From 13db01b792fe100f8ef401e44887a12668988638 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Mon, 19 Apr 2021 16:42:09 +0200 Subject: [PATCH 1/3] Regenerate golden files for x-pack/filebeat --- .../add-user-to-group-json.log-expected.json | 1 - .../test/assume-role-json.log-expected.json | 6 +- .../change-password-json.log-expected.json | 2 - .../test/console-login-json.log-expected.json | 3 - .../create-access-key-json.log-expected.json | 1 - .../test/create-group-json.log-expected.json | 2 - .../create-key-pair-json.log-expected.json | 3 +- .../test/create-trail-json.log-expected.json | 1 - .../test/create-user-json.log-expected.json | 1 - ...-virtual-mfa-device-json.log-expected.json | 1 - ...activate-mfa-device-json.log-expected.json | 1 - .../delete-access-key-json.log-expected.json | 1 - .../test/delete-bucket-json.log-expected.json | 1 - .../test/delete-group-json.log-expected.json | 2 - ...lete-ssh-public-key-json.log-expected.json | 1 - .../test/delete-trail-json.log-expected.json | 1 - .../test/delete-user-json.log-expected.json | 1 - ...-virtual-mfa-device-json.log-expected.json | 1 - ...iguration_recorders-json.log-expected.json | 1 - .../enable-mfa-device-json.log-expected.json | 1 - ...ove-user-from-group-json.log-expected.json | 1 - .../test/start-logging-json.log-expected.json | 1 - .../test/stop-logging-json.log-expected.json | 1 - .../update-access-key-json.log-expected.json | 1 - ...out-password-policy-json.log-expected.json | 1 - .../test/update-group-json.log-expected.json | 2 - ...pdate-login-profile-json.log-expected.json | 1 - ...date-ssh-public-key-json.log-expected.json | 2 - .../test/update-trail-json.log-expected.json | 14 +- .../test/update-user-json.log-expected.json | 1 - ...load-ssh-public-key-json.log-expected.json | 1 - .../application-lb-http.log-expected.json | 100 +-- .../aws/elb/test/elb-http.log-expected.json | 40 +- .../aws/elb/test/elb-tcp.log-expected.json | 60 +- .../test/example-nlb-tcp.log-expected.json | 2 +- .../test/s3_server_access.log-expected.json | 18 +- .../aws/s3access/test/test.log-expected.json | 6 - .../accept-reject-traffic.log-expected.json | 22 +- .../test/tcp-flag-sequence.log-expected.json | 18 +- .../supporttickets_write.log-expected.json | 8 +- .../test/signinlogs.log-expected.json | 17 +- .../module/cef/log/test/cef.log-expected.json | 13 +- .../cef/log/test/checkpoint.log-expected.json | 6 +- .../test/checkpoint.log-expected.json | 468 +++++++---- .../test/cisco_amp2.ndjson.log-expected.json | 12 +- .../additional_messages.log-expected.json | 70 +- .../cisco/asa/test/asa-fix.log-expected.json | 6 +- .../asa/test/dap_records.log-expected.json | 13 +- .../cisco/asa/test/sample.log-expected.json | 13 +- .../cisco/ftd/test/dns.log-expected.json | 88 +- .../security-connection.log-expected.json | 16 +- .../security-file-malware.log-expected.json | 6 +- .../security-malware-site.log-expected.json | 7 +- .../test/cisco-ios-syslog.log-expected.json | 14 +- .../meraki/test/generated.log-expected.json | 108 +-- .../log/test/envoy-json.log-expected.json | 3 +- .../log/test/envoy.log-expected.json | 5 +- .../bigipafm/test/generated.log-expected.json | 424 +++++----- .../bigipapm/test/generated.log-expected.json | 17 +- .../test/generated.log-expected.json | 192 ++--- .../firewall/test/fortinet.log-expected.json | 71 +- .../test/generated.log-expected.json | 32 +- .../test/generated.log-expected.json | 426 +++++----- .../audit-log-entries.json.log-expected.json | 29 +- .../gcp/firewall/test/test.log-expected.json | 6 +- ...in-application-test.json.log-expected.json | 18 +- ...admin-calendar-test.json.log-expected.json | 26 +- .../admin-chat-test.json.log-expected.json | 8 +- ...admin-chromeos-test.json.log-expected.json | 42 +- ...admin-contacts-test.json.log-expected.json | 2 +- ...delegatedadmin-test.json.log-expected.json | 16 +- .../admin-docs-test.json.log-expected.json | 6 +- .../admin-domain-test.json.log-expected.json | 170 ++-- .../admin-gmail-test.json.log-expected.json | 18 +- .../admin-groups-test.json.log-expected.json | 28 +- ...admin-licenses-test.json.log-expected.json | 16 +- .../admin-mobile-test.json.log-expected.json | 62 +- .../admin-org-test.json.log-expected.json | 34 +- ...admin-security-test.json.log-expected.json | 48 +- .../admin-sites-test.json.log-expected.json | 10 +- .../admin-user-test.json.log-expected.json | 148 ++-- .../test/drive-test.json.log-expected.json | 56 +- .../test/groups-test.json.log-expected.json | 50 +- .../test/login-test.json.log-expected.json | 28 +- .../test/saml-test.json.log-expected.json | 4 +- .../user_accounts-test.json.log-expected.json | 16 +- ...in-application-test.json.log-expected.json | 18 +- ...admin-calendar-test.json.log-expected.json | 26 +- ...ite-admin-chat-test.json.log-expected.json | 8 +- ...admin-chromeos-test.json.log-expected.json | 42 +- ...admin-contacts-test.json.log-expected.json | 2 +- ...delegatedadmin-test.json.log-expected.json | 16 +- ...ite-admin-docs-test.json.log-expected.json | 6 +- ...e-admin-domain-test.json.log-expected.json | 170 ++-- ...te-admin-gmail-test.json.log-expected.json | 18 +- ...e-admin-groups-test.json.log-expected.json | 28 +- ...admin-licenses-test.json.log-expected.json | 16 +- ...e-admin-mobile-test.json.log-expected.json | 62 +- ...uite-admin-org-test.json.log-expected.json | 34 +- ...admin-security-test.json.log-expected.json | 48 +- ...te-admin-sites-test.json.log-expected.json | 10 +- ...ite-admin-user-test.json.log-expected.json | 148 ++-- .../gsuite-drive-test.json.log-expected.json | 56 +- .../gsuite-groups-test.json.log-expected.json | 50 +- .../gsuite-login-test.json.log-expected.json | 28 +- .../gsuite-saml-test.json.log-expected.json | 4 +- ...-user_accounts-test.json.log-expected.json | 16 +- .../iptables/log/test/geo.log-expected.json | 7 +- .../juniper/srx/test/atp.log-expected.json | 12 +- .../juniper/srx/test/flow.log-expected.json | 112 ++- .../juniper/srx/test/ids.log-expected.json | 62 +- .../srx/test/secintel.log-expected.json | 2 +- .../juniper/srx/test/utm.log-expected.json | 27 +- .../test/04-sharepoint.log-expected.json | 28 +- .../06-sharepointfileop.log-expected.json | 77 +- .../test/08-azuread-users.log-expected.json | 16 +- .../audit/test/08-azuread.log-expected.json | 396 ++++----- .../test/14-sp-sharing-op.log-expected.json | 30 +- .../15-azuread-sts-logon.log-expected.json | 405 ++++----- .../audit/test/22-yammer.log-expected.json | 4 +- .../test/25-ms-teams-groups.log-expected.json | 203 ++--- .../test/pan_inc_other.log-expected.json | 2 +- .../test/pan_inc_threat.log-expected.json | 281 +++---- .../test/pan_inc_traffic.log-expected.json | 223 ++--- .../panw/panos/test/threat.log-expected.json | 291 ++++--- .../panw/panos/test/traffic.log-expected.json | 334 ++++---- .../firewall/test/general.log-expected.json | 9 +- .../xg/test/anti-spam.log-expected.json | 38 +- .../xg/test/anti-virus.log-expected.json | 34 +- .../sophos/xg/test/atp.log-expected.json | 24 +- .../sophos/xg/test/cfilter.log-expected.json | 24 +- .../sophos/xg/test/event.log-expected.json | 38 +- .../sophos/xg/test/firewall.log-expected.json | 42 +- .../sophos/xg/test/idp.log-expected.json | 32 +- .../sophos/xg/test/waf.log-expected.json | 34 +- .../squid/log/test/access1.log-expected.json | 770 +++++++++--------- .../log/test/generated.log-expected.json | 652 +++++++-------- .../eve/test/eve-6.0.log-expected.json | 10 +- .../eve/test/eve-alerts.log-expected.json | 48 +- .../eve/test/eve-small.log-expected.json | 6 +- .../log/test/generated.log-expected.json | 358 +++----- .../test/connection-json.log-expected.json | 13 +- .../http/test/http-json.log-expected.json | 10 +- .../intel/test/intel-json.log-expected.json | 4 +- .../zeek/irc/test/irc-json.log-expected.json | 6 +- .../notice/test/notice-json.log-expected.json | 8 +- .../zeek/ntp/test/ntp-json.log-expected.json | 8 +- .../test/signature-json.log-expected.json | 4 +- .../zeek/sip/test/sip-json.log-expected.json | 42 +- .../zeek/ssl/test/ssl-json.log-expected.json | 24 +- .../test/traceroute-json.log-expected.json | 2 +- .../tunnel/test/tunnel-json.log-expected.json | 4 +- .../zia/test/generated.log-expected.json | 524 +++++------- .../zscaler/zia/test/test.log-expected.json | 5 +- 154 files changed, 4444 insertions(+), 4847 deletions(-) diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json index 5a1a6e7db812..50253665f083 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json @@ -44,7 +44,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "AWSConsole" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json index 2b8a53f8fb3f..c7da6129c46a 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json @@ -61,11 +61,12 @@ "source.address": "123.145.67.89", "source.as.number": 4837, "source.as.organization.name": "CHINA UNICOM China169 Backbone", + "source.geo.city_name": "Chongqing", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 29.5569, - "source.geo.location.lon": 106.5531, + "source.geo.location.lat": 29.5514, + "source.geo.location.lon": 106.5555, "source.geo.region_iso_code": "CN-CQ", "source.geo.region_name": "Chongqing", "source.ip": "123.145.67.89", @@ -75,7 +76,6 @@ "user.id": "AROAIN5ATK5U7KEXAMPLE:JohnRole1", "user.name": "JohnDoe", "user_agent.device.name": "Spider", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239", "user_agent.os.full": "Linux 4.9.184", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json index 2cf3e55f60e0..f6bb959a8d6c 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json @@ -41,7 +41,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" @@ -86,7 +85,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json index 790e4dfe383c..ca6b38754cb3 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -44,7 +44,6 @@ "user.id": "AIDACKCEVSQ6C2EXAMPLE", "user.name": "JohnDoe", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", @@ -98,7 +97,6 @@ "user.id": "AIDACKCEVSQ6C2EXAMPLE", "user.name": "JaneDoe", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", @@ -155,7 +153,6 @@ "user.id": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName", "user.name": "RoleToBeAssumed", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json index 5c6932130664..bfce5b07ccb4 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json @@ -51,7 +51,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json index 7df2dcb82dbc..7487c6d6581d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json @@ -52,7 +52,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -101,7 +100,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json index 9f5a5d4c47ef..2ea6ac7d8734 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -38,7 +38,7 @@ "service.type": "aws", "source.address": "72.21.198.64", "source.as.number": 16509, - "source.as.organization.name": "Amazon.com, Inc.", + "source.as.organization.name": "AMAZON-02", "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -54,7 +54,6 @@ "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "user_agent.os.name": "Linux" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json index 07ecdb035895..66e126a2da2c 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json @@ -53,7 +53,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json index 50852344f39d..65b0db2d2939 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json @@ -47,7 +47,6 @@ "user.target.id": "EXAMPLEUSERID", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.3.2 Python/2.7.5 Windows/7", "user_agent.os.name": "Windows", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json index f92a8bcea774..5ab34b15c5fa 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json @@ -46,7 +46,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json index 90280fe3dde1..2639ed8a4905 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json @@ -46,7 +46,6 @@ "user.name": "Alice", "user.target.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json index 2bdaaa2d56bf..8146718df72b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json @@ -47,7 +47,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json index 53aac5608fc6..a75b479f1f72 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json @@ -43,7 +43,6 @@ "user.id": "AIDAQRSTUVWXYZEXAMPLE:devdsk", "user.name": "AssumeNothing", "user_agent.device.name": "Spider", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]", "user_agent.os.full": "Linux 3.2.45", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json index a07e22e8cdc4..d1c2ab6f9e79 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json @@ -45,7 +45,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -94,7 +93,6 @@ "user.id": "EXAMPLE_PRINCIPLE", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json index a33b2e391276..d1f4415d4cdd 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json @@ -47,7 +47,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json index 94defa8dcb92..58a7d7a36adb 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json @@ -36,7 +36,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json index 6607e3567c55..ac0c0163b5da 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json @@ -46,7 +46,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json index c7b26ce84405..ec713a1c41b7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json @@ -44,7 +44,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json index 22dd8a467384..f89c1b5ab536 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json @@ -36,7 +36,6 @@ "user.id": "REDACTED", "user.name": "REDACTED", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "REDACTED" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json index da3ab76071d6..253bf3d45236 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json @@ -46,7 +46,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json index 558bf96826d7..419a86799cc8 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json @@ -48,7 +48,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json index bfd339246142..5d7299ae4c21 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json @@ -39,7 +39,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json index 5463d50587b2..266cded86f2e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json @@ -39,7 +39,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json index 9a3463220a9a..4b30eaed7ae3 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json @@ -48,7 +48,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json index 3f5caf284b74..edb7444604be 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json @@ -49,7 +49,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json index 43bc59eaf80c..95827327cec2 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json @@ -43,7 +43,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" @@ -94,7 +93,6 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json index 907a935f53f0..6992dc1a9786 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json @@ -46,7 +46,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json index 1d5fe8f519a1..12efc4cf0711 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json @@ -48,7 +48,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -101,7 +100,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json index 7174ce8774e3..17012f88e81b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -31,15 +31,15 @@ "service.type": "aws", "source.address": "205.251.233.182", "source.as.number": 16509, - "source.as.organization.name": "Amazon.com, Inc.", - "source.geo.city_name": "Boardman", + "source.as.organization.name": "AMAZON-02", + "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 45.8491, - "source.geo.location.lon": -119.7143, - "source.geo.region_iso_code": "US-OR", - "source.geo.region_name": "Oregon", + "source.geo.location.lat": 47.6109, + "source.geo.location.lon": -122.3303, + "source.geo.region_iso_code": "US-WA", + "source.geo.region_name": "Washington", "source.ip": "205.251.233.182", "tags": [ "forwarded" @@ -47,7 +47,6 @@ "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", "user_agent.device.name": "Spider", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22", "user_agent.os.name": "Windows", @@ -108,7 +107,6 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json index 28a6ffc218f2..068c1db631a5 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json @@ -46,7 +46,6 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json index b57283c9d757..d81ec8fa25b7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json @@ -47,7 +47,6 @@ "user.name": "Alice", "user.target.name": "Alice", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json b/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json index 2e82bd8d32bc..5f7924a82cc3 100644 --- a/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/application-lb-http.log-expected.json @@ -32,14 +32,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56398", "tags": [ @@ -81,14 +81,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56488", "tags": [ @@ -130,14 +130,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56416", "tags": [ @@ -179,14 +179,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56448", "tags": [ @@ -228,14 +228,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56602", "tags": [ @@ -277,14 +277,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "56638", "tags": [ @@ -326,14 +326,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "37632", "tags": [ @@ -379,14 +379,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "37838", "tags": [ @@ -432,14 +432,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "37850", "tags": [ @@ -485,14 +485,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "37856", "tags": [ diff --git a/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json b/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json index 48701c8a9853..d803fcb374bc 100644 --- a/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/elb-http.log-expected.json @@ -32,8 +32,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, + "source.geo.location.lat": 55.7483, + "source.geo.location.lon": 37.6171, "source.geo.region_iso_code": "RU-MOW", "source.geo.region_name": "Moscow", "source.ip": "78.24.182.42", @@ -72,12 +72,12 @@ "service.type": "aws", "source.as.number": 43865, "source.as.organization.name": "Intek-M LLC", - "source.geo.city_name": "Mytishchi", + "source.geo.city_name": "Zagornovo", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.9089, - "source.geo.location.lon": 37.7339, + "source.geo.location.lat": 55.5358, + "source.geo.location.lon": 38.3133, "source.geo.region_iso_code": "RU-MOS", "source.geo.region_name": "Moscow Oblast", "source.ip": "31.135.65.4", @@ -116,14 +116,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "52406", "tags": [ @@ -160,14 +160,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "52410", "tags": [ @@ -204,14 +204,14 @@ "service.type": "aws", "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "52414", "tags": [ diff --git a/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json b/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json index e960e2117638..97bc7ea99d86 100644 --- a/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/elb-tcp.log-expected.json @@ -22,14 +22,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 134, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "51600", "tags": [ @@ -59,14 +59,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 134, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "51726", "tags": [ @@ -96,14 +96,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 134, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "51734", "tags": [ @@ -133,14 +133,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 134, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "51738", "tags": [ @@ -170,14 +170,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 7, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "46288", "tags": [ @@ -207,14 +207,14 @@ "source.as.number": 12430, "source.as.organization.name": "Vodafone Spain", "source.bytes": 17, - "source.geo.city_name": "Teruel", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.3456, - "source.geo.location.lon": -1.1065, - "source.geo.region_iso_code": "ES-TE", - "source.geo.region_name": "Teruel", + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "77.227.156.41", "source.port": "46304", "tags": [ diff --git a/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json b/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json index b5db726de69f..bb110f2d5921 100644 --- a/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json +++ b/x-pack/filebeat/module/aws/elb/test/example-nlb-tcp.log-expected.json @@ -25,7 +25,7 @@ "log.offset": 0, "service.type": "aws", "source.as.number": 16509, - "source.as.organization.name": "Amazon.com, Inc.", + "source.as.organization.name": "AMAZON-02", "source.bytes": 98, "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json index 4f260cc6118b..44ba5ede59d6 100644 --- a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -66,7 +66,6 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -141,7 +140,6 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -217,7 +215,6 @@ "url.path": "/test-s3-ks/", "url.query": "max-keys=0&encoding-type=url&aws-account=627959692251", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -292,7 +289,6 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -333,14 +329,14 @@ "access" ], "fileset.name": "s3access", - "geo.city_name": "Teruel", + "geo.city_name": "Madrid", "geo.continent_name": "Europe", "geo.country_iso_code": "ES", "geo.country_name": "Spain", - "geo.location.lat": 40.3456, - "geo.location.lon": -1.1065, - "geo.region_iso_code": "ES-TE", - "geo.region_name": "Teruel", + "geo.location.lat": 40.4153, + "geo.location.lon": -3.694, + "geo.region_iso_code": "ES-M", + "geo.region_name": "Madrid", "http.response.status_code": 204, "input.type": "log", "log.offset": 2875, @@ -395,8 +391,8 @@ "geo.continent_name": "North America", "geo.country_iso_code": "US", "geo.country_name": "United States", - "geo.location.lat": 39.7044, - "geo.location.lon": -105.0023, + "geo.location.lat": 39.7318, + "geo.location.lon": -104.9669, "geo.region_iso_code": "US-CO", "geo.region_name": "Colorado", "http.response.status_code": 204, diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json index de66c40e801c..f6ca4d4edf36 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json @@ -58,7 +58,6 @@ "url.path": "/awsexamplebucket", "url.query": "versioning", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -121,7 +120,6 @@ "url.path": "/awsexamplebucket", "url.query": "logging", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -186,7 +184,6 @@ "url.path": "/awsexamplebucket", "url.query": "policy", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -249,7 +246,6 @@ "url.path": "/awsexamplebucket", "url.query": "versioning", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -312,7 +308,6 @@ "url.original": "/awsexamplebucket/s3-dg.pdf", "url.path": "/awsexamplebucket/s3-dg.pdf", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -374,7 +369,6 @@ "tls.version_protocol": "tls", "url.original": "*", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" } diff --git a/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json index 1f1b3e061b24..e5f362985a13 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/accept-reject-traffic.log-expected.json @@ -11,11 +11,14 @@ "destination.address": "158.109.0.1", "destination.as.number": 13041, "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "destination.geo.city_name": "Sant Cugat del Vall\u00e8s", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "ES", "destination.geo.country_name": "Spain", - "destination.geo.location.lat": 40.4172, - "destination.geo.location.lon": -3.684, + "destination.geo.location.lat": 41.4656, + "destination.geo.location.lon": 2.0794, + "destination.geo.region_iso_code": "ES-B", + "destination.geo.region_name": "Barcelona", "destination.ip": "158.109.0.1", "destination.port": 22, "event.category": "network_traffic", @@ -49,8 +52,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, + "source.geo.location.lat": 55.7483, + "source.geo.location.lon": 37.6171, "source.geo.region_iso_code": "RU-MOW", "source.geo.region_name": "Moscow", "source.ip": "78.24.182.42", @@ -72,11 +75,14 @@ "destination.address": "158.109.0.1", "destination.as.number": 13041, "destination.