PANW module is incorrectly mapping client/source and server/destination bytes and packets

[adriansr]

For confirmed bugs, please report:

• Version: all
• Operating System: -
• Discuss Forum URL: https://discuss.elastic.co/t/panw-schema-bugs-in-bytes-sent-received-and-packets-sent-received/208090
• Steps to Reproduce: -

Quoting from the discuss post:

There are some inconsistencies in the way the bytes sent/received and packets sent/received are being mapped in the panw module for filebeat. According to ECS the traditional "bytes_sent" would be mapped to "client.bytes" and/or "source.bytes", and "bytes_received" would be mapped to "server.bytes" and/or "destination.bytes". "packets_sent" would be mapped to "client.packets" and/or "source.packets", and "packets_received" would be mapped to "server.packets" and/or "destination.packets". This is not how panw has been implemented.

PANW pipeline is mapping:

Bytes sent to client/destination bytes.
Bytes received to server/source bytes.
Packets sent to server/destination packets.
Packets received to client/source packets.

All of these mappings are wrong.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)