diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index 0ec8afd692f..69d2d3604a0 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.2" + changes: + - description: Make event.original optional + type: enhancement + link: https://github.com/elastic/integrations/pull/1007 - version: "0.7.1" changes: - description: update to ECS 1.9.0 diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-config.yml b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-config.yml index c39dc386179..3ab5157c17e 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-config.yml +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-config.yml @@ -1,2 +1,5 @@ +fields: + tags: + - preserve_original_event dynamic_fields: event.ingested: ".*" diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 83e01a5c8e2..9497f6fdc39 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -12,7 +12,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354156172Z", + "ingested": "2021-05-19T10:14:01.811035400Z", + "original": "192.168.0.2,,set,admin,Web,Succeeded, config shared local-user-database user badguy,0,0x0", "created": "2013-03-25T23:58:57.000Z", "outcome": "success" }, @@ -21,7 +22,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -35,7 +39,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354176584Z", + "ingested": "2021-05-19T10:14:01.811050500Z", + "original": "192.168.0.2,,set,admin,Web,Succeeded, config mgt-config users badguy,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -44,7 +49,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -58,7 +66,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354177631Z", + "ingested": "2021-05-19T10:14:01.811060Z", + "original": "192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -67,7 +76,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -81,7 +93,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354178371Z", + "ingested": "2021-05-19T10:14:01.811068100Z", + "original": ",routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -90,7 +103,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -104,7 +120,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354179141Z", + "ingested": "2021-05-19T10:14:01.811132200Z", + "original": ",ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -113,7 +130,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -127,7 +147,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354179880Z", + "ingested": "2021-05-19T10:14:01.811140900Z", + "original": ",routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -136,7 +157,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -150,7 +174,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354180595Z", + "ingested": "2021-05-19T10:14:01.811149Z", + "original": ",rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -159,7 +184,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -173,7 +201,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354181317Z", + "ingested": "2021-05-19T10:14:01.811157200Z", + "original": "192.168.0.2,,edit,badguy,Web,Succeeded, vsys vsys1 profiles url-filtering monzyspolicy,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -182,7 +211,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -196,7 +228,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354182030Z", + "ingested": "2021-05-19T10:14:01.811165200Z", + "original": "192.168.0.2,,commit,badguy,Web,Submitted,,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -205,7 +238,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -219,7 +255,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354182777Z", + "ingested": "2021-05-19T10:14:01.811173200Z", + "original": ",routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -228,7 +265,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -242,7 +282,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354183488Z", + "ingested": "2021-05-19T10:14:01.811181200Z", + "original": ",ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:02.000Z", "outcome": "success" }, @@ -251,7 +292,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -265,7 +309,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354184601Z", + "ingested": "2021-05-19T10:14:01.811189600Z", + "original": ",routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:07.000Z", "outcome": "success" }, @@ -274,7 +319,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -288,7 +336,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354185318Z", + "ingested": "2021-05-19T10:14:01.811197700Z", + "original": ",ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:07.000Z", "outcome": "success" }, @@ -297,7 +346,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -311,7 +363,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354186027Z", + "ingested": "2021-05-19T10:14:01.811266500Z", + "original": ",rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:07.000Z", "outcome": "success" }, @@ -320,7 +373,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -334,7 +390,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354186735Z", + "ingested": "2021-05-19T10:14:01.811306100Z", + "original": ",unknown,,0,0,general,informational,Config installed,909,0x0", "created": "2013-03-25T23:59:07.000Z", "outcome": "success" }, @@ -343,7 +400,10 @@ "type": "SYSTEM", "sub_type": "general" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -357,7 +417,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354187434Z", + "ingested": "2021-05-19T10:14:01.811317400Z", + "original": ",general,,0,0,general,informational,Log type config cleared by user badguy ,0,0x0", "created": "2013-03-25T23:59:07.000Z", "outcome": "success" }, @@ -366,7 +427,10 @@ "type": "SYSTEM", "sub_type": "general" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -380,7 +444,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354188282Z", + "ingested": "2021-05-19T10:14:01.811325900Z", + "original": ",unknown,,0,0,general,informational,Config installed,884,0x0", "created": "2013-03-25T23:59:22.000Z", "outcome": "success" }, @@ -389,7 +454,10 @@ "type": "SYSTEM", "sub_type": "general" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -403,7 +471,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354189014Z", + "ingested": "2021-05-19T10:14:01.811333900Z", + "original": ",rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:22.000Z", "outcome": "success" }, @@ -412,7 +481,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -426,7 +498,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354189805Z", + "ingested": "2021-05-19T10:14:01.811342Z", + "original": ",ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:22.000Z", "outcome": "success" }, @@ -435,7 +508,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -449,7 +525,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354190525Z", + "ingested": "2021-05-19T10:14:01.811350Z", + "original": ",routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:22.000Z", "outcome": "success" }, @@ -458,7 +535,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -472,7 +552,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354191278Z", + "ingested": "2021-05-19T10:14:01.811357900Z", + "original": ",rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:22.000Z", "outcome": "success" }, @@ -481,7 +562,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -495,7 +579,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354191998Z", + "ingested": "2021-05-19T10:14:01.811365900Z", + "original": ",routed-config-p1-success,,0,0,general,informational,Route daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -504,7 +589,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -518,7 +606,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354192711Z", + "ingested": "2021-05-19T10:14:01.811373800Z", + "original": ",unknown,,0,0,general,informational,Config installed,840,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -527,7 +616,10 @@ "type": "SYSTEM", "sub_type": "general" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -541,7 +633,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354193588Z", + "ingested": "2021-05-19T10:14:01.811439100Z", + "original": ",rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -550,7 +643,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -564,7 +660,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354194299Z", + "ingested": "2021-05-19T10:14:01.811447600Z", + "original": ",ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -573,7 +670,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -587,7 +687,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354195018Z", + "ingested": "2021-05-19T10:14:01.811455500Z", + "original": ",routed-config-p2-success,,0,0,general,informational,Route daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -596,7 +697,10 @@ "type": "SYSTEM", "sub_type": "routing" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -610,7 +714,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354195732Z", + "ingested": "2021-05-19T10:14:01.811463400Z", + "original": ",rasmgr-config-p1-success,,0,0,general,informational,RASMGR daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -619,7 +724,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -633,7 +741,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354196445Z", + "ingested": "2021-05-19T10:14:01.811471200Z", + "original": ",ike-config-p1-success,,0,0,general,informational,IKE daemon configuration load phase-1 succeeded.,0,0x0", "created": "2013-03-25T23:59:27.000Z", "outcome": "success" }, @@ -642,7 +751,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -656,7 +768,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354197153Z", + "ingested": "2021-05-19T10:14:01.811479300Z", + "original": "192.168.0.2,,commit,admin,Web,Submitted,,0,0x0", "created": "2013-03-25T23:59:32.000Z", "outcome": "success" }, @@ -665,7 +778,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -679,7 +795,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354197868Z", + "ingested": "2021-05-19T10:14:01.811487300Z", + "original": "192.168.0.2,,edit,admin,Web,Succeeded, vsys vsys1 profiles data-objects PII,0,0x0", "created": "2013-03-25T23:59:32.000Z", "outcome": "success" }, @@ -688,7 +805,10 @@ "type": "CONFIG", "sub_type": "0" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -702,7 +822,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354198588Z", + "ingested": "2021-05-19T10:14:01.811495400Z", + "original": ",unknown,,0,0,general,informational,Config installed,821,0x0", "created": "2013-03-25T23:59:47.000Z", "outcome": "success" }, @@ -711,7 +832,10 @@ "type": "SYSTEM", "sub_type": "general" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -725,7 +849,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354199401Z", + "ingested": "2021-05-19T10:14:01.811503200Z", + "original": ",rasmgr-config-p2-success,,0,0,general,informational,RASMGR daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:47.000Z", "outcome": "success" }, @@ -734,7 +859,10 @@ "type": "SYSTEM", "sub_type": "ras" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "observer": { @@ -748,7 +876,8 @@ "version": "1.9.0" }, "event": { - "ingested": "2021-04-23T12:56:23.354200206Z", + "ingested": "2021-05-19T10:14:01.811511900Z", + "original": ",ike-config-p2-success,,0,0,general,informational,IKE daemon configuration load phase-2 succeeded.,0,0x0", "created": "2013-03-25T23:59:47.000Z", "outcome": "success" }, @@ -757,7 +886,10 @@ "type": "SYSTEM", "sub_type": "vpn" } - } + }, + "tags": [ + "preserve_original_event" + ] }, { "destination": { @@ -831,6 +963,9 @@ "related_vsys": "vsys1" } }, + "tags": [ + "preserve_original_event" + ], "network": { "community_id": "1:mY2EPMYo0US42k87/2uTzjo/rGA=", "transport": "tcp", @@ -876,7 +1011,8 @@ }, "event": { "duration": 0, - "ingested": "2021-04-23T12:56:23.354200922Z", + "ingested": "2021-05-19T10:14:01.811573600Z", + "original": "192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", "created": "2012-10-30T09:46:17.000Z", "kind": "event", "start": "2012-04-10T04:39:56.000Z", diff --git a/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs b/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs index 3988c37944d..6a5809b6170 100644 --- a/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs +++ b/packages/panw/data_stream/panos/agent/stream/logfile.yml.hbs @@ -7,6 +7,9 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} {{#contains tags "forwarded"}} publisher_pipeline.disable_host: true {{/contains}} diff --git a/packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs b/packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs index b1e5b684c70..a6ec6d410dc 100644 --- a/packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs +++ b/packages/panw/data_stream/panos/agent/stream/syslog.yml.hbs @@ -4,6 +4,9 @@ tags: {{#each tags as |tag i|}} - {{tag}} {{/each}} +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} {{#contains tags "forwarded"}} publisher_pipeline.disable_host: true {{/contains}} diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index 22740e8f1c9..5070e17dc5c 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -89,8 +89,12 @@ processors: - panw.panos.scp.chunks_sent - panw.panos.scp.chunks_received - - csv: + - rename: field: message + target_field: event.original + + - csv: + field: event.original if: ctx?.panw?.panos?.type == 'THREAT' target_fields: - source.ip @@ -801,7 +805,6 @@ processors: - remove: field: - _temp_ - - message - _conf ignore_missing: true @@ -817,6 +820,12 @@ processors: - destination.nat.port if: 'ctx?.destination?.nat?.ip == "0.0.0.0" && ctx?.destination?.nat?.port == 0' + - remove: + field: event.original + if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))" + ignore_failure: true + ignore_missing: true + on_failure: - append: field: "error.message" diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index d24d35d04ba..b683d3d1875 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Networks -version: 0.7.1 +version: 0.7.2 release: experimental description: Palo Alto Networks Integration type: integration @@ -29,6 +29,8 @@ policy_templates: description: Collect logs from Palo Alto Networks PAN-OS firewall inputs: - type: syslog + title: "Collect logs via syslog" + description: "Collecting logs via syslog" vars: - name: syslog_host type: text @@ -44,10 +46,17 @@ policy_templates: required: true show_user: true default: 9001 - title: "Collect logs via syslog" - description: "Collecting logs via syslog" + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false - type: logfile title: "Collect logs via log file" + description: "Collecting logs via log file" vars: - name: paths type: text @@ -57,6 +66,13 @@ policy_templates: show_user: true default: - /var/log/pan-os.log - description: "Collecting logs via log file" + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false owner: github: elastic/security-external-integrations