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "destination.geo.city_name": "Sant Cugat del Vall\u00e8s", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "ES", "destination.geo.country_name": "Spain", - "destination.geo.location.lat": 40.4172, - "destination.geo.location.lon": -3.684, + "destination.geo.location.lat": 41.4656, + "destination.geo.location.lon": 2.0794, + "destination.geo.region_iso_code": "ES-B", + "destination.geo.region_name": "Barcelona", "destination.ip": "158.109.0.1", "destination.port": 3389, "event.category": "network_traffic", @@ -110,8 +116,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, + "source.geo.location.lat": 55.7483, + "source.geo.location.lon": 37.6171, "source.geo.region_iso_code": "RU-MOW", "source.geo.region_name": "Moscow", "source.ip": "78.24.182.42", diff --git a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json index 7f79d4895956..33e60fed5e8d 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence.log-expected.json @@ -47,14 +47,14 @@ "service.type": "aws", "source.address": "52.213.180.42", "source.as.number": 16509, - "source.as.organization.name": "Amazon.com, Inc.", + "source.as.organization.name": "AMAZON-02", "source.bytes": 568, "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", "source.geo.country_name": "Ireland", - "source.geo.location.lat": 53.3338, - "source.geo.location.lon": -6.2488, + "source.geo.location.lat": 53.3382, + "source.geo.location.lon": -6.2591, "source.geo.region_iso_code": "IE-L", "source.geo.region_name": "Leinster", "source.ip": "52.213.180.42", @@ -113,14 +113,14 @@ "service.type": "aws", "source.address": "52.213.180.42", "source.as.number": 16509, - "source.as.organization.name": "Amazon.com, Inc.", + "source.as.organization.name": "AMAZON-02", "source.bytes": 1260, "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", "source.geo.country_name": "Ireland", - "source.geo.location.lat": 53.3338, - "source.geo.location.lon": -6.2488, + "source.geo.location.lat": 53.3382, + "source.geo.location.lon": -6.2591, "source.geo.region_iso_code": "IE-L", "source.geo.region_name": "Leinster", "source.ip": "52.213.180.42", @@ -154,13 +154,13 @@ "cloud.provider": "aws", "destination.address": "52.213.180.42", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.geo.city_name": "Dublin", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IE", "destination.geo.country_name": "Ireland", - "destination.geo.location.lat": 53.3338, - "destination.geo.location.lon": -6.2488, + "destination.geo.location.lat": 53.3382, + "destination.geo.location.lon": -6.2591, "destination.geo.region_iso_code": "IE-L", "destination.geo.region_name": "Leinster", "destination.ip": "52.213.180.42", diff --git a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json index 28c9ca7cd009..d33b80b6be34 100644 --- a/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json +++ b/x-pack/filebeat/module/azure/activitylogs/test/supporttickets_write.log-expected.json @@ -55,8 +55,8 @@ "geo.continent_name": "Asia", "geo.country_iso_code": "JP", "geo.country_name": "Japan", - "geo.location.lat": 35.69, - "geo.location.lon": 139.69, + "geo.location.lat": 35.6897, + "geo.location.lon": 139.6895, "input.type": "log", "log.level": "Information", "log.offset": 0, @@ -72,8 +72,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "JP", "source.geo.country_name": "Japan", - "source.geo.location.lat": 35.69, - "source.geo.location.lon": 139.69, + "source.geo.location.lat": 35.6897, + "source.geo.location.lon": 139.6895, "source.ip": "111.111.111.11", "tags": [ "forwarded" diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json index 195e52807f37..5b0e937be508 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -67,15 +67,15 @@ ], "service.type": "azure", "source.as.number": 8426, - "source.as.organization.name": "Claranet Ltd", - "source.geo.city_name": "Farnham Royal", + "source.as.organization.name": "Claranet Limited", + "source.geo.city_name": "Shepton Mallet", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5333, - "source.geo.location.lon": -0.6167, - "source.geo.region_iso_code": "GB-BKM", - "source.geo.region_name": "Buckinghamshire", + "source.geo.location.lat": 51.1398, + "source.geo.location.lon": -2.5755, + "source.geo.region_iso_code": "GB-SOM", + "source.geo.region_name": "Somerset", "source.ip": "81.171.241.231", "tags": [ "forwarded" @@ -153,7 +153,7 @@ ], "service.type": "azure", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -357,7 +357,7 @@ ], "service.type": "azure", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -372,7 +372,6 @@ "user.id": "762a6171-29d0-456b-b88b-ca7f7d99728d", "user.name": "john.doe", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36", "user_agent.os.full": "Windows 10", diff --git a/x-pack/filebeat/module/cef/log/test/cef.log-expected.json b/x-pack/filebeat/module/cef/log/test/cef.log-expected.json index d2902dc24b66..23460d1d4165 100644 --- a/x-pack/filebeat/module/cef/log/test/cef.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/cef.log-expected.json @@ -75,14 +75,11 @@ "cef.name": "Authentication", "cef.severity": "low", "cef.version": "0", - "destination.geo.city_name": "Moscow", - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "RU", - "destination.geo.country_name": "Russia", - "destination.geo.location.lat": 55.7527, - "destination.geo.location.lon": 37.6172, - "destination.geo.region_iso_code": "RU-MOW", - "destination.geo.region_name": "Moscow", + "destination.geo.continent_name": "Oceania", + "destination.geo.country_iso_code": "AU", + "destination.geo.country_name": "Australia", + "destination.geo.location.lat": -33.494, + "destination.geo.location.lon": 143.2104, "destination.ip": "1.2.3.4", "destination.nat.ip": "10.10.10.10", "destination.port": 443, diff --git a/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json b/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json index eefe063490d3..758d59b46a03 100644 --- a/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json +++ b/x-pack/filebeat/module/cef/log/test/checkpoint.log-expected.json @@ -44,13 +44,13 @@ "cef.severity": "Unknown", "cef.version": "0", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.geo.city_name": "Des Moines", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 41.6006, - "destination.geo.location.lon": -93.6112, + "destination.geo.location.lat": 41.6015, + "destination.geo.location.lon": -93.6127, "destination.geo.region_iso_code": "US-IA", "destination.geo.region_name": "Iowa", "destination.ip": "52.173.84.157", diff --git a/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json b/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json index 30fc5952b01f..5758c793ad20 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json +++ b/x-pack/filebeat/module/checkpoint/firewall/test/checkpoint.log-expected.json @@ -151,8 +151,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", "destination.geo.country_name": "Israel", - "destination.geo.location.lat": 32.0678, - "destination.geo.location.lon": 34.7647, + "destination.geo.location.lat": 32.0668, + "destination.geo.location.lon": 34.7649, "destination.geo.region_iso_code": "IL-TA", "destination.geo.region_name": "Tel Aviv", "destination.ip": "194.29.39.10", @@ -268,12 +268,15 @@ "client.nat.port": 10012, "client.port": 41566, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -387,12 +390,15 @@ "client.nat.port": 10013, "client.port": 48698, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -506,12 +512,15 @@ "client.nat.port": 10014, "client.port": 61150, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -625,12 +634,15 @@ "client.nat.port": 26681, "client.port": 55110, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.81.142.43", "destination.port": 443, "event.action": "Accept", @@ -744,12 +756,15 @@ "client.nat.port": 26682, "client.port": 48718, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -863,12 +878,15 @@ "client.nat.port": 26683, "client.port": 62206, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -982,12 +1000,15 @@ "client.nat.port": 26684, "client.port": 41596, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -1101,12 +1122,15 @@ "client.nat.port": 10015, "client.port": 61180, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -1220,12 +1244,15 @@ "client.nat.port": 10016, "client.port": 48732, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -1339,12 +1366,15 @@ "client.nat.port": 43354, "client.port": 62222, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -1458,12 +1488,15 @@ "client.nat.port": 10017, "client.port": 61188, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -1577,12 +1610,15 @@ "client.nat.port": 26685, "client.port": 41624, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -1696,12 +1732,15 @@ "client.nat.port": 10018, "client.port": 48758, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -1815,12 +1854,15 @@ "client.nat.port": 10019, "client.port": 62246, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -1934,12 +1976,15 @@ "client.nat.port": 10020, "client.port": 41638, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -2053,12 +2098,15 @@ "client.nat.port": 43355, "client.port": 61224, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -2220,12 +2268,15 @@ "client.nat.port": 43356, "client.port": 48776, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -2317,8 +2368,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", "destination.geo.country_name": "Israel", - "destination.geo.location.lat": 32.0678, - "destination.geo.location.lon": 34.7647, + "destination.geo.location.lat": 32.0668, + "destination.geo.location.lon": 34.7649, "destination.geo.region_iso_code": "IL-TA", "destination.geo.region_name": "Tel Aviv", "destination.ip": "194.29.39.47", @@ -2542,12 +2593,15 @@ "client.nat.port": 26687, "client.port": 62396, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -2661,12 +2715,15 @@ "client.nat.port": 26688, "client.port": 48914, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -2780,12 +2837,15 @@ "client.nat.port": 10021, "client.port": 41844, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -2899,12 +2959,15 @@ "client.nat.port": 26689, "client.port": 62468, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -3018,12 +3081,15 @@ "client.nat.port": 26690, "client.port": 61434, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -3137,12 +3203,15 @@ "client.nat.port": 26691, "client.port": 41856, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -3304,12 +3373,15 @@ "client.nat.port": 26692, "client.port": 48990, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -3423,12 +3495,15 @@ "client.nat.port": 26693, "client.port": 62478, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -3542,12 +3617,15 @@ "client.nat.port": 10022, "client.port": 41864, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -3661,12 +3739,15 @@ "client.nat.port": 43357, "client.port": 61446, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -3780,12 +3861,15 @@ "client.nat.port": 43358, "client.port": 48998, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -3845,12 +3929,15 @@ "client.nat.port": 43359, "client.port": 41870, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -4018,12 +4105,15 @@ "client.nat.port": 26694, "client.port": 62488, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -4137,12 +4227,15 @@ "client.nat.port": 10023, "client.port": 61454, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -4288,8 +4381,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IL", "destination.geo.country_name": "Israel", - "destination.geo.location.lat": 32.0678, - "destination.geo.location.lon": 34.7647, + "destination.geo.location.lat": 32.0668, + "destination.geo.location.lon": 34.7649, "destination.geo.region_iso_code": "IL-TA", "destination.geo.region_name": "Tel Aviv", "destination.ip": "194.29.39.10", @@ -4459,12 +4552,15 @@ "client.nat.port": 26695, "client.port": 55424, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.81.142.43", "destination.port": 443, "event.action": "Accept", @@ -4578,12 +4674,15 @@ "client.nat.port": 26696, "client.port": 49026, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -4697,12 +4796,15 @@ "client.nat.port": 26697, "client.port": 62514, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -4816,12 +4918,15 @@ "client.nat.port": 10024, "client.port": 41902, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -4935,12 +5040,15 @@ "client.nat.port": 43361, "client.port": 61490, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -5054,12 +5162,15 @@ "client.nat.port": 26698, "client.port": 49042, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", @@ -5173,12 +5284,15 @@ "client.nat.port": 26699, "client.port": 41914, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -5292,12 +5406,15 @@ "client.nat.port": 10025, "client.port": 62534, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.41", "destination.port": 80, "event.action": "Accept", @@ -5411,12 +5528,15 @@ "client.nat.port": 10026, "client.port": 61500, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.36", "destination.port": 80, "event.action": "Accept", @@ -5530,12 +5650,15 @@ "client.nat.port": 10027, "client.port": 41938, "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Amsterdam", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "NL", + "destination.geo.country_name": "Netherlands", + "destination.geo.location.lat": 52.3759, + "destination.geo.location.lon": 4.8975, + "destination.geo.region_iso_code": "NL-NH", + "destination.geo.region_name": "North Holland", "destination.ip": "104.99.234.45", "destination.port": 443, "event.action": "Accept", @@ -5649,12 +5772,15 @@ "client.nat.port": 43362, "client.port": 49102, "destination.as.number": 30148, - "destination.as.organization.name": "Sucuri", + "destination.as.organization.name": "SUCURI-SEC", + "destination.geo.city_name": "Menifee", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.6647, + "destination.geo.location.lon": -117.1743, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "192.124.249.31", "destination.port": 80, "event.action": "Accept", diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json index c26ba6d92862..5ea15fca6949 100644 --- a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json @@ -372,7 +372,7 @@ ], "cisco.amp.timestamp_nanoseconds": 978000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -444,7 +444,7 @@ ], "cisco.amp.timestamp_nanoseconds": 978000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -516,7 +516,7 @@ ], "cisco.amp.timestamp_nanoseconds": 947000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -588,7 +588,7 @@ ], "cisco.amp.timestamp_nanoseconds": 931000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -660,7 +660,7 @@ ], "cisco.amp.timestamp_nanoseconds": 900000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -732,7 +732,7 @@ ], "cisco.amp.timestamp_nanoseconds": 869000000, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 7c3e3b868b1c..20c2d1e68f9d 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -1152,15 +1152,12 @@ "cisco.asa.source_interface": "intfacename", "destination.address": "192.186.2.2", "destination.as.number": 395776, - "destination.as.organization.name": "FEDERAL ONLINE GROUP LLC", - "destination.geo.city_name": "Thousand Oaks", + "destination.as.organization.name": "FEDERAL-ONLINE-GROUP-LLC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 34.197, - "destination.geo.location.lon": -118.8199, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "192.186.2.2", "destination.port": 53356, "event.action": "flow-expiration", @@ -2631,14 +2628,14 @@ "destination.address": "2.3.4.5", "destination.as.number": 3215, "destination.as.organization.name": "Orange", - "destination.geo.city_name": "Clermont-Ferrand", + "destination.geo.city_name": "Valuejols", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "FR", "destination.geo.country_name": "France", - "destination.geo.location.lat": 45.7838, - "destination.geo.location.lon": 3.0966, - "destination.geo.region_iso_code": "FR-63", - "destination.geo.region_name": "Puy-de-D\u00f4me", + "destination.geo.location.lat": 45.0537, + "destination.geo.location.lon": 2.9286, + "destination.geo.region_iso_code": "FR-15", + "destination.geo.region_name": "Cantal", "destination.ip": "2.3.4.5", "destination.port": 9101, "event.action": "flow-expiration", @@ -2683,14 +2680,11 @@ ], "service.type": "cisco", "source.address": "1.2.3.4", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "source.port": 54242, "tags": [ @@ -3163,14 +3157,14 @@ "source.address": "91.240.17.178", "source.as.number": 201126, "source.as.organization.name": "CDW Ltd", - "source.geo.city_name": "London", + "source.geo.city_name": "Basingstoke", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5888, - "source.geo.location.lon": -0.0247, - "source.geo.region_iso_code": "GB-ENG", - "source.geo.region_name": "England", + "source.geo.location.lat": 51.2483, + "source.geo.location.lon": -1.1266, + "source.geo.region_iso_code": "GB-HAM", + "source.geo.region_name": "Hampshire", "source.ip": "91.240.17.178", "tags": [ "cisco-asa", @@ -3183,14 +3177,14 @@ "destination.as.number": 201126, "destination.as.organization.name": "CDW Ltd", "destination.bytes": 1216163, - "destination.geo.city_name": "London", + "destination.geo.city_name": "Basingstoke", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5888, - "destination.geo.location.lon": -0.0247, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.2483, + "destination.geo.location.lon": -1.1266, + "destination.geo.region_iso_code": "GB-HAM", + "destination.geo.region_name": "Hampshire", "destination.ip": "91.240.17.178", "event.action": "firewall-rule", "event.category": [ @@ -3319,7 +3313,7 @@ "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -3383,14 +3377,14 @@ "destination.address": "195.74.114.34", "destination.as.number": 8468, "destination.as.organization.name": "Entanet", - "destination.geo.city_name": "Stoke Newington", + "destination.geo.city_name": "Exeter", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5638, - "destination.geo.location.lon": -0.0765, - "destination.geo.region_iso_code": "GB-HCK", - "destination.geo.region_name": "Hackney", + "destination.geo.location.lat": 50.7018, + "destination.geo.location.lon": -3.5347, + "destination.geo.region_iso_code": "GB-DEV", + "destination.geo.region_name": "Devon", "destination.ip": "195.74.114.34", "destination.port": 23, "event.action": "firewall-rule", @@ -3429,13 +3423,13 @@ "service.type": "cisco", "source.address": "104.46.88.19", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", "source.geo.country_name": "Ireland", - "source.geo.location.lat": 53.3338, - "source.geo.location.lon": -6.2488, + "source.geo.location.lat": 53.3382, + "source.geo.location.lon": -6.2591, "source.geo.region_iso_code": "IE-L", "source.geo.region_name": "Leinster", "source.ip": "104.46.88.19", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index 