs x509 fields for suricata eve fileset.

I changed the sample test logs values for tls.issuer and tls.subject following the examples that are shown in https://suricata.readthedocs.io/en/suricata-4.1.4/output/eve/eve-json-format.html#event-type-tls.

LMK if the previous ones were also correct since I could not find any examples in suricata docs that followed that format.

Why is it important?

To keep our modules up to date with ecs 1.6

Checklist

- [ ] My code follows the style guidelines of this project
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] I have made corresponding change to the default configuration files

  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 8, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 8, 2020
@elasticmachine
Copy link
Collaborator

elasticmachine commented Sep 8, 2020
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21018 updated]

  • Start Time: 2020-09-09T14:45:44.922+0000

  • Duration: 57 min 21 sec

Test stats 🧪

Test Results
Failed 0
Passed 2474
Skipped 388
Total 2862

leehinman
leehinman requested changes Sep 8, 2020
View reviewed changes
CHANGELOG.next.asciidoc Outdated
Comment on lines 639 to 643
- Improve Fortinet firewall module with `x509` ECS mappings {pull}20983[20983]
- Improve Santa module with `x509` ECS mappings {pull}20976[20976]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like cherry_pick script picked up extra Changelog lines

@marc-gr
[Filebeat][suricata] Map x509 for suricata/eve fileset (elastic#20973)
09eb206 
* Map x509 for suricata/eve fileset

* Fix not_before condition and bump ecs version

(cherry picked from commit 70d6bde)
@marc-gr marc-gr merged commit a914041 into elastic:7.x Sep 10, 2020
@marc-gr marc-gr deleted the backport_20973_7.x branch September 10, 2020 07:01
@zube zube bot removed the [zube]: Done label Dec 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@marc-gr @elasticmachine @leehinman