Cherry-pick #16843 to 7.x: [Filebeat] Improve ECS field mappings in suricata module #16990

leehinman · 2020-03-12T23:25:54Z

Cherry-pick of PR #16843 to 7.x branch. Original message:

destination.domain
dns.question.top_level_domain
event.category
event.kind
event.outcome
event.type
related.hash
related.ip
rule.category
rule.id
rule.name
tls.client.server_name
tls.resumed
tls.server.certificate
tls.server.certificate_chain
tls.server.hash.sha1
tls.server.issuer
tls.server.ja3s
tls.server.not_after
tls.server.not_before
tls.server.subject
tls.version
tls.version_protocol

* Improve ECS field mappings in suricata module - destination.domain - dns.question.top_level_domain - event.category - event.kind - event.outcome - event.type - related.hash - related.ip - rule.category - rule.id - rule.name - tls.client.server_name - tls.resumed - tls.server.certificate - tls.server.certificate_chain - tls.server.hash.sha1 - tls.server.issuer - tls.server.ja3s - tls.server.not_after - tls.server.not_before - tls.server.subject - tls.version - tls.version_protocol Closes elastic#16181 (cherry picked from commit 7eb2fba)

elasticmachine · 2020-03-16T16:08:48Z

Pinging @elastic/siem (Team:SIEM)

leehinman added backport review labels Mar 12, 2020

leehinman force-pushed the backport_16843_7.x branch from cf25deb to 882ca0a Compare March 12, 2020 23:27

leehinman added the Team:SIEM label Mar 16, 2020

andrewkroh approved these changes Mar 16, 2020

View reviewed changes

Merge branch '7.x' into backport_16843_7.x

72fec53

leehinman merged commit 0eeb109 into elastic:7.x Mar 17, 2020

leehinman deleted the backport_16843_7.x branch March 17, 2020 13:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cherry-pick #16843 to 7.x: [Filebeat] Improve ECS field mappings in suricata module #16990

Cherry-pick #16843 to 7.x: [Filebeat] Improve ECS field mappings in suricata module #16990

Uh oh!

leehinman commented Mar 12, 2020 •

edited by andresrc

Loading

Uh oh!

elasticmachine commented Mar 16, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Cherry-pick #16843 to 7.x: [Filebeat] Improve ECS field mappings in suricata module #16990

Cherry-pick #16843 to 7.x: [Filebeat] Improve ECS field mappings in suricata module #16990

Uh oh!

Conversation

leehinman commented Mar 12, 2020 • edited by andresrc Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

elasticmachine commented Mar 16, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

leehinman commented Mar 12, 2020 •

edited by andresrc

Loading