7dde207d2b04..10206fffc690 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -507,10 +507,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "CN", "destination.geo.country_name": "China", - "destination.geo.location.lat": 23.1167, - "destination.geo.location.lon": 113.25, - "destination.geo.region_iso_code": "CN-GD", - "destination.geo.region_name": "Guangdong", + "destination.geo.location.lat": 34.7732, + "destination.geo.location.lon": 113.722, "destination.ip": "1.2.33.40", "destination.port": 8080, "event.action": "firewall-rule", diff --git a/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json index e86dd81aead3..487a62943550 100644 --- a/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/dap_records.log-expected.json @@ -32,14 +32,11 @@ ], "service.type": "cisco", "source.address": "1.2.3.4", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "tags": [ "cisco-asa", diff --git a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json index 34f1549272ac..f8b13fd12d48 100644 --- a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json @@ -3612,14 +3612,11 @@ "cisco.asa.source_interface": "internet", "cisco.asa.source_username": "LOCAL\\username", "destination.address": "1.2.3.4", - "destination.geo.city_name": "Moscow", - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "RU", - "destination.geo.country_name": "Russia", - "destination.geo.location.lat": 55.7527, - "destination.geo.location.lon": 37.6172, - "destination.geo.region_iso_code": "RU-MOW", - "destination.geo.region_name": "Moscow", + "destination.geo.continent_name": "Oceania", + "destination.geo.country_iso_code": "AU", + "destination.geo.country_name": "Australia", + "destination.geo.location.lat": -33.494, + "destination.geo.location.lon": 143.2104, "destination.ip": "1.2.3.4", "destination.port": 80, "destination.user.name": "username", diff --git a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json index 093665fca983..91425473e425 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/dns.log-expected.json @@ -35,7 +35,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 145, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -146,7 +146,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 193, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -255,7 +255,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -366,7 +366,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 200, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -476,7 +476,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 193, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -585,7 +585,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -697,7 +697,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 199, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -806,7 +806,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -916,7 +916,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1027,7 +1027,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 722, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1136,16 +1136,13 @@ "cisco.ftd.source_interface": "inside", "destination.address": "205.251.196.144", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.bytes": 75, - "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6109, - "destination.geo.location.lon": -122.3303, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "205.251.196.144", "destination.packets": 1, "destination.port": 53, @@ -1246,7 +1243,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 313, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1354,13 +1351,16 @@ "cisco.ftd.source_interface": "inside", "destination.address": "9.9.9.9", "destination.as.number": 19281, - "destination.as.organization.name": "Quad9", + "destination.as.organization.name": "QUAD9-AS-1", "destination.bytes": 180, - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "FR", - "destination.geo.country_name": "France", - "destination.geo.location.lat": 48.8582, - "destination.geo.location.lon": 2.3387, + "destination.geo.city_name": "Berkeley", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.8767, + "destination.geo.location.lon": -122.2676, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "9.9.9.9", "destination.packets": 1, "destination.port": 53, @@ -1463,13 +1463,16 @@ "cisco.ftd.source_interface": "inside", "destination.address": "9.9.9.9", "destination.as.number": 19281, - "destination.as.organization.name": "Quad9", + "destination.as.organization.name": "QUAD9-AS-1", "destination.bytes": 108, - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "FR", - "destination.geo.country_name": "France", - "destination.geo.location.lat": 48.8582, - "destination.geo.location.lon": 2.3387, + "destination.geo.city_name": "Berkeley", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.8767, + "destination.geo.location.lon": -122.2676, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "9.9.9.9", "destination.packets": 1, "destination.port": 53, @@ -1573,13 +1576,16 @@ "cisco.ftd.source_interface": "inside", "destination.address": "9.9.9.9", "destination.as.number": 19281, - "destination.as.organization.name": "Quad9", + "destination.as.organization.name": "QUAD9-AS-1", "destination.bytes": 162, - "destination.geo.continent_name": "Europe", - "destination.geo.country_iso_code": "FR", - "destination.geo.country_name": "France", - "destination.geo.location.lat": 48.8582, - "destination.geo.location.lon": 2.3387, + "destination.geo.city_name": "Berkeley", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.8767, + "destination.geo.location.lon": -122.2676, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "9.9.9.9", "destination.packets": 1, "destination.port": 53, @@ -1684,7 +1690,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 199, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1793,7 +1799,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1902,7 +1908,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2011,7 +2017,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2119,7 +2125,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 131, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2229,7 +2235,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 722, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json index 6a38a072bfc6..152cf26f3927 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-connection.log-expected.json @@ -217,7 +217,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -324,7 +324,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 314, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -427,7 +427,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "52.59.244.233", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.bytes": 74, "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", @@ -534,7 +534,7 @@ "cisco.ftd.source_interface": "inside", "destination.address": "52.59.244.233", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.bytes": 41319018, "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", @@ -650,8 +650,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 52.1333, - "destination.geo.location.lon": 11.6167, + "destination.geo.location.lat": 52.134, + "destination.geo.location.lon": 11.6259, "destination.geo.region_iso_code": "DE-ST", "destination.geo.region_name": "Saxony-Anhalt", "destination.ip": "213.211.198.62", @@ -756,8 +756,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 52.1333, - "destination.geo.location.lon": 11.6167, + "destination.geo.location.lat": 52.134, + "destination.geo.location.lon": 11.6259, "destination.geo.region_iso_code": "DE-ST", "destination.geo.region_name": "Saxony-Anhalt", "destination.ip": "213.211.198.62", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json index 135a29792105..b9ae215cee8e 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-file-malware.log-expected.json @@ -582,8 +582,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 52.1333, - "destination.geo.location.lon": 11.6167, + "destination.geo.location.lat": 52.134, + "destination.geo.location.lon": 11.6259, "destination.geo.region_iso_code": "DE-ST", "destination.geo.region_name": "Saxony-Anhalt", "destination.ip": "213.211.198.62", @@ -760,7 +760,7 @@ "cisco.ftd.threat_level": "100", "destination.address": "18.197.225.123", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", diff --git a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json index de4be40b0b57..2887d71c75a4 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/security-malware-site.log-expected.json @@ -102,14 +102,11 @@ "service.type": "cisco", "source.address": "3.3.3.3", "source.bytes": 729, - "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 47.6348, - "source.geo.location.lon": -122.3451, - "source.geo.region_iso_code": "US-WA", - "source.geo.region_name": "Washington", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.ip": "3.3.3.3", "source.packets": 4, "source.port": 65090, diff --git a/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json b/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json index 5841793ceb8b..50088753a1e8 100644 --- a/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json +++ b/x-pack/filebeat/module/cisco/ios/test/cisco-ios-syslog.log-expected.json @@ -328,7 +328,7 @@ "cisco.ios.facility": "SEC", "destination.address": "172.217.10.46", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -826,7 +826,7 @@ "cisco.ios.facility": "SEC", "destination.address": "172.217.10.46", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1021,7 +1021,7 @@ "cisco.ios.facility": "SEC", "destination.address": "172.217.10.46", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1122,7 +1122,7 @@ "cisco.ios.facility": "SEC", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1211,7 +1211,7 @@ "service.type": "cisco", "source.address": "8.8.8.8", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -1298,7 +1298,7 @@ "cisco.ios.facility": "SEC", "destination.address": "172.217.10.46", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1540,7 +1540,7 @@ "cisco.ios.facility": "SEC", "destination.address": "172.217.10.46", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json index bde70c5a0045..d0d2d54439bf 100644 --- a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json @@ -17,8 +17,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.193.124.51", - "10.15.44.253" + "10.15.44.253", + "10.193.124.51" ], "rsa.internal.event_desc": "olaborissecurity_event tur", "rsa.internal.messageid": "security_event", @@ -60,8 +60,8 @@ "appliance" ], "related.ip": [ - "10.15.16.212", - "10.102.218.31" + "10.102.218.31", + "10.15.16.212" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -354,8 +354,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.134.0.141", - "10.210.213.18" + "10.210.213.18", + "10.134.0.141" ], "rsa.internal.event_desc": "atquovosecurity_event iumto", "rsa.internal.messageid": "security_event", @@ -569,8 +569,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.88.231.224", - "10.187.77.245" + "10.187.77.245", + "10.88.231.224" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -710,8 +710,8 @@ "appliance" ], "related.ip": [ - "10.63.194.87", - "10.182.178.217" + "10.182.178.217", + "10.63.194.87" ], "rsa.counters.dclass_r1": "fdeFi", "rsa.internal.messageid": "events", @@ -753,8 +753,8 @@ "appliance" ], "related.ip": [ - "10.163.154.210", - "10.153.0.77" + "10.153.0.77", + "10.163.154.210" ], "rsa.counters.dclass_r1": "utlabor", "rsa.internal.messageid": "events", @@ -1058,8 +1058,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.221.102.245", - "10.173.136.186" + "10.173.136.186", + "10.221.102.245" ], "rsa.internal.event_desc": "idestlab", "rsa.internal.messageid": "security_event", @@ -1178,8 +1178,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.183.44.198", - "10.0.200.27" + "10.0.200.27", + "10.183.44.198" ], "rsa.internal.event_desc": "uradi security_event tot", "rsa.internal.messageid": "security_event", @@ -1216,8 +1216,8 @@ "appliance" ], "related.ip": [ - "10.148.124.84", - "10.28.144.180" + "10.28.144.180", + "10.148.124.84" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -1257,8 +1257,8 @@ "appliance" ], "related.ip": [ - "10.204.230.166", - "10.98.194.212" + "10.98.194.212", + "10.204.230.166" ], "rsa.counters.dclass_r1": "enimadmi", "rsa.internal.messageid": "events", @@ -1453,8 +1453,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.94.6.140", - "10.147.15.213" + "10.147.15.213", + "10.94.6.140" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -1534,8 +1534,8 @@ "appliance" ], "related.ip": [ - "10.193.219.34", - "10.179.40.170" + "10.179.40.170", + "10.193.219.34" ], "rsa.counters.dclass_r1": "emip", "rsa.internal.messageid": "events", @@ -1686,8 +1686,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.124.63.4", - "10.90.99.245" + "10.90.99.245", + "10.124.63.4" ], "rsa.internal.event_desc": "etconsec", "rsa.internal.messageid": "security_event", @@ -1781,8 +1781,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.81.234.34", - "10.196.96.162" + "10.196.96.162", + "10.81.234.34" ], "rsa.internal.event_desc": "Utenima security_event iqua", "rsa.internal.messageid": "security_event", @@ -1844,8 +1844,8 @@ "remips188.api.invalid" ], "related.ip": [ - "10.78.199.43", - "10.40.101.224" + "10.40.101.224", + "10.78.199.43" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -1996,8 +1996,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.122.204.151", - "10.148.211.222" + "10.148.211.222", + "10.122.204.151" ], "rsa.internal.event_desc": "umexercisecurity_event duntut", "rsa.internal.messageid": "security_event", @@ -2069,8 +2069,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.97.46.16", - "10.120.4.9" + "10.120.4.9", + "10.97.46.16" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2185,8 +2185,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.54.44.231", - "10.52.202.158" + "10.52.202.158", + "10.54.44.231" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2317,8 +2317,8 @@ "appliance" ], "related.ip": [ - "10.2.110.73", - "10.103.49.129" + "10.103.49.129", + "10.2.110.73" ], "rsa.counters.dclass_r1": "orumS", "rsa.internal.messageid": "events", @@ -2360,8 +2360,8 @@ "appliance" ], "related.ip": [ - "10.132.176.96", - "10.158.61.228" + "10.158.61.228", + "10.132.176.96" ], "rsa.counters.dclass_r1": "eserun", "rsa.internal.messageid": "events", @@ -2671,8 +2671,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.244.32.189", - "10.121.9.5" + "10.121.9.5", + "10.244.32.189" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2797,8 +2797,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.103.91.159", - "10.199.19.205" + "10.199.19.205", + "10.103.91.159" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2839,8 +2839,8 @@ "appliance" ], "related.ip": [ - "10.65.0.157", - "10.17.111.91" + "10.17.111.91", + "10.65.0.157" ], "rsa.db.index": "nostrum", "rsa.internal.messageid": "flows", @@ -2939,8 +2939,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.140.242.86", - "10.177.64.152" + "10.177.64.152", + "10.140.242.86" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2977,8 +2977,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.51.121.223", - "10.199.103.185" + "10.199.103.185", + "10.51.121.223" ], "rsa.internal.event_desc": "dipi security_event ecatc", "rsa.internal.messageid": "security_event", @@ -3075,8 +3075,8 @@ "appliance" ], "related.ip": [ - "10.121.37.244", - "10.113.152.241" + "10.113.152.241", + "10.121.37.244" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -3160,8 +3160,8 @@ "appliance" ], "related.ip": [ - "10.101.13.122", - "10.200.98.243" + "10.200.98.243", + "10.101.13.122" ], "rsa.counters.dclass_r1": "uteirur", "rsa.internal.messageid": "events", diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json index 08ce9bed8deb..0f6137b6854d 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2019-04-10T03:49:34.451Z", "destination.address": "52.71.234.219", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -62,7 +62,6 @@ "url.domain": "httpbin.org", "url.path": "/httpbin/status/501", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json index 90636c4b66aa..9a522fc7cc28 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json @@ -80,7 +80,6 @@ "url.domain": "localhost:8000", "url.path": "/service/1", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -130,7 +129,6 @@ "url.domain": "192.168.99.107:30901", "url.path": "/elastic", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" @@ -139,7 +137,7 @@ "@timestamp": "2019-04-11T00:51:07.980Z", "destination.address": "151.101.66.217", "destination.as.number": 54113, - "destination.as.organization.name": "Fastly", + "destination.as.organization.name": "FASTLY", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -189,7 +187,6 @@ "url.domain": "www.elastic.co", "url.path": "/elastic/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" diff --git a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json index 4b6ac757c5c2..69f036baae4f 100644 --- a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json @@ -25,9 +25,9 @@ ], "related.ip": [ "10.208.121.85", + "10.11.196.142", "10.228.193.207", - "10.165.201.71", - "10.11.196.142" + "10.165.201.71" ], "related.user": [ "billoi" @@ -92,10 +92,10 @@ "enatus2114.mail.home" ], "related.ip": [ - "10.94.67.230", - "10.92.202.200", "10.162.9.235", - "10.51.132.10" + "10.92.202.200", + "10.51.132.10", + "10.94.67.230" ], "related.user": [ "byC" @@ -227,9 +227,9 @@ "uid545.www5.localhost" ], "related.ip": [ - "10.202.66.28", - "10.50.112.141", "10.131.233.27", + "10.50.112.141", + "10.202.66.28", "10.12.44.169" ], "related.user": [ @@ -295,10 +295,10 @@ "emquiavo452.internal.localhost" ], "related.ip": [ + "10.206.197.113", "10.151.111.38", - "10.159.182.171", "10.96.35.212", - "10.206.197.113" + "10.159.182.171" ], "related.user": [ "mol" @@ -363,10 +363,10 @@ "sun1403.www.invalid" ], "related.ip": [ - "10.169.144.147", "10.213.113.28", + "10.89.163.114", "10.126.177.162", - "10.89.163.114" + "10.169.144.147" ], "related.user": [ "ist" @@ -430,9 +430,9 @@ "ittenbyC7838.api.localdomain" ], "related.ip": [ - "10.146.88.52", - "10.18.124.28", "10.101.223.43", + "10.18.124.28", + "10.146.88.52", "10.103.107.47" ], "related.user": [ @@ -498,10 +498,10 @@ "ume465.corp" ], "related.ip": [ + "10.110.99.17", "10.150.220.75", - "10.69.57.206", "10.189.109.245", - "10.110.99.17" + "10.69.57.206" ], "related.user": [ "onse" @@ -567,8 +567,8 @@ "related.ip": [ "10.121.219.204", "10.199.34.241", - "10.153.136.222", - "10.19.194.101" + "10.19.194.101", + "10.153.136.222" ], "related.user": [ "temveleu" @@ -632,10 +632,10 @@ "aliqu6801.api.localdomain" ], "related.ip": [ - "10.64.141.105", + "10.182.199.231", "10.46.27.57", "10.57.103.192", - "10.182.199.231" + "10.64.141.105" ], "related.user": [ "ice" @@ -699,10 +699,10 @@ "itame189.domain" ], "related.ip": [ - "10.164.6.207", - "10.32.67.231", "10.160.210.31", - "10.3.134.237" + "10.164.6.207", + "10.3.134.237", + "10.32.67.231" ], "related.user": [ "pic" @@ -767,10 +767,10 @@ "tsedqu2456.www5.invalid" ], "related.ip": [ - "10.235.101.253", - "10.182.178.217", "10.42.138.192", - "10.201.6.10" + "10.235.101.253", + "10.201.6.10", + "10.182.178.217" ], "related.user": [ "giatnu" @@ -835,10 +835,10 @@ "stlabo1228.mail.host" ], "related.ip": [ - "10.151.161.70", - "10.86.101.235", + "10.194.247.171", "10.22.102.198", - "10.194.247.171" + "10.151.161.70", + "10.86.101.235" ], "related.user": [ "nse" @@ -903,10 +903,10 @@ "ecte4762.local" ], "related.ip": [ + "10.174.252.105", "10.107.168.60", "10.204.35.15", - "10.167.172.155", - "10.174.252.105" + "10.167.172.155" ], "related.user": [ "mnisi" @@ -1037,10 +1037,10 @@ "sauteiru4554.api.domain" ], "related.ip": [ - "10.220.5.143", - "10.101.226.128", "10.201.238.90", - "10.88.101.53" + "10.101.226.128", + "10.88.101.53", + "10.220.5.143" ], "related.user": [ "porro" @@ -1105,8 +1105,8 @@ ], "related.ip": [ "10.157.18.252", - "10.243.218.215", "10.217.150.196", + "10.243.218.215", "10.30.133.66" ], "related.user": [ @@ -1171,10 +1171,10 @@ "quid3147.mail.home" ], "related.ip": [ - "10.167.227.44", "10.148.161.250", - "10.66.181.6", - "10.181.133.187" + "10.181.133.187", + "10.167.227.44", + "10.66.181.6" ], "related.user": [ "adipisc" @@ -1239,10 +1239,10 @@ "umdolo1029.mail.localhost" ], "related.ip": [ - "10.107.9.163", - "10.84.163.178", + "10.54.17.32", "10.74.11.43", - "10.54.17.32" + "10.107.9.163", + "10.84.163.178" ], "related.user": [ "mquisno" @@ -1306,10 +1306,10 @@ "lorsita2019.internal.home" ], "related.ip": [ + "10.184.73.211", "10.112.32.213", "10.230.129.252", - "10.192.229.221", - "10.184.73.211" + "10.192.229.221" ], "related.user": [ "odi" @@ -1374,10 +1374,10 @@ "paquioff624.mail.invalid" ], "related.ip": [ - "10.161.148.64", - "10.199.216.143", "10.198.213.189", - "10.7.200.140" + "10.199.216.143", + "10.7.200.140", + "10.161.148.64" ], "related.user": [ "ccaeca" @@ -1441,10 +1441,10 @@ "mex2054.mail.corp" ], "related.ip": [ - "10.22.187.69", - "10.65.232.27", + "10.206.96.56", "10.128.157.27", - "10.206.96.56" + "10.22.187.69", + "10.65.232.27" ], "related.user": [ "uaeab" @@ -1508,10 +1508,10 @@ "avolupt7576.api.corp" ], "related.ip": [ - "10.71.114.14", - "10.68.253.120", + "10.183.130.225", "10.194.210.62", - "10.183.130.225" + "10.71.114.14", + "10.68.253.120" ], "related.user": [ "admin" @@ -1576,10 +1576,10 @@ "loi7596.www5.home" ], "related.ip": [ - "10.47.255.237", + "10.31.177.226", "10.107.45.175", "10.45.253.103", - "10.31.177.226" + "10.47.255.237" ], "related.user": [ "remagn" @@ -1644,10 +1644,10 @@ "nsequat1971.internal.invalid" ], "related.ip": [ - "10.225.212.189", "10.55.105.113", + "10.213.94.135", "10.44.58.106", - "10.213.94.135" + "10.225.212.189" ], "related.user": [ "dquia" @@ -1711,10 +1711,10 @@ "ectiono2241.lan" ], "related.ip": [ + "10.163.209.70", "10.2.114.9", "10.69.161.78", - "10.255.74.136", - "10.163.209.70" + "10.255.74.136" ], "related.user": [ "olabor" @@ -1779,9 +1779,9 @@ ], "related.ip": [ "10.184.59.148", + "10.12.129.137", "10.46.115.216", - "10.252.102.110", - "10.12.129.137" + "10.252.102.110" ], "related.user": [ "perspici" @@ -1846,9 +1846,9 @@ "derit5270.mail.local" ], "related.ip": [ - "10.105.52.140", "10.155.204.243", "10.199.194.79", + "10.105.52.140", "10.81.184.7" ], "related.user": [ @@ -1982,10 +1982,10 @@ "iutali7297.www.domain" ], "related.ip": [ + "10.99.202.229", "10.190.122.27", - "10.192.98.247", "10.100.199.226", - "10.99.202.229" + "10.192.98.247" ], "related.user": [ "lloinven" @@ -2051,9 +2051,9 @@ ], "related.ip": [ "10.172.154.97", - "10.162.97.197", "10.248.111.207", - "10.37.193.70" + "10.37.193.70", + "10.162.97.197" ], "related.user": [ "culpaq" @@ -2117,10 +2117,10 @@ "oinv5493.internal.domain" ], "related.ip": [ + "10.36.63.31", "10.171.221.230", "10.45.35.180", - "10.222.165.250", - "10.36.63.31" + "10.222.165.250" ], "related.user": [ "otamr" @@ -2184,10 +2184,10 @@ "tnonproi195.api.home" ], "related.ip": [ - "10.199.127.211", - "10.83.238.145", + "10.1.171.61", "10.238.4.219", - "10.1.171.61" + "10.199.127.211", + "10.83.238.145" ], "related.user": [ "reetdolo" @@ -2251,10 +2251,10 @@ "edictasu5362.internal.localhost" ], "related.ip": [ + "10.170.252.219", "10.65.141.244", - "10.44.226.104", "10.74.213.42", - "10.170.252.219" + "10.44.226.104" ], "related.user": [ "Nequepo" @@ -2318,10 +2318,10 @@ "uido492.www5.home" ], "related.ip": [ - "10.225.141.172", - "10.183.223.149", + "10.180.48.221", "10.225.255.211", - "10.180.48.221" + "10.183.223.149", + "10.225.141.172" ], "related.user": [ "nihil" @@ -2385,10 +2385,10 @@ "redo6311.api.invalid" ], "related.ip": [ - "10.169.123.103", - "10.97.138.181", "10.176.64.28", - "10.205.174.181" + "10.169.123.103", + "10.205.174.181", + "10.97.138.181" ], "related.user": [ "eseruntm" @@ -2453,10 +2453,10 @@ "dolorem1698.www.domain" ], "related.ip": [ - "10.75.120.11", + "10.53.101.131", "10.204.4.40", - "10.169.101.161", - "10.53.101.131" + "10.75.120.11", + "10.169.101.161" ], "related.user": [ "tquo" @@ -2521,10 +2521,10 @@ "evitae7333.www.lan" ], "related.ip": [ + "10.87.120.87", "10.156.117.169", - "10.6.222.112", "10.28.51.219", - "10.87.120.87" + "10.6.222.112" ], "related.user": [ "onsequu" @@ -2588,10 +2588,10 @@ "arc2412.mail.lan" ], "related.ip": [ - "10.57.89.155", - "10.4.126.103", + "10.253.167.17", "10.247.44.59", - "10.253.167.17" + "10.4.126.103", + "10.57.89.155" ], "related.user": [ "ntorever" @@ -2655,10 +2655,10 @@ "olorsi2746.internal.localhost" ], "related.ip": [ - "10.15.240.220", - "10.36.69.125", "10.143.183.208", - "10.248.206.210" + "10.248.206.210", + "10.15.240.220", + "10.36.69.125" ], "related.user": [ "met" @@ -2723,10 +2723,10 @@ "edqu2208.www.localhost" ], "related.ip": [ + "10.142.186.43", "10.69.170.107", - "10.6.32.7", "10.34.133.2", - "10.142.186.43" + "10.6.32.7" ], "related.user": [ "ipitlabo" @@ -2791,10 +2791,10 @@ "ender5647.www5.example" ], "related.ip": [ - "10.121.153.197", "10.170.165.164", - "10.142.22.24", - "10.59.103.10" + "10.59.103.10", + "10.121.153.197", + "10.142.22.24" ], "related.user": [ "borumSec" @@ -2859,10 +2859,10 @@ "sis3986.internal.lan" ], "related.ip": [ - "10.247.114.30", "10.176.83.7", - "10.19.99.129", - "10.133.10.122" + "10.133.10.122", + "10.247.114.30", + "10.19.99.129" ], "related.user": [ "quaeabil" @@ -2927,9 +2927,9 @@ "uatu2894.api.lan" ], "related.ip": [ - "10.40.177.138", "10.8.29.219", "10.64.139.17", + "10.40.177.138", "10.70.7.23" ], "related.user": [ @@ -2996,8 +2996,8 @@ "related.ip": [ "10.67.173.228", "10.180.62.222", - "10.67.221.220", - "10.2.189.20" + "10.2.189.20", + "10.67.221.220" ], "related.user": [ "uptasnul" @@ -3062,10 +3062,10 @@ "uian521.www.example" ], "related.ip": [ - "10.56.134.118", - "10.147.127.181", "10.209.52.47", - "10.196.176.243" + "10.147.127.181", + "10.196.176.243", + "10.56.134.118" ], "related.user": [ "tasu" @@ -3265,10 +3265,10 @@ "mexer3864.api.corp" ], "related.ip": [ - "10.98.154.146", "10.73.84.95", "10.255.145.22", - "10.230.38.148" + "10.230.38.148", + "10.98.154.146" ], "related.user": [ "sitam" @@ -3332,9 +3332,9 @@ "oluptat6960.www5.test" ], "related.ip": [ + "10.105.120.162", "10.166.142.198", "10.175.181.138", - "10.105.120.162", "10.211.29.187" ], "related.user": [ @@ -3400,10 +3400,10 @@ "fugiatnu2498.www.localhost" ], "related.ip": [ - "10.195.139.25", - "10.220.202.102", + "10.122.133.162", "10.182.213.195", - "10.122.133.162" + "10.195.139.25", + "10.220.202.102" ], "related.user": [ "aquae" @@ -3468,10 +3468,10 @@ "ptat3230.domain" ], "related.ip": [ - "10.156.208.5", - "10.33.143.163", "10.53.72.161", - "10.247.144.9" + "10.33.143.163", + "10.247.144.9", + "10.156.208.5" ], "related.user": [ "scip" @@ -3535,10 +3535,10 @@ "exer447.internal.localhost" ], "related.ip": [ - "10.113.65.192", - "10.241.143.145", + "10.35.190.164", "10.21.58.162", - "10.35.190.164" + "10.241.143.145", + "10.113.65.192" ], "related.user": [ "porin" @@ -3603,9 +3603,9 @@ "itanimi1934.home" ], "related.ip": [ - "10.75.113.240", - "10.53.27.253", "10.19.154.103", + "10.53.27.253", + "10.75.113.240", "10.129.16.166" ], "related.user": [ @@ -3671,10 +3671,10 @@ "pteurs1031.mail.corp" ], "related.ip": [ - "10.22.213.196", "10.120.50.13", + "10.150.153.61", "10.125.150.220", - "10.150.153.61" + "10.22.213.196" ], "related.user": [ "inculpa" @@ -3739,10 +3739,10 @@ "edquiaco6562.api.lan" ], "related.ip": [ - "10.229.155.171", + "10.238.171.184", "10.113.2.13", - "10.85.52.249", - "10.238.171.184" + "10.229.155.171", + "10.85.52.249" ], "related.user": [ "tatiset" @@ -3807,10 +3807,10 @@ "tatis7315.mail.home" ], "related.ip": [ - "10.249.174.35", - "10.198.150.185", + "10.51.245.225", "10.220.1.249", - "10.51.245.225" + "10.249.174.35", + "10.198.150.185" ], "related.user": [ "quela" @@ -3875,10 +3875,10 @@ "eosqui3723.api.localdomain" ], "related.ip": [ - "10.251.82.195", "10.190.96.181", "10.38.185.31", - "10.152.157.32" + "10.152.157.32", + "10.251.82.195" ], "related.user": [ "olorese" @@ -3942,10 +3942,10 @@ "itaedict199.mail.corp" ], "related.ip": [ - "10.190.247.194", - "10.230.112.179", "10.211.198.50", - "10.103.102.242" + "10.103.102.242", + "10.190.247.194", + "10.230.112.179" ], "related.user": [ "tDuisaut" @@ -4010,9 +4010,9 @@ ], "related.ip": [ "10.47.223.155", + "10.219.83.199", "10.101.13.122", - "10.251.101.61", - "10.219.83.199" + "10.251.101.61" ], "related.user": [ "ectetur" @@ -4079,8 +4079,8 @@ "related.ip": [ "10.83.136.233", "10.21.80.157", - "10.31.86.83", - "10.21.30.43" + "10.21.30.43", + "10.31.86.83" ], "related.user": [ "litsed" @@ -4145,10 +4145,10 @@ "oluptas1637.home" ], "related.ip": [ - "10.27.181.27", + "10.45.152.205", "10.194.197.107", - "10.195.90.73", - "10.45.152.205" + "10.27.181.27", + "10.195.90.73" ], "related.user": [ "datatn" @@ -4214,8 +4214,8 @@ ], "related.ip": [ "10.43.239.97", - "10.129.161.18", "10.222.2.132", + "10.129.161.18", "10.183.90.25" ], "related.user": [ @@ -4280,10 +4280,10 @@ "mqui1099.api.corp" ], "related.ip": [ - "10.67.129.100", - "10.231.167.171", "10.189.162.131", - "10.248.156.138" + "10.67.129.100", + "10.248.156.138", + "10.231.167.171" ], "related.user": [ "sedquia" @@ -4416,9 +4416,9 @@ ], "related.ip": [ "10.0.202.9", - "10.93.39.237", "10.119.179.182", - "10.214.93.200" + "10.214.93.200", + "10.93.39.237" ], "related.user": [ "tionofd" @@ -4483,10 +4483,10 @@ "aute2433.mail.lan" ], "related.ip": [ + "10.30.189.166", "10.252.204.162", - "10.28.145.163", "10.123.154.140", - "10.30.189.166" + "10.28.145.163" ], "related.user": [ "imadmin" @@ -4550,9 +4550,9 @@ "idolo6535.internal.example" ], "related.ip": [ - "10.145.128.250", "10.29.122.183", "10.79.49.3", + "10.145.128.250", "10.46.162.198" ], "related.user": [ @@ -4618,10 +4618,10 @@ "one7728.api.localdomain" ], "related.ip": [ - "10.166.169.167", - "10.177.232.136", + "10.65.174.196", "10.142.235.217", - "10.65.174.196" + "10.177.232.136", + "10.166.169.167" ], "related.user": [ "olors" @@ -4687,8 +4687,8 @@ ], "related.ip": [ "10.29.217.44", - "10.191.78.86", "10.53.188.140", + "10.191.78.86", "10.215.184.154" ], "related.user": [ @@ -4754,10 +4754,10 @@ "emq2514.api.localhost" ], "related.ip": [ - "10.76.148.147", - "10.46.222.149", "10.135.77.156", - "10.74.74.129" + "10.76.148.147", + "10.74.74.129", + "10.46.222.149" ], "related.user": [ "urve" @@ -4821,10 +4821,10 @@ "agna5654.www.corp" ], "related.ip": [ - "10.11.146.253", "10.145.49.29", + "10.96.200.223", "10.130.203.37", - "10.96.200.223" + "10.11.146.253" ], "related.user": [ "mvele" @@ -4888,10 +4888,10 @@ "ipi4827.mail.lan" ], "related.ip": [ + "10.162.2.180", "10.48.75.140", - "10.24.23.209", "10.162.78.48", - "10.162.2.180" + "10.24.23.209" ], "related.user": [ "rumwr" @@ -4955,10 +4955,10 @@ "sequatD163.internal.example" ], "related.ip": [ - "10.66.92.83", "10.151.206.38", - "10.119.12.186", - "10.97.105.115" + "10.97.105.115", + "10.66.92.83", + "10.119.12.186" ], "related.user": [ "nproide" @@ -5022,10 +5022,10 @@ "itamet1303.invalid" ], "related.ip": [ - "10.169.139.250", "10.64.76.142", - "10.12.148.73", - "10.201.132.114" + "10.169.139.250", + "10.201.132.114", + "10.12.148.73" ], "related.user": [ "borisnis" @@ -5090,10 +5090,10 @@ "epr3512.internal.domain" ], "related.ip": [ + "10.111.128.11", "10.9.236.18", "10.35.38.185", - "10.200.116.191", - "10.111.128.11" + "10.200.116.191" ], "related.user": [ "umfug" @@ -5157,9 +5157,9 @@ "uredol2174.home" ], "related.ip": [ + "10.240.62.238", "10.236.67.227", "10.134.238.8", - "10.240.62.238", "10.191.27.182" ], "related.user": [ @@ -5226,8 +5226,8 @@ "related.ip": [ "10.65.35.64", "10.165.66.92", - "10.109.14.142", - "10.22.231.91" + "10.22.231.91", + "10.109.14.142" ], "related.user": [ "perna" @@ -5292,9 +5292,9 @@ ], "related.ip": [ "10.64.161.215", + "10.89.221.90", "10.71.112.86", - "10.29.230.203", - "10.89.221.90" + "10.29.230.203" ], "related.user": [ "rnatur" @@ -5358,10 +5358,10 @@ "nonn1650.www.test" ], "related.ip": [ - "10.88.226.76", "10.140.118.182", - "10.79.208.135", - "10.221.199.137" + "10.88.226.76", + "10.221.199.137", + "10.79.208.135" ], "related.user": [ "erspic" @@ -5426,10 +5426,10 @@ "acons3940.api.lan" ], "related.ip": [ - "10.189.244.22", + "10.133.48.55", "10.35.73.208", "10.126.61.230", - "10.133.48.55" + "10.189.244.22" ], "related.user": [ "tia" @@ -5493,10 +5493,10 @@ "suscipit587.www.localhost" ], "related.ip": [ - "10.240.94.109", "10.35.65.72", - "10.81.154.115", - "10.239.194.105" + "10.239.194.105", + "10.240.94.109", + "10.81.154.115" ], "related.user": [ "reseo" @@ -5561,10 +5561,10 @@ "mnisiut6146.internal.local" ], "related.ip": [ - "10.52.70.192", + "10.150.56.227", "10.38.253.213", - "10.248.72.104", - "10.150.56.227" + "10.52.70.192", + "10.248.72.104" ], "related.user": [ "ionem" @@ -5629,9 +5629,9 @@ "borios1067.www5.home" ], "related.ip": [ - "10.203.193.134", "10.62.218.239", "10.218.15.164", + "10.203.193.134", "10.73.172.186" ], "related.user": [ @@ -5697,9 +5697,9 @@ ], "related.ip": [ "10.136.211.234", - "10.60.20.76", "10.10.46.43", - "10.131.127.113" + "10.131.127.113", + "10.60.20.76" ], "related.user": [ "nev" @@ -5764,10 +5764,10 @@ "tdolorem813.internal.host" ], "related.ip": [ - "10.248.0.74", + "10.233.181.250", "10.187.237.220", - "10.50.177.151", - "10.233.181.250" + "10.248.0.74", + "10.50.177.151" ], "related.user": [ "ugiatq" @@ -5832,10 +5832,10 @@ "volupt4626.internal.test" ], "related.ip": [ - "10.96.223.46", + "10.80.129.81", "10.248.248.120", "10.189.43.11", - "10.80.129.81" + "10.96.223.46" ], "related.user": [ "iatn" @@ -5900,10 +5900,10 @@ "ntium5103.www5.localhost" ], "related.ip": [ - "10.91.115.139", "10.102.109.199", "10.66.106.186", - "10.173.114.63" + "10.173.114.63", + "10.91.115.139" ], "related.user": [ "tNequ" @@ -5968,9 +5968,9 @@ "orpori3334.www.local" ], "related.ip": [ - "10.0.175.17", "10.198.157.122", "10.221.223.127", + "10.0.175.17", "10.159.155.88" ], "related.user": [ @@ -6036,9 +6036,9 @@ ], "related.ip": [ "10.252.136.130", - "10.189.70.237", "10.7.212.201", - "10.30.20.187" + "10.30.20.187", + "10.189.70.237" ], "related.user": [ "ugiat" @@ -6104,8 +6104,8 @@ ], "related.ip": [ "10.83.105.69", - "10.242.121.165", "10.102.109.194", + "10.242.121.165", "10.60.224.93" ], "related.user": [ @@ -6171,10 +6171,10 @@ "uisnostr2390.mail.domain" ], "related.ip": [ - "10.219.174.45", - "10.181.134.69", "10.251.167.219", - "10.17.20.93" + "10.219.174.45", + "10.17.20.93", + "10.181.134.69" ], "related.user": [ "Uteni" @@ -6239,10 +6239,10 @@ "luptate4811.mail.example" ], "related.ip": [ - "10.28.233.253", - "10.30.117.82", "10.223.99.90", - "10.37.14.20" + "10.37.14.20", + "10.28.233.253", + "10.30.117.82" ], "related.user": [ "numqua" @@ -6307,10 +6307,10 @@ "lites1614.www.corp" ], "related.ip": [ - "10.8.32.17", - "10.125.20.22", + "10.57.85.113", "10.50.61.114", - "10.57.85.113" + "10.8.32.17", + "10.125.20.22" ], "related.user": [ "qua" @@ -6375,10 +6375,10 @@ "lorinrep7686.mail.corp" ], "related.ip": [ - "10.215.224.27", + "10.113.78.101", "10.181.63.82", - "10.200.28.55", - "10.113.78.101" + "10.215.224.27", + "10.200.28.55" ], "related.user": [ "ficiade" @@ -6443,9 +6443,9 @@ "nderit6272.mail.example" ], "related.ip": [ - "10.177.14.106", "10.139.20.223", "10.169.95.128", + "10.177.14.106", "10.243.43.168" ], "related.user": [ @@ -6511,9 +6511,9 @@ "ntu1279.mail.lan" ], "related.ip": [ + "10.90.93.4", "10.39.100.88", "10.92.168.198", - "10.90.93.4", "10.18.176.44" ], "related.user": [ @@ -6579,10 +6579,10 @@ "essequam1161.domain" ], "related.ip": [ - "10.193.43.135", - "10.173.13.179", "10.49.68.8", - "10.163.203.191" + "10.163.203.191", + "10.193.43.135", + "10.173.13.179" ], "related.user": [ "tlab" @@ -6714,9 +6714,9 @@ "item3647.home" ], "related.ip": [ - "10.52.13.192", "10.32.20.4", "10.225.189.229", + "10.52.13.192", "10.86.1.244" ], "related.user": [ diff --git a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json index e2f8690f92cf..e686cb965903 100644 --- a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json @@ -367,8 +367,8 @@ "observer.vendor": "F5", "process.pid": 2289, "related.ip": [ - "10.225.160.182", - "10.204.123.107" + "10.204.123.107", + "10.225.160.182" ], "rsa.internal.messageid": "01490500", "rsa.misc.log_session_id": "eFinib", @@ -1121,8 +1121,8 @@ "observer.vendor": "F5", "process.pid": 571, "related.ip": [ - "10.198.70.58", - "10.6.32.7" + "10.6.32.7", + "10.198.70.58" ], "rsa.internal.messageid": "01490549", "rsa.misc.group": "exerci", @@ -1287,7 +1287,6 @@ "forwarded" ], "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -1477,8 +1476,8 @@ "observer.vendor": "F5", "process.pid": 2943, "related.ip": [ - "10.16.181.60", - "10.142.213.80" + "10.142.213.80", + "10.16.181.60" ], "rsa.internal.messageid": "01490549", "rsa.misc.group": "tationu", @@ -1568,8 +1567,8 @@ "observer.vendor": "F5", "process.pid": 1973, "related.ip": [ - "10.47.99.72", - "10.187.64.126" + "10.187.64.126", + "10.47.99.72" ], "rsa.internal.messageid": "01490500", "rsa.misc.category": "oremipsu", diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json index 06f7ab9a1d1f..d5ba1323a3c5 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json @@ -211,8 +211,8 @@ "tinculp2940.internal.local" ], "related.ip": [ - "10.134.137.177", - "10.202.204.154" + "10.202.204.154", + "10.134.137.177" ], "related.user": [ "orsitame" @@ -397,8 +397,8 @@ "reetdolo2770.www5.local" ], "related.ip": [ - "10.12.44.169", - "10.214.225.125" + "10.214.225.125", + "10.12.44.169" ], "related.user": [ "erep" @@ -459,8 +459,8 @@ "isiu1114.internal.corp" ], "related.ip": [ - "10.198.136.50", - "10.66.108.11" + "10.66.108.11", + "10.198.136.50" ], "related.user": [ "uptatev" @@ -582,8 +582,8 @@ "tatno4987.www5.localhost" ], "related.ip": [ - "10.54.231.100", - "10.203.5.162" + "10.203.5.162", + "10.54.231.100" ], "related.user": [ "umdolore" @@ -644,8 +644,8 @@ "tatno6787.internal.localhost" ], "related.ip": [ - "10.65.83.160", - "10.136.252.240" + "10.136.252.240", + "10.65.83.160" ], "related.user": [ "ender" @@ -828,8 +828,8 @@ "torev7118.internal.domain" ], "related.ip": [ - "10.109.232.112", - "10.72.58.135" + "10.72.58.135", + "10.109.232.112" ], "related.user": [ "xea" @@ -1568,8 +1568,8 @@ "ris3314.mail.invalid" ], "related.ip": [ - "10.177.194.18", - "10.221.89.228" + "10.221.89.228", + "10.177.194.18" ], "related.user": [ "aliquam" @@ -1753,8 +1753,8 @@ "ris727.api.local" ], "related.ip": [ - "10.130.14.60", - "10.14.211.43" + "10.14.211.43", + "10.130.14.60" ], "related.user": [ "litse" @@ -1815,8 +1815,8 @@ "stquido5705.api.host" ], "related.ip": [ - "10.248.101.25", - "10.60.129.15" + "10.60.129.15", + "10.248.101.25" ], "related.user": [ "evolup" @@ -1877,8 +1877,8 @@ "etcons7378.api.lan" ], "related.ip": [ - "10.72.93.28", - "10.111.187.12" + "10.111.187.12", + "10.72.93.28" ], "related.user": [ "niamqui" @@ -2000,8 +2000,8 @@ "tnulapa7592.www.local" ], "related.ip": [ - "10.75.99.127", - "10.195.2.130" + "10.195.2.130", + "10.75.99.127" ], "related.user": [ "inibusB" @@ -2556,8 +2556,8 @@ "ian867.internal.corp" ], "related.ip": [ - "10.41.123.102", - "10.83.130.226" + "10.83.130.226", + "10.41.123.102" ], "related.user": [ "tenim" @@ -2742,8 +2742,8 @@ "nsequat1859.internal.localhost" ], "related.ip": [ - "10.223.119.218", - "10.28.118.160" + "10.28.118.160", + "10.223.119.218" ], "related.user": [ "ntsunt" @@ -2927,8 +2927,8 @@ "rem7043.localhost" ], "related.ip": [ - "10.65.2.106", - "10.227.173.252" + "10.227.173.252", + "10.65.2.106" ], "related.user": [ "itation" @@ -2989,8 +2989,8 @@ "emqu2846.internal.home" ], "related.ip": [ - "10.193.233.229", - "10.28.84.106" + "10.28.84.106", + "10.193.233.229" ], "related.user": [ "tla" @@ -3050,8 +3050,8 @@ "dqu6144.api.localhost" ], "related.ip": [ - "10.210.89.183", - "10.150.245.88" + "10.150.245.88", + "10.210.89.183" ], "related.user": [ "sequa" @@ -3112,8 +3112,8 @@ "giatquov1918.internal.example" ], "related.ip": [ - "10.180.195.43", - "10.85.185.13" + "10.85.185.13", + "10.180.195.43" ], "related.user": [ "voluptas" @@ -3422,8 +3422,8 @@ "naaliq3710.api.local" ], "related.ip": [ - "10.28.82.189", - "10.120.10.211" + "10.120.10.211", + "10.28.82.189" ], "related.user": [ "rcit" @@ -3546,8 +3546,8 @@ "onse380.internal.localdomain" ], "related.ip": [ - "10.226.5.189", - "10.125.165.144" + "10.125.165.144", + "10.226.5.189" ], "related.user": [ "mvolu" @@ -3608,8 +3608,8 @@ "queips4947.mail.example" ], "related.ip": [ - "10.46.56.204", - "10.97.149.97" + "10.97.149.97", + "10.46.56.204" ], "related.user": [ "dolorsit" @@ -3670,8 +3670,8 @@ "oloreseo5039.test" ], "related.ip": [ - "10.28.105.124", - "10.218.0.197" + "10.218.0.197", + "10.28.105.124" ], "related.user": [ "ntNe" @@ -3918,8 +3918,8 @@ "iatqu6203.mail.corp" ], "related.ip": [ - "10.77.77.208", - "10.37.128.49" + "10.37.128.49", + "10.77.77.208" ], "related.user": [ "moles" @@ -3980,8 +3980,8 @@ "ptasnula6576.api.invalid" ], "related.ip": [ - "10.1.96.93", - "10.54.73.158" + "10.54.73.158", + "10.1.96.93" ], "related.user": [ "lloinven" @@ -4104,8 +4104,8 @@ "fugits1163.host" ], "related.ip": [ - "10.77.229.168", - "10.181.247.224" + "10.181.247.224", + "10.77.229.168" ], "related.user": [ "adol" @@ -4166,8 +4166,8 @@ "gitse2463.www5.invalid" ], "related.ip": [ - "10.235.116.121", - "10.72.162.6" + "10.72.162.6", + "10.235.116.121" ], "related.user": [ "oinv" @@ -4289,8 +4289,8 @@ "deriti6952.mail.domain" ], "related.ip": [ - "10.196.96.162", - "10.34.131.224" + "10.34.131.224", + "10.196.96.162" ], "related.user": [ "tnonproi" @@ -4351,8 +4351,8 @@ "abor1370.www.domain" ], "related.ip": [ - "10.97.236.123", - "10.77.78.180" + "10.77.78.180", + "10.97.236.123" ], "related.user": [ "nisi" @@ -4412,8 +4412,8 @@ "emullamc5418.mail.test" ], "related.ip": [ - "10.82.133.66", - "10.45.54.107" + "10.45.54.107", + "10.82.133.66" ], "related.user": [ "olorem" @@ -4474,8 +4474,8 @@ "squirati7050.www5.lan" ], "related.ip": [ - "10.180.180.230", - "10.170.252.219" + "10.170.252.219", + "10.180.180.230" ], "related.user": [ "nse" @@ -4783,8 +4783,8 @@ "totam6886.api.localhost" ], "related.ip": [ - "10.76.125.70", - "10.54.23.133" + "10.54.23.133", + "10.76.125.70" ], "related.user": [ "oloreeu" @@ -4844,8 +4844,8 @@ "laborum5749.www.example" ], "related.ip": [ - "10.189.42.62", - "10.36.110.69" + "10.36.110.69", + "10.189.42.62" ], "related.user": [ "eque" @@ -4906,8 +4906,8 @@ "lup3313.api.home" ], "related.ip": [ - "10.47.179.68", - "10.183.202.82" + "10.183.202.82", + "10.47.179.68" ], "related.user": [ "umfugi" @@ -4968,8 +4968,8 @@ "edq5397.www.test" ], "related.ip": [ - "10.73.28.165", - "10.221.206.74" + "10.221.206.74", + "10.73.28.165" ], "related.user": [ "quas" @@ -5092,8 +5092,8 @@ "rumet6923.www5.lan" ], "related.ip": [ - "10.30.246.132", - "10.208.18.210" + "10.208.18.210", + "10.30.246.132" ], "related.user": [ "veniam" @@ -5154,8 +5154,8 @@ "itse522.internal.localdomain" ], "related.ip": [ - "10.106.249.91", - "10.19.119.17" + "10.19.119.17", + "10.106.249.91" ], "related.user": [ "lit" @@ -5216,8 +5216,8 @@ "amc3059.local" ], "related.ip": [ - "10.181.41.154", - "10.29.109.126" + "10.29.109.126", + "10.181.41.154" ], "related.user": [ "labo" @@ -5278,8 +5278,8 @@ "enbyCi3813.api.domain" ], "related.ip": [ - "10.164.207.42", - "10.164.120.197" + "10.164.120.197", + "10.164.207.42" ], "related.user": [ "pta" @@ -5339,8 +5339,8 @@ "liquipex1155.mail.corp" ], "related.ip": [ - "10.154.191.225", - "10.183.189.133" + "10.183.189.133", + "10.154.191.225" ], "related.user": [ "ita" @@ -5401,8 +5401,8 @@ "isn3991.local" ], "related.ip": [ - "10.29.120.226", - "10.103.189.199" + "10.103.189.199", + "10.29.120.226" ], "related.user": [ "emu" @@ -5462,8 +5462,8 @@ "iumtotam1010.www5.corp" ], "related.ip": [ - "10.133.254.23", - "10.210.153.7" + "10.210.153.7", + "10.133.254.23" ], "related.user": [ "voluptas" @@ -5524,8 +5524,8 @@ "onsecte91.www5.localdomain" ], "related.ip": [ - "10.126.245.73", - "10.91.2.135" + "10.91.2.135", + "10.126.245.73" ], "related.user": [ "olore" @@ -5586,8 +5586,8 @@ "abori7686.internal.host" ], "related.ip": [ - "10.137.85.123", - "10.183.243.246" + "10.183.243.246", + "10.137.85.123" ], "related.user": [ "cid" @@ -5710,8 +5710,8 @@ "orroquis284.api.domain" ], "related.ip": [ - "10.79.73.195", - "10.125.143.153" + "10.125.143.153", + "10.79.73.195" ], "related.user": [ "emip" @@ -5834,8 +5834,8 @@ "rumSecti111.www5.domain" ], "related.ip": [ - "10.87.90.49", - "10.222.245.80" + "10.222.245.80", + "10.87.90.49" ], "related.user": [ "ptatemse" @@ -5958,8 +5958,8 @@ "tDuis3281.www5.localdomain" ], "related.ip": [ - "10.204.178.19", - "10.105.97.134" + "10.105.97.134", + "10.204.178.19" ], "related.user": [ "mexercit" @@ -6020,8 +6020,8 @@ "uptasnul2751.www5.corp" ], "related.ip": [ - "10.194.67.223", - "10.161.64.168" + "10.161.64.168", + "10.194.67.223" ], "related.user": [ "tion" @@ -6081,8 +6081,8 @@ "upt6017.api.localdomain" ], "related.ip": [ - "10.120.148.241", - "10.100.154.220" + "10.100.154.220", + "10.120.148.241" ], "related.user": [ "rsitam" @@ -6143,8 +6143,8 @@ "tpers2217.internal.lan" ], "related.ip": [ - "10.180.90.112", - "10.116.153.19" + "10.116.153.19", + "10.180.90.112" ], "related.user": [ "itessequ" diff --git a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json index 172748796d12..a98f325adb03 100644 --- a/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json +++ b/x-pack/filebeat/module/fortinet/firewall/test/fortinet.log-expected.json @@ -2,7 +2,7 @@ { "@timestamp": "2020-04-23T12:17:48.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 1130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -78,7 +78,7 @@ { "@timestamp": "2020-04-23T01:16:08.000Z", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -149,7 +149,7 @@ { "@timestamp": "2020-04-23T12:17:45.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 6812, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -225,7 +225,7 @@ { "@timestamp": "2020-04-23T13:17:35.000-04:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -300,7 +300,7 @@ { "@timestamp": "2020-04-23T13:17:35.000-04:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -375,7 +375,7 @@ { "@timestamp": "2020-04-23T12:17:29.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -448,7 +448,7 @@ { "@timestamp": "2020-04-23T12:17:29.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -523,7 +523,7 @@ { "@timestamp": "2020-04-23T12:17:11.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -597,7 +597,7 @@ { "@timestamp": "2020-04-23T12:17:04.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -670,7 +670,7 @@ { "@timestamp": "2020-04-23T12:17:12.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -734,7 +734,7 @@ { "@timestamp": "2020-04-23T13:15:18.000-04:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -846,7 +846,7 @@ { "@timestamp": "2020-04-23T12:32:47.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -893,7 +893,7 @@ "rule.description": "IPsec phase 1 error", "service.type": "fortinet", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -909,7 +909,7 @@ { "@timestamp": "2020-04-23T12:32:31.000-05:00", "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.as.organization.name": "LEVEL3", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -961,12 +961,15 @@ "rule.description": "Progress IPsec phase 1", "service.type": "fortinet", "source.as.number": 19281, - "source.as.organization.name": "Quad9", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "FR", - "source.geo.country_name": "France", - "source.geo.location.lat": 48.8582, - "source.geo.location.lon": 2.3387, + "source.as.organization.name": "QUAD9-AS-1", + "source.geo.city_name": "Berkeley", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.8767, + "source.geo.location.lon": -122.2676, + "source.geo.region_iso_code": "US-CA", + "source.geo.region_name": "California", "source.ip": "9.9.9.9", "source.port": 500, "tags": [ @@ -1069,7 +1072,7 @@ { "@timestamp": "2020-04-23T12:32:00.000-05:00", "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.as.organization.name": "LEVEL3", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1120,6 +1123,8 @@ ], "rule.description": "Progress IPsec phase 1", "service.type": "fortinet", + "source.as.number": 8003, + "source.as.organization.name": "GRS-DOD", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -1205,7 +1210,7 @@ { "@timestamp": "2020-04-23T12:23:47.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1253,7 +1258,7 @@ { "@timestamp": "2020-04-23T12:23:47.000-05:00", "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.as.organization.name": "LEVEL3", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1415,7 +1420,7 @@ { "@timestamp": "2020-04-23T12:14:09.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1484,7 +1489,7 @@ { "@timestamp": "2020-04-23T12:11:51.000-05:00", "destination.as.number": 40386, - "destination.as.organization.name": "Bloomip Inc.", + "destination.as.organization.name": "BLOOMIP", "destination.bytes": 65446, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1557,8 +1562,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 39.9288, - "source.geo.location.lon": 116.3889, + "source.geo.location.lat": 39.9285, + "source.geo.location.lon": 116.385, "source.geo.region_iso_code": "CN-BJ", "source.geo.region_name": "Beijing", "source.ip": "192.168.10.10", @@ -1574,7 +1579,7 @@ { "@timestamp": "2020-04-23T12:11:48.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 20, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1635,7 +1640,7 @@ "rule.ruleset": "someotherpolicy", "service.type": "fortinet", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.bytes": 3014, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1652,7 +1657,7 @@ { "@timestamp": "2020-04-23T13:10:57.000-04:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 10, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1797,7 +1802,7 @@ { "@timestamp": "2020-04-23T12:14:28.000-05:00", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 77654, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1882,7 +1887,7 @@ "rule.uuid": "654644c-b064-fdgdf3425-f003-1234ghdf682e05f", "service.type": "fortinet", "source.as.number": 14618, - "source.as.organization.name": "Amazon.com, Inc.", + "source.as.organization.name": "AMAZON-AES", "source.bytes": 923, "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", @@ -1975,7 +1980,7 @@ { "@timestamp": "2020-11-02T08:11:38.000Z", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json index ebb3d607be5c..7a1b10c86da7 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json @@ -596,8 +596,8 @@ "lamcolab3252.www.invalid" ], "related.ip": [ - "10.177.36.38", - "10.179.124.125" + "10.179.124.125", + "10.177.36.38" ], "rsa.email.email_dst": "ectio", "rsa.email.email_src": "sequine", @@ -1011,8 +1011,8 @@ "lapariat7287.internal.host" ], "related.ip": [ - "10.68.246.187", - "10.140.7.83" + "10.140.7.83", + "10.68.246.187" ], "rsa.email.email_dst": "gna", "rsa.email.email_src": "icabo", @@ -1262,12 +1262,12 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "atise3421.www5.localdomain", - "estl5804.internal.local" + "estl5804.internal.local", + "atise3421.www5.localdomain" ], "related.ip": [ - "10.73.207.70", - "10.179.210.218" + "10.179.210.218", + "10.73.207.70" ], "rsa.email.email_dst": "rumSecti", "rsa.email.email_src": "taut", @@ -3131,12 +3131,12 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "taevitae6868.www.corp", - "modi6930.internal.test" + "modi6930.internal.test", + "taevitae6868.www.corp" ], "related.ip": [ - "10.161.1.146", - "10.60.164.100" + "10.60.164.100", + "10.161.1.146" ], "rsa.email.email_dst": "nproiden", "rsa.email.email_src": "etconse", @@ -3235,12 +3235,12 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "tetura7106.www5.corp", - "uradip7802.mail.example" + "uradip7802.mail.example", + "tetura7106.www5.corp" ], "related.ip": [ - "10.44.35.57", - "10.93.239.216" + "10.93.239.216", + "10.44.35.57" ], "rsa.email.email_dst": "ciun", "rsa.email.email_src": "vento", diff --git a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json index 50a83d1ed285..8cf2ccdf9016 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json @@ -28,9 +28,9 @@ "modtempo" ], "related.ip": [ - "10.189.58.145", "10.20.234.169", - "10.44.173.44" + "10.44.173.44", + "10.189.58.145" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -99,8 +99,8 @@ "aer445.host" ], "related.ip": [ - "10.62.4.246", - "10.171.204.166" + "10.171.204.166", + "10.62.4.246" ], "related.user": [ "oluptas" @@ -110,8 +110,8 @@ "rsa.investigations.event_vcat": "eius", "rsa.misc.OS": "anonnu", "rsa.misc.action": [ - "accept", - "mol" + "mol", + "accept" ], "rsa.misc.category": "exe", "rsa.misc.client": "radip", @@ -188,8 +188,8 @@ "ccaecat" ], "related.ip": [ - "10.200.188.142", "10.15.159.80", + "10.200.188.142", "10.94.103.117" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -255,9 +255,9 @@ "lorem" ], "related.ip": [ - "10.27.88.95", + "10.50.112.141", "10.131.233.27", - "10.50.112.141" + "10.27.88.95" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -322,13 +322,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.5670", "related.hosts": [ - "roinBCSe", "ntutl", + "roinBCSe", "olo7148.mail.home" ], "related.ip": [ - "10.87.212.179", - "10.157.213.15" + "10.157.213.15", + "10.87.212.179" ], "related.user": [ "rveli" @@ -513,8 +513,8 @@ "equep5085.mail.domain" ], "related.ip": [ - "10.95.64.124", - "10.195.36.51" + "10.195.36.51", + "10.95.64.124" ], "related.user": [ "nnum" @@ -602,8 +602,8 @@ "labore" ], "related.ip": [ - "10.176.216.90", "10.186.85.3", + "10.176.216.90", "10.114.16.155" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -668,8 +668,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.3917", "related.hosts": [ - "sperna", "gnido", + "sperna", "eturadi6608.mail.host" ], "related.ip": [ @@ -761,8 +761,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.2580", "related.hosts": [ - "ecte", "tani", + "ecte", "ipsumdol4488.api.localdomain" ], "related.ip": [ @@ -777,8 +777,8 @@ "rsa.investigations.event_vcat": "tDuisaut", "rsa.misc.OS": "Nequepor", "rsa.misc.action": [ - "deny", - "sno" + "sno", + "deny" ], "rsa.misc.category": "idolo", "rsa.misc.client": "volu", @@ -855,9 +855,9 @@ "diconseq" ], "related.ip": [ - "10.238.164.74", + "10.58.214.16", "10.106.162.153", - "10.58.214.16" + "10.238.164.74" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -922,9 +922,9 @@ "tenimad" ], "related.ip": [ - "10.225.141.20", + "10.217.150.196", "10.110.31.190", - "10.217.150.196" + "10.225.141.20" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -988,13 +988,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.3319", "related.hosts": [ - "mestq", "amc", + "mestq", "cusant4946.www.domain" ], "related.ip": [ - "10.137.56.173", - "10.69.103.176" + "10.69.103.176", + "10.137.56.173" ], "related.user": [ "proide" @@ -1004,8 +1004,8 @@ "rsa.investigations.event_vcat": "xer", "rsa.misc.OS": "fugi", "rsa.misc.action": [ - "umdolo", - "deny" + "deny", + "umdolo" ], "rsa.misc.category": "conseq", "rsa.misc.client": "cusant", @@ -1082,9 +1082,9 @@ "onsecte" ], "related.ip": [ + "10.5.235.217", "10.25.212.118", - "10.30.47.165", - "10.5.235.217" + "10.30.47.165" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1148,8 +1148,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.225", "related.hosts": [ - "tvolu", "equaturv", + "tvolu", "ccaeca5504.internal.example" ], "related.ip": [ @@ -1164,8 +1164,8 @@ "rsa.investigations.event_vcat": "psumqu", "rsa.misc.OS": "oraincid", "rsa.misc.action": [ - "ritt", - "deny" + "deny", + "ritt" ], "rsa.misc.category": "idunt", "rsa.misc.client": "siu", @@ -1309,9 +1309,9 @@ "tla" ], "related.ip": [ + "10.241.132.176", "10.245.187.229", - "10.67.132.242", - "10.241.132.176" + "10.67.132.242" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1484,8 +1484,8 @@ "rsa.investigations.event_vcat": "metcons", "rsa.misc.OS": "ehende", "rsa.misc.action": [ - "umf", - "deny" + "deny", + "umf" ], "rsa.misc.category": "emUte", "rsa.misc.client": "archite", @@ -1577,8 +1577,8 @@ "rsa.investigations.event_vcat": "boNem", "rsa.misc.OS": "ntium", "rsa.misc.action": [ - "block", - "acommodi" + "acommodi", + "block" ], "rsa.misc.category": "inrepreh", "rsa.misc.client": "moles", @@ -1654,13 +1654,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.7544", "related.hosts": [ - "billoinv", "ntium", + "billoinv", "orinrep5386.www.corp" ], "related.ip": [ - "10.208.21.135", - "10.253.228.140" + "10.253.228.140", + "10.208.21.135" ], "related.user": [ "inculp" @@ -1752,8 +1752,8 @@ "henderi724.www5.home" ], "related.ip": [ - "10.243.226.122", - "10.3.23.172" + "10.3.23.172", + "10.243.226.122" ], "related.user": [ "olorem" @@ -1763,8 +1763,8 @@ "rsa.investigations.event_vcat": "ess", "rsa.misc.OS": "equatDu", "rsa.misc.action": [ - "emullamc", - "cancel" + "cancel", + "emullamc" ], "rsa.misc.category": "niamquis", "rsa.misc.client": "tutlabo", @@ -1840,13 +1840,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.5380", "related.hosts": [ - "uei", "onse", + "uei", "reseosqu1629.mail.lan" ], "related.ip": [ - "10.106.85.174", - "10.94.242.80" + "10.94.242.80", + "10.106.85.174" ], "related.user": [ "lmo" @@ -1936,8 +1936,8 @@ ], "related.ip": [ "10.117.63.181", - "10.168.20.20", - "10.247.53.179" + "10.247.53.179", + "10.168.20.20" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2007,8 +2007,8 @@ "tasnul4179.internal.host" ], "related.ip": [ - "10.53.168.187", - "10.141.156.217" + "10.141.156.217", + "10.53.168.187" ], "related.user": [ "amqu" @@ -2018,8 +2018,8 @@ "rsa.investigations.event_vcat": "illumq", "rsa.misc.OS": "idata", "rsa.misc.action": [ - "emacc", - "block" + "block", + "emacc" ], "rsa.misc.category": "ueporro", "rsa.misc.client": "veli", @@ -2096,8 +2096,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.3402", "related.hosts": [ - "tur", "imavenia", + "tur", "bore5546.www.local" ], "related.ip": [ @@ -2112,8 +2112,8 @@ "rsa.investigations.event_vcat": "eturadip", "rsa.misc.OS": "turadip", "rsa.misc.action": [ - "odoc", - "accept" + "accept", + "odoc" ], "rsa.misc.category": "volup", "rsa.misc.client": "tur", @@ -2194,8 +2194,8 @@ "Utenima260.mail.invalid" ], "related.ip": [ - "10.181.183.104", - "10.151.170.207" + "10.151.170.207", + "10.181.183.104" ], "related.user": [ "iosamni" @@ -2287,8 +2287,8 @@ "uido2046.mail.lan" ], "related.ip": [ - "10.70.7.23", - "10.130.240.11" + "10.130.240.11", + "10.70.7.23" ], "related.user": [ "eavolup" @@ -2298,8 +2298,8 @@ "rsa.investigations.event_vcat": "uatu", "rsa.misc.OS": "tnulapar", "rsa.misc.action": [ - "deny", - "odic" + "odic", + "deny" ], "rsa.misc.category": "deri", "rsa.misc.client": "scivelit", @@ -2376,8 +2376,8 @@ "uio" ], "related.ip": [ - "10.37.161.101", "10.17.209.252", + "10.37.161.101", "10.111.182.212" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -2509,8 +2509,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.5978", "related.hosts": [ - "porissu", "tuser", + "porissu", "con6049.internal.lan" ], "related.ip": [ @@ -2604,8 +2604,8 @@ ], "related.ip": [ "10.174.17.46", - "10.38.168.190", - "10.77.105.81" + "10.77.105.81", + "10.38.168.190" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2670,9 +2670,9 @@ "ons" ], "related.ip": [ + "10.225.37.73", "10.36.99.207", - "10.166.142.198", - "10.225.37.73" + "10.166.142.198" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2737,8 +2737,8 @@ "eturadip" ], "related.ip": [ - "10.145.194.12", "10.214.156.161", + "10.145.194.12", "10.66.90.225" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -2804,9 +2804,9 @@ "iutal" ], "related.ip": [ - "10.163.36.101", "10.6.242.108", - "10.156.208.5" + "10.156.208.5", + "10.163.36.101" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2870,8 +2870,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.4713", "related.hosts": [ - "data", "epteurs", + "data", "remeum2641.www5.corp" ], "related.ip": [ @@ -2979,8 +2979,8 @@ "rsa.investigations.event_vcat": "ihi", "rsa.misc.OS": "amquaera", "rsa.misc.action": [ - "allow", - "nimides" + "nimides", + "allow" ], "rsa.misc.category": "mve", "rsa.misc.client": "plica", @@ -3057,8 +3057,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.4442", "related.hosts": [ - "uae", "fugi", + "uae", "mea6298.api.example" ], "related.ip": [ @@ -3150,13 +3150,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.3804", "related.hosts": [ - "atcupi", "nder", + "atcupi", "iqu7510.internal.corp" ], "related.ip": [ - "10.49.82.45", - "10.179.153.97" + "10.179.153.97", + "10.49.82.45" ], "related.user": [ "dictasun" @@ -3166,8 +3166,8 @@ "rsa.investigations.event_vcat": "tatemse", "rsa.misc.OS": "eturadi", "rsa.misc.action": [ - "accept", - "ade" + "ade", + "accept" ], "rsa.misc.category": "laboreet", "rsa.misc.client": "ano", @@ -3244,8 +3244,8 @@ "lors" ], "related.ip": [ - "10.99.55.115", "10.98.52.184", + "10.99.55.115", "10.205.83.138" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -3364,8 +3364,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ - "moll", - "ntoccae2859.www.test" + "ntoccae2859.www.test", + "moll" ], "related.user": [ "cteturad" @@ -3424,8 +3424,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.7318", "related.hosts": [ - "umdol", "ptat", + "umdol", "deFinibu3940.internal.lan" ], "related.ip": [ @@ -3440,8 +3440,8 @@ "rsa.investigations.event_vcat": "uiratio", "rsa.misc.OS": "xce", "rsa.misc.action": [ - "cons", - "cancel" + "cancel", + "cons" ], "rsa.misc.category": "ciun", "rsa.misc.client": "amquisn", @@ -3517,8 +3517,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.4895", "related.hosts": [ - "ipexeac", "ficiade", + "ipexeac", "tatiset4191.localdomain" ], "related.ip": [ @@ -3678,8 +3678,8 @@ "atuse" ], "related.ip": [ - "10.21.203.112", "10.225.34.176", + "10.21.203.112", "10.103.36.192" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -3745,9 +3745,9 @@ "usantiu" ], "related.ip": [ + "10.118.111.183", "10.140.59.161", - "10.5.67.140", - "10.118.111.183" + "10.5.67.140" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3811,13 +3811,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4493", "related.hosts": [ - "labor", "veleumiu", + "labor", "nimadmi4084.api.home" ], "related.ip": [ - "10.7.70.169", - "10.28.212.191" + "10.28.212.191", + "10.7.70.169" ], "related.user": [ "itsed" @@ -3827,8 +3827,8 @@ "rsa.investigations.event_vcat": "Loremips", "rsa.misc.OS": "eritquii", "rsa.misc.action": [ - "accept", - "nostru" + "nostru", + "accept" ], "rsa.misc.category": "amnisiu", "rsa.misc.client": "rcita", @@ -3909,8 +3909,8 @@ "reprehe3525.www5.example" ], "related.ip": [ - "10.143.144.52", - "10.148.197.60" + "10.148.197.60", + "10.143.144.52" ], "related.user": [ "rporis" @@ -3999,8 +3999,8 @@ ], "related.ip": [ "10.22.149.132", - "10.217.145.137", - "10.251.183.113" + "10.251.183.113", + "10.217.145.137" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4065,9 +4065,9 @@ "nisi" ], "related.ip": [ + "10.203.66.175", "10.51.60.203", - "10.183.16.252", - "10.203.66.175" + "10.183.16.252" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4131,13 +4131,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.409", "related.hosts": [ - "doei", "magnama", + "doei", "ursint411.www.lan" ], "related.ip": [ - "10.61.200.105", - "10.157.14.165" + "10.157.14.165", + "10.61.200.105" ], "related.user": [ "nimadmi" @@ -4147,8 +4147,8 @@ "rsa.investigations.event_vcat": "nisiuta", "rsa.misc.OS": "olu", "rsa.misc.action": [ - "tquov", - "accept" + "accept", + "tquov" ], "rsa.misc.category": "quatD", "rsa.misc.client": "acomm", @@ -4229,8 +4229,8 @@ "ididunt7607.mail.localhost" ], "related.ip": [ - "10.242.178.15", - "10.217.111.77" + "10.217.111.77", + "10.242.178.15" ], "related.user": [ "nimadmin" @@ -4240,8 +4240,8 @@ "rsa.investigations.event_vcat": "psaqu", "rsa.misc.OS": "nevolu", "rsa.misc.action": [ - "allow", - "datatno" + "datatno", + "allow" ], "rsa.misc.category": "ionu", "rsa.misc.client": "ugiatn", @@ -4317,13 +4317,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.142", "related.hosts": [ - "rsita", "ommodoco", + "rsita", "mco2906.domain" ], "related.ip": [ - "10.199.119.251", - "10.86.152.227" + "10.86.152.227", + "10.199.119.251" ], "related.user": [ "msequin" @@ -4333,8 +4333,8 @@ "rsa.investigations.event_vcat": "ora", "rsa.misc.OS": "ommod", "rsa.misc.action": [ - "ant", - "cancel" + "cancel", + "ant" ], "rsa.misc.category": "rehende", "rsa.misc.client": "rehe", @@ -4415,8 +4415,8 @@ "ntex5135.corp" ], "related.ip": [ - "10.234.171.117", - "10.239.194.105" + "10.239.194.105", + "10.234.171.117" ], "related.user": [ "tat" @@ -4426,8 +4426,8 @@ "rsa.investigations.event_vcat": "uia", "rsa.misc.OS": "mquae", "rsa.misc.action": [ - "deny", - "tenatus" + "tenatus", + "deny" ], "rsa.misc.category": "abo", "rsa.misc.client": "umtota", @@ -4506,8 +4506,8 @@ ], "related.ip": [ "10.107.168.208", - "10.34.41.75", - "10.249.16.201" + "10.249.16.201", + "10.34.41.75" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4664,13 +4664,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.1353", "related.hosts": [ - "iatn", "nibusB", + "iatn", "ulamc767.internal.lan" ], "related.ip": [ - "10.47.191.95", - "10.112.155.228" + "10.112.155.228", + "10.47.191.95" ], "related.user": [ "aed" @@ -4758,9 +4758,9 @@ "metco" ], "related.ip": [ - "10.140.137.17", + "10.103.169.94", "10.62.241.218", - "10.103.169.94" + "10.140.137.17" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4907,8 +4907,8 @@ "rsa.investigations.event_vcat": "animi", "rsa.misc.OS": "tisunde", "rsa.misc.action": [ - "cancel", - "aut" + "aut", + "cancel" ], "rsa.misc.category": "lamcorpo", "rsa.misc.client": "com", @@ -4984,8 +4984,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.491", "related.hosts": [ - "boru", "edutpe", + "boru", "istenatu3686.invalid" ], "related.ip": [ @@ -5000,8 +5000,8 @@ "rsa.investigations.event_vcat": "uatDuisa", "rsa.misc.OS": "citation", "rsa.misc.action": [ - "accept", - "utlabore" + "utlabore", + "accept" ], "rsa.misc.category": "reeu", "rsa.misc.client": "ntut", @@ -5079,8 +5079,8 @@ ], "related.ip": [ "10.157.22.21", - "10.228.61.5", - "10.246.41.77" + "10.246.41.77", + "10.228.61.5" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5145,8 +5145,8 @@ "llumdo" ], "related.ip": [ - "10.242.119.111", "10.239.231.168", + "10.242.119.111", "10.188.131.18" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -5211,8 +5211,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.979", "related.hosts": [ - "iden", "lorem", + "iden", "tru3812.mail.lan" ], "related.ip": [ @@ -5291,8 +5291,8 @@ "observer.type": "Configuration", "observer.vendor": "Fortinet", "related.hosts": [ - "etdol408.internal.home", - "mid" + "mid", + "etdol408.internal.home" ], "related.user": [ "rehe" @@ -5367,8 +5367,8 @@ "rsa.investigations.event_vcat": "empori", "rsa.misc.OS": "ostru", "rsa.misc.action": [ - "allow", - "quepor" + "quepor", + "allow" ], "rsa.misc.category": "cipitla", "rsa.misc.client": "exeacomm", @@ -5444,13 +5444,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.6452", "related.hosts": [ - "tem", "cons", + "tem", "mdolo7008.api.corp" ], "related.ip": [ - "10.78.75.82", - "10.162.128.87" + "10.162.128.87", + "10.78.75.82" ], "related.user": [ "Sedutp" @@ -5460,8 +5460,8 @@ "rsa.investigations.event_vcat": "adol", "rsa.misc.OS": "ita", "rsa.misc.action": [ - "uptat", - "accept" + "accept", + "uptat" ], "rsa.misc.category": "uidexea", "rsa.misc.client": "orpori", @@ -5538,9 +5538,9 @@ "reseosqu" ], "related.ip": [ - "10.137.36.151", + "10.51.106.43", "10.75.198.93", - "10.51.106.43" + "10.137.36.151" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5605,9 +5605,9 @@ "caecatcu" ], "related.ip": [ + "10.7.230.206", "10.154.151.111", - "10.249.93.150", - "10.7.230.206" + "10.249.93.150" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -5687,8 +5687,8 @@ "rsa.investigations.event_vcat": "santiumd", "rsa.misc.OS": "oris", "rsa.misc.action": [ - "deny", - "rsitame" + "rsitame", + "deny" ], "rsa.misc.category": "agnaal", "rsa.misc.client": "urmagn", @@ -5769,8 +5769,8 @@ "dquiac6194.api.lan" ], "related.ip": [ - "10.241.140.241", - "10.180.162.174" + "10.180.162.174", + "10.241.140.241" ], "related.user": [ "nulapar" @@ -5780,8 +5780,8 @@ "rsa.investigations.event_vcat": "luptatev", "rsa.misc.OS": "emipsu", "rsa.misc.action": [ - "accept", - "ido" + "ido", + "accept" ], "rsa.misc.category": "litse", "rsa.misc.client": "evita", @@ -5862,8 +5862,8 @@ "amco1592.mail.host" ], "related.ip": [ - "10.110.99.222", - "10.62.140.108" + "10.62.140.108", + "10.110.99.222" ], "related.user": [ "moenimi" @@ -5873,8 +5873,8 @@ "rsa.investigations.event_vcat": "atvolupt", "rsa.misc.OS": "riosam", "rsa.misc.action": [ - "ssitasp", - "deny" + "deny", + "ssitasp" ], "rsa.misc.category": "enimadmi", "rsa.misc.client": "uatDui", @@ -5950,13 +5950,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.2691", "related.hosts": [ - "orroqu", "ratio", + "orroqu", "dicta7226.mail.example" ], "related.ip": [ - "10.53.50.77", - "10.4.244.115" + "10.4.244.115", + "10.53.50.77" ], "related.user": [ "idolo" @@ -6044,9 +6044,9 @@ "eleumiu" ], "related.ip": [ - "10.120.212.78", + "10.236.211.111", "10.221.100.157", - "10.236.211.111" + "10.120.212.78" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6126,8 +6126,8 @@ "rsa.investigations.event_vcat": "lauda", "rsa.misc.OS": "enatuser", "rsa.misc.action": [ - "rios", - "accept" + "accept", + "rios" ], "rsa.misc.category": "aUte", "rsa.misc.client": "iusm", @@ -6204,8 +6204,8 @@ "nimides" ], "related.ip": [ - "10.53.251.202", "10.226.255.3", + "10.53.251.202", "10.123.59.69" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -6271,9 +6271,9 @@ "edut" ], "related.ip": [ + "10.29.141.252", "10.3.85.176", - "10.212.56.26", - "10.29.141.252" + "10.212.56.26" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6431,8 +6431,8 @@ "mes" ], "related.ip": [ - "10.11.150.136", "10.83.98.220", + "10.11.150.136", "10.171.60.173" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -6499,8 +6499,8 @@ ], "related.ip": [ "10.238.49.73", - "10.74.88.209", - "10.92.3.166" + "10.92.3.166", + "10.74.88.209" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6565,9 +6565,9 @@ "ptate" ], "related.ip": [ - "10.187.107.47", "10.84.200.121", - "10.119.248.36" + "10.119.248.36", + "10.187.107.47" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6633,8 +6633,8 @@ ], "related.ip": [ "10.30.239.222", - "10.135.213.17", - "10.167.128.229" + "10.167.128.229", + "10.135.213.17" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6703,8 +6703,8 @@ "rspic5637.api.local" ], "related.ip": [ - "10.169.133.219", - "10.115.166.48" + "10.115.166.48", + "10.169.133.219" ], "related.user": [ "emq" @@ -6714,8 +6714,8 @@ "rsa.investigations.event_vcat": "iumdol", "rsa.misc.OS": "min", "rsa.misc.action": [ - "eleumiur", - "block" + "block", + "eleumiur" ], "rsa.misc.category": "ero", "rsa.misc.client": "gia", @@ -6885,9 +6885,9 @@ "emaperi" ], "related.ip": [ + "10.224.212.88", "10.53.82.96", - "10.35.240.70", - "10.224.212.88" + "10.35.240.70" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6952,9 +6952,9 @@ "oeius" ], "related.ip": [ - "10.233.128.7", "10.66.149.234", - "10.186.253.240" + "10.186.253.240", + "10.233.128.7" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7019,9 +7019,9 @@ "irat" ], "related.ip": [ + "10.173.140.201", "10.227.133.134", - "10.46.11.114", - "10.173.140.201" + "10.46.11.114" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7087,8 +7087,8 @@ ], "related.ip": [ "10.170.236.123", - "10.205.18.11", - "10.69.130.207" + "10.69.130.207", + "10.205.18.11" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7152,13 +7152,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.2682", "related.hosts": [ - "ine", "rehend", + "ine", "velill3821.mail.invalid" ], "related.ip": [ - "10.97.254.192", - "10.124.34.251" + "10.124.34.251", + "10.97.254.192" ], "related.user": [ "epor" @@ -7168,8 +7168,8 @@ "rsa.investigations.event_vcat": "lica", "rsa.misc.OS": "taedi", "rsa.misc.action": [ - "imide", - "deny" + "deny", + "imide" ], "rsa.misc.category": "iurere", "rsa.misc.client": "ollitan", @@ -7246,9 +7246,9 @@ "ineavol" ], "related.ip": [ + "10.81.58.91", "10.9.41.221", - "10.204.98.238", - "10.81.58.91" + "10.204.98.238" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7360,9 +7360,9 @@ "uipex" ], "related.ip": [ + "10.212.208.70", "10.35.84.125", - "10.37.120.29", - "10.212.208.70" + "10.37.120.29" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7428,8 +7428,8 @@ ], "related.ip": [ "10.143.65.84", - "10.199.201.26", - "10.207.207.106" + "10.207.207.106", + "10.199.201.26" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7494,9 +7494,9 @@ "gni" ], "related.ip": [ + "10.41.61.88", "10.204.27.48", - "10.163.236.253", - "10.41.61.88" + "10.163.236.253" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7561,9 +7561,9 @@ "dents" ], "related.ip": [ - "10.246.81.164", + "10.185.44.26", "10.53.110.111", - "10.185.44.26" + "10.246.81.164" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7628,8 +7628,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.802", "related.hosts": [ - "proid", "lam", + "proid", "cupida6106.www5.local" ], "related.ip": [ @@ -7721,8 +7721,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.2314", "related.hosts": [ - "stenat", "umtotam", + "stenat", "unt2122.internal.local" ], "related.ip": [ @@ -7814,13 +7814,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4674", "related.hosts": [ - "ita", "oremeu", + "ita", "luptat2613.internal.localhost" ], "related.ip": [ - "10.139.144.75", - "10.182.124.88" + "10.182.124.88", + "10.139.144.75" ], "related.user": [ "modo" @@ -7912,8 +7912,8 @@ "neavo4796.internal.domain" ], "related.ip": [ - "10.188.124.185", - "10.35.10.19" + "10.35.10.19", + "10.188.124.185" ], "related.user": [ "dolo" @@ -7923,8 +7923,8 @@ "rsa.investigations.event_vcat": "olupt", "rsa.misc.OS": "rumw", "rsa.misc.action": [ - "tali", - "block" + "block", + "tali" ], "rsa.misc.category": "itsedq", "rsa.misc.client": "esciu", diff --git a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index 4f3a02641414..44ead54b23cb 100644 --- a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -80,7 +80,6 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -138,7 +137,6 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -191,7 +189,6 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -238,7 +235,6 @@ ], "user.email": "system:serviceaccount:cert-manager:cert-manager-webhook", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", "user_agent.os.name": "Linux" @@ -283,21 +279,17 @@ "log.offset": 7530, "service.name": "compute.googleapis.com", "service.type": "gcp", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "tags": [ "forwarded" ], "user.email": "user@mycompany.com", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", "user_agent.os.full": "Mac OS X 19.6.0", @@ -330,21 +322,20 @@ "service.type": "gcp", "source.as.number": 3215, "source.as.organization.name": "Orange", - "source.geo.city_name": "Clermont-Ferrand", + "source.geo.city_name": "Valuejols", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", "source.geo.country_name": "France", - "source.geo.location.lat": 45.7838, - "source.geo.location.lon": 3.0966, - "source.geo.region_iso_code": "FR-63", - "source.geo.region_name": "Puy-de-D\u00f4me", + "source.geo.location.lat": 45.0537, + "source.geo.location.lon": 2.9286, + "source.geo.region_iso_code": "FR-15", + "source.geo.region_name": "Cantal", "source.ip": "2.3.4.5", "tags": [ "forwarded" ], "user.email": "user@mycompany.com", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", diff --git a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index eeba0d7268c3..5d4fba70648a 100644 --- a/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2019-11-12T12:35:17.214Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -799,7 +799,7 @@ "@timestamp": "2019-11-12T12:41:20.972Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -865,7 +865,7 @@ "@timestamp": "2019-11-12T12:42:26.505Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json index abd84e262724..8e04dedd161a 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-application-test.json.log-expected.json @@ -39,7 +39,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -99,7 +99,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -159,7 +159,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -217,7 +217,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -271,7 +271,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -324,7 +324,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -377,7 +377,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -431,7 +431,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -484,7 +484,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json index b2d9d4912151..d42c03934969 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-calendar-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -84,7 +84,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -140,7 +140,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -193,7 +193,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -246,7 +246,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -299,7 +299,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -352,7 +352,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -409,7 +409,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -463,7 +463,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -519,7 +519,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -579,7 +579,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -632,7 +632,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -688,7 +688,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json index 4caec2adf2df..53b0f0180659 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chat-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -82,7 +82,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -135,7 +135,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -195,7 +195,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json index f81d96a81f14..d045943fb0ab 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-chromeos-test.json.log-expected.json @@ -39,7 +39,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -94,7 +94,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -155,7 +155,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -208,7 +208,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -260,7 +260,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -316,7 +316,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -371,7 +371,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -427,7 +427,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -479,7 +479,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -531,7 +531,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -585,7 +585,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -637,7 +637,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -689,7 +689,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -743,7 +743,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -799,7 +799,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -855,7 +855,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -912,7 +912,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -967,7 +967,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1019,7 +1019,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1072,7 +1072,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1129,7 +1129,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json index 5db40eec65c3..2acbc59b7eff 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-contacts-test.json.log-expected.json @@ -35,7 +35,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json index 608736f71670..fe60dc4ed5f0 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-delegatedadmin-test.json.log-expected.json @@ -33,7 +33,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -89,7 +89,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -142,7 +142,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -196,7 +196,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -250,7 +250,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -303,7 +303,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -356,7 +356,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -411,7 +411,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json index fd8de3b21d11..2fc51b51c21b 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-docs-test.json.log-expected.json @@ -33,7 +33,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -92,7 +92,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -155,7 +155,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json index 65e1fe272a7a..a649e8bbd3b5 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-domain-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -85,7 +85,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -138,7 +138,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -192,7 +192,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -244,7 +244,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -296,7 +296,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -348,7 +348,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -402,7 +402,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -455,7 +455,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -509,7 +509,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -562,7 +562,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -615,7 +615,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -668,7 +668,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -721,7 +721,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -775,7 +775,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -829,7 +829,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -883,7 +883,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -938,7 +938,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -995,7 +995,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1048,7 +1048,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1102,7 +1102,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1155,7 +1155,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1208,7 +1208,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1263,7 +1263,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1319,7 +1319,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1373,7 +1373,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1428,7 +1428,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1482,7 +1482,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1534,7 +1534,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1588,7 +1588,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1640,7 +1640,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1694,7 +1694,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1749,7 +1749,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1803,7 +1803,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1855,7 +1855,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1907,7 +1907,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1961,7 +1961,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2015,7 +2015,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2068,7 +2068,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2121,7 +2121,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2175,7 +2175,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2227,7 +2227,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2279,7 +2279,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2333,7 +2333,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2387,7 +2387,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2441,7 +2441,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2495,7 +2495,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2549,7 +2549,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2600,7 +2600,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2654,7 +2654,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2708,7 +2708,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2762,7 +2762,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2815,7 +2815,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2867,7 +2867,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2921,7 +2921,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2978,7 +2978,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3032,7 +3032,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3084,7 +3084,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3136,7 +3136,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3190,7 +3190,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3244,7 +3244,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3300,7 +3300,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3354,7 +3354,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3408,7 +3408,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3462,7 +3462,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3517,7 +3517,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3570,7 +3570,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3623,7 +3623,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3677,7 +3677,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3730,7 +3730,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3782,7 +3782,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3834,7 +3834,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3886,7 +3886,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3938,7 +3938,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3991,7 +3991,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4045,7 +4045,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4098,7 +4098,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4151,7 +4151,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4204,7 +4204,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4257,7 +4257,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4310,7 +4310,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4364,7 +4364,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4417,7 +4417,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4468,7 +4468,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4520,7 +4520,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json index 86bbb3cbcbb6..88c47154a0f6 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-gmail-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -89,7 +89,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -145,7 +145,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -208,7 +208,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -264,7 +264,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -320,7 +320,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -376,7 +376,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -429,7 +429,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -482,7 +482,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json index d9c9e452f409..fd0ad4673796 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-groups-test.json.log-expected.json @@ -33,7 +33,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -88,7 +88,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -143,7 +143,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -195,7 +195,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -252,7 +252,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -314,7 +314,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -378,7 +378,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -442,7 +442,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -506,7 +506,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -565,7 +565,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -617,7 +617,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -673,7 +673,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -731,7 +731,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -788,7 +788,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json index c4dd9cdd54cc..67ba9e5bd23c 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-licenses-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -86,7 +86,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -141,7 +141,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -198,7 +198,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -254,7 +254,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -311,7 +311,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -366,7 +366,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -424,7 +424,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json index 099e46ceb466..2f82c0072870 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-mobile-test.json.log-expected.json @@ -36,7 +36,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -97,7 +97,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -154,7 +154,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -206,7 +206,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -259,7 +259,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -312,7 +312,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -365,7 +365,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -418,7 +418,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -476,7 +476,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -529,7 +529,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -584,7 +584,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -643,7 +643,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -698,7 +698,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -754,7 +754,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -813,7 +813,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -872,7 +872,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -931,7 +931,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -991,7 +991,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1044,7 +1044,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1098,7 +1098,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1152,7 +1152,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1206,7 +1206,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1260,7 +1260,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1314,7 +1314,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1365,7 +1365,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1416,7 +1416,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1467,7 +1467,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1518,7 +1518,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1574,7 +1574,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1633,7 +1633,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1692,7 +1692,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json index efb0d4fefd70..48b0de387167 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-org-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -141,7 +141,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -197,7 +197,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -249,7 +249,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -301,7 +301,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -353,7 +353,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -405,7 +405,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -457,7 +457,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -511,7 +511,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -563,7 +563,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -615,7 +615,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -667,7 +667,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -720,7 +720,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -773,7 +773,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -825,7 +825,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -883,7 +883,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json index 38b52a4fde71..fd8170a59991 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-security-test.json.log-expected.json @@ -33,7 +33,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -141,7 +141,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -198,7 +198,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -253,7 +253,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -308,7 +308,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -361,7 +361,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -419,7 +419,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -477,7 +477,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -535,7 +535,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -593,7 +593,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -650,7 +650,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -702,7 +702,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -755,7 +755,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -811,7 +811,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -863,7 +863,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -915,7 +915,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -973,7 +973,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1033,7 +1033,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1088,7 +1088,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1146,7 +1146,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1202,7 +1202,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1256,7 +1256,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1309,7 +1309,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json index 23436a2de5fc..e5216fc5d214 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-sites-test.json.log-expected.json @@ -33,7 +33,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -90,7 +90,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -149,7 +149,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -202,7 +202,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -256,7 +256,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json index 0d31e53291c6..4e38f316c2df 100644 --- a/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/admin/test/admin-user-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -89,7 +89,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -148,7 +148,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -206,7 +206,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -263,7 +263,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -320,7 +320,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -377,7 +377,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -434,7 +434,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -492,7 +492,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -550,7 +550,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -607,7 +607,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -662,7 +662,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -720,7 +720,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -780,7 +780,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -839,7 +839,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -898,7 +898,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -957,7 +957,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1016,7 +1016,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1075,7 +1075,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1134,7 +1134,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1193,7 +1193,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1252,7 +1252,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1311,7 +1311,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1368,7 +1368,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1425,7 +1425,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1484,7 +1484,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1543,7 +1543,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1608,7 +1608,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1667,7 +1667,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1725,7 +1725,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1783,7 +1783,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1841,7 +1841,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1899,7 +1899,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1958,7 +1958,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2016,7 +2016,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2075,7 +2075,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2133,7 +2133,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2191,7 +2191,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2249,7 +2249,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2307,7 +2307,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2364,7 +2364,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2423,7 +2423,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2477,7 +2477,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2531,7 +2531,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2588,7 +2588,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2645,7 +2645,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2708,7 +2708,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2766,7 +2766,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2823,7 +2823,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2880,7 +2880,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2937,7 +2937,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2995,7 +2995,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3053,7 +3053,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3110,7 +3110,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3167,7 +3167,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3224,7 +3224,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3281,7 +3281,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3339,7 +3339,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3396,7 +3396,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3453,7 +3453,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3510,7 +3510,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3567,7 +3567,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3621,7 +3621,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3677,7 +3677,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3735,7 +3735,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3793,7 +3793,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3850,7 +3850,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3907,7 +3907,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3964,7 +3964,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4021,7 +4021,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4078,7 +4078,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4135,7 +4135,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4191,7 +4191,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4245,7 +4245,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json index 2cf11698199b..55695b719170 100644 --- a/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/drive/test/drive-test.json.log-expected.json @@ -43,7 +43,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -108,7 +108,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -173,7 +173,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -238,7 +238,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -303,7 +303,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -366,7 +366,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -429,7 +429,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -492,7 +492,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -555,7 +555,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -618,7 +618,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -685,7 +685,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -748,7 +748,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -811,7 +811,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -876,7 +876,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -941,7 +941,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1004,7 +1004,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1067,7 +1067,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1130,7 +1130,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1193,7 +1193,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1256,7 +1256,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1320,7 +1320,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1389,7 +1389,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1459,7 +1459,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1529,7 +1529,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1599,7 +1599,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1669,7 +1669,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1734,7 +1734,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1805,7 +1805,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json index 5faa1d30d539..99c719b54107 100644 --- a/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/groups/test/groups-test.json.log-expected.json @@ -41,7 +41,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -97,7 +97,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -155,7 +155,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -216,7 +216,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -272,7 +272,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -331,7 +331,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -386,7 +386,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -441,7 +441,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -500,7 +500,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -558,7 +558,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -617,7 +617,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -675,7 +675,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -734,7 +734,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -793,7 +793,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -852,7 +852,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -911,7 +911,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -970,7 +970,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1029,7 +1029,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1093,7 +1093,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1157,7 +1157,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1220,7 +1220,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1283,7 +1283,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1346,7 +1346,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1409,7 +1409,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1472,7 +1472,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json index a4e0f4800403..f05c69996c11 100644 --- a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -143,7 +143,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -199,7 +199,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -255,7 +255,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -311,7 +311,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -367,7 +367,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -424,7 +424,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -478,7 +478,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -534,7 +534,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -588,7 +588,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -643,7 +643,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -696,7 +696,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -752,7 +752,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json index d6f84e5c64fc..0f9a026b065f 100644 --- a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json @@ -37,7 +37,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -94,7 +94,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json index cce07c42cf24..2ca781876f4d 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/user_accounts/test/user_accounts-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -82,7 +82,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -134,7 +134,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -186,7 +186,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -238,7 +238,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -290,7 +290,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -342,7 +342,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -394,7 +394,7 @@ ], "service.type": "google_workspace", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json index 835566739674..d42b3e87f7b4 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-application-test.json.log-expected.json @@ -38,7 +38,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -97,7 +97,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -156,7 +156,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -213,7 +213,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -266,7 +266,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -318,7 +318,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -370,7 +370,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -423,7 +423,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -475,7 +475,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json index 10e0ec1aac41..6fc793a794d6 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-calendar-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -82,7 +82,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -137,7 +137,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -189,7 +189,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -241,7 +241,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -293,7 +293,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -345,7 +345,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -401,7 +401,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -454,7 +454,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -509,7 +509,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -568,7 +568,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -620,7 +620,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -675,7 +675,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json index 5fde8049c7c5..6de9247b3670 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chat-test.json.log-expected.json @@ -29,7 +29,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -80,7 +80,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -132,7 +132,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -191,7 +191,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json index 4627a127b8f8..ccf44fab0422 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-chromeos-test.json.log-expected.json @@ -38,7 +38,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -92,7 +92,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -152,7 +152,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -204,7 +204,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -255,7 +255,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -310,7 +310,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -364,7 +364,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -419,7 +419,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -470,7 +470,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -521,7 +521,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -574,7 +574,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -625,7 +625,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -676,7 +676,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -729,7 +729,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -784,7 +784,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -839,7 +839,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -895,7 +895,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -949,7 +949,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1000,7 +1000,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1052,7 +1052,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1108,7 +1108,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json index 825e497e5a0f..bfbe0a696d9e 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-contacts-test.json.log-expected.json @@ -34,7 +34,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json index 01b558fdf49f..a1318098cf2a 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-delegatedadmin-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -139,7 +139,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -192,7 +192,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -245,7 +245,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -297,7 +297,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -349,7 +349,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -403,7 +403,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json index da5410ee7d39..e3904186e8c8 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-docs-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -90,7 +90,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -152,7 +152,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json index 05143097e3d0..74c77cf375a8 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-domain-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -83,7 +83,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -135,7 +135,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -188,7 +188,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -239,7 +239,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -290,7 +290,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -341,7 +341,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -394,7 +394,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -446,7 +446,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -499,7 +499,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -551,7 +551,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -603,7 +603,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -655,7 +655,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -707,7 +707,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -760,7 +760,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -813,7 +813,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -866,7 +866,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -920,7 +920,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -976,7 +976,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1028,7 +1028,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1081,7 +1081,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1133,7 +1133,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1185,7 +1185,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1239,7 +1239,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1294,7 +1294,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1347,7 +1347,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1401,7 +1401,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1454,7 +1454,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1505,7 +1505,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1558,7 +1558,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1609,7 +1609,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1662,7 +1662,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1716,7 +1716,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1769,7 +1769,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1820,7 +1820,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1871,7 +1871,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1924,7 +1924,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1977,7 +1977,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2029,7 +2029,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2081,7 +2081,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2134,7 +2134,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2185,7 +2185,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2236,7 +2236,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2289,7 +2289,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2342,7 +2342,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2395,7 +2395,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2448,7 +2448,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2501,7 +2501,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2551,7 +2551,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2604,7 +2604,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2657,7 +2657,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2710,7 +2710,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2762,7 +2762,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2813,7 +2813,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2866,7 +2866,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2922,7 +2922,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2975,7 +2975,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3026,7 +3026,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3077,7 +3077,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3130,7 +3130,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3183,7 +3183,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3238,7 +3238,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3291,7 +3291,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3344,7 +3344,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3397,7 +3397,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3451,7 +3451,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3503,7 +3503,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3555,7 +3555,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3608,7 +3608,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3660,7 +3660,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3711,7 +3711,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3762,7 +3762,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3813,7 +3813,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3864,7 +3864,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3916,7 +3916,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3969,7 +3969,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4021,7 +4021,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4073,7 +4073,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4125,7 +4125,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4177,7 +4177,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4229,7 +4229,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4282,7 +4282,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4334,7 +4334,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4384,7 +4384,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4435,7 +4435,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json index ab2ea5b15fa0..cf97a48c695f 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-gmail-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -142,7 +142,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -204,7 +204,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -259,7 +259,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -314,7 +314,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -369,7 +369,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -421,7 +421,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -473,7 +473,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json index b8d461675313..049dc6562086 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-groups-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -86,7 +86,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -140,7 +140,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -191,7 +191,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -247,7 +247,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -308,7 +308,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -371,7 +371,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -434,7 +434,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -497,7 +497,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -555,7 +555,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -606,7 +606,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -661,7 +661,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -718,7 +718,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -774,7 +774,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json index 2f36dd24262d..647ed081bc76 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-licenses-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -84,7 +84,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -138,7 +138,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -194,7 +194,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -249,7 +249,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -305,7 +305,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -359,7 +359,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -416,7 +416,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json index 7b41064d5a89..a3339bebbd6c 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-mobile-test.json.log-expected.json @@ -35,7 +35,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -95,7 +95,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -151,7 +151,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -202,7 +202,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -254,7 +254,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -306,7 +306,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -358,7 +358,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -410,7 +410,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -467,7 +467,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -519,7 +519,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -573,7 +573,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -631,7 +631,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -685,7 +685,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -740,7 +740,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -798,7 +798,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -856,7 +856,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -914,7 +914,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -973,7 +973,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1025,7 +1025,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1078,7 +1078,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1131,7 +1131,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1184,7 +1184,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1237,7 +1237,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1290,7 +1290,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1340,7 +1340,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1390,7 +1390,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1440,7 +1440,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1490,7 +1490,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1545,7 +1545,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1603,7 +1603,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1661,7 +1661,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json index 854d75f96fdf..4cbba49921b7 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-org-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -85,7 +85,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -138,7 +138,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -193,7 +193,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -244,7 +244,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -295,7 +295,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -346,7 +346,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -397,7 +397,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -448,7 +448,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -501,7 +501,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -552,7 +552,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -603,7 +603,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -654,7 +654,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -706,7 +706,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -758,7 +758,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -809,7 +809,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -866,7 +866,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json index 609025f91377..05135d12fd67 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-security-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -85,7 +85,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -138,7 +138,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -194,7 +194,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -248,7 +248,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -302,7 +302,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -354,7 +354,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -411,7 +411,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -468,7 +468,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -525,7 +525,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -582,7 +582,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -638,7 +638,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -689,7 +689,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -741,7 +741,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -796,7 +796,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -847,7 +847,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -898,7 +898,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -955,7 +955,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1014,7 +1014,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1068,7 +1068,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1125,7 +1125,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1180,7 +1180,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1233,7 +1233,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1285,7 +1285,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json index 6d7d3e377145..6610c24b1bda 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-sites-test.json.log-expected.json @@ -32,7 +32,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -88,7 +88,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -146,7 +146,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -198,7 +198,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -251,7 +251,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json index 832cbfc26b72..85e31a5f5ffd 100644 --- a/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/admin/test/gsuite-admin-user-test.json.log-expected.json @@ -31,7 +31,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -87,7 +87,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -145,7 +145,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -202,7 +202,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -258,7 +258,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -314,7 +314,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -370,7 +370,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -426,7 +426,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -483,7 +483,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -540,7 +540,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -596,7 +596,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -650,7 +650,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -707,7 +707,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -766,7 +766,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -824,7 +824,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -882,7 +882,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -940,7 +940,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -998,7 +998,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1056,7 +1056,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1114,7 +1114,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1172,7 +1172,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1230,7 +1230,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1288,7 +1288,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1344,7 +1344,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1400,7 +1400,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1458,7 +1458,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1516,7 +1516,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1580,7 +1580,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1638,7 +1638,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1695,7 +1695,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1752,7 +1752,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1809,7 +1809,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1866,7 +1866,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1924,7 +1924,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1981,7 +1981,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2039,7 +2039,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2096,7 +2096,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2153,7 +2153,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2210,7 +2210,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2267,7 +2267,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2323,7 +2323,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2381,7 +2381,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2434,7 +2434,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2487,7 +2487,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2543,7 +2543,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2599,7 +2599,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2661,7 +2661,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2718,7 +2718,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2774,7 +2774,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2830,7 +2830,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2886,7 +2886,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -2943,7 +2943,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3000,7 +3000,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3056,7 +3056,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3112,7 +3112,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3168,7 +3168,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3224,7 +3224,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3281,7 +3281,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3337,7 +3337,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3393,7 +3393,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3449,7 +3449,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3505,7 +3505,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3558,7 +3558,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3613,7 +3613,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3670,7 +3670,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3727,7 +3727,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3783,7 +3783,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3839,7 +3839,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3895,7 +3895,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -3951,7 +3951,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4007,7 +4007,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4063,7 +4063,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4118,7 +4118,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4171,7 +4171,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json index 07868860ee6e..6eb6a9ca31ec 100644 --- a/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/drive/test/gsuite-drive-test.json.log-expected.json @@ -42,7 +42,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -106,7 +106,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -170,7 +170,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -234,7 +234,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -298,7 +298,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -360,7 +360,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -422,7 +422,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -484,7 +484,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -546,7 +546,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -608,7 +608,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -674,7 +674,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -736,7 +736,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -798,7 +798,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -862,7 +862,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -926,7 +926,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -988,7 +988,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1050,7 +1050,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1112,7 +1112,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1174,7 +1174,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1236,7 +1236,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1299,7 +1299,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1367,7 +1367,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1436,7 +1436,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1505,7 +1505,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1574,7 +1574,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1643,7 +1643,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1707,7 +1707,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1777,7 +1777,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json index 2e43310ea93f..e53e784b7692 100644 --- a/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/groups/test/gsuite-groups-test.json.log-expected.json @@ -40,7 +40,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -95,7 +95,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -152,7 +152,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -212,7 +212,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -267,7 +267,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -325,7 +325,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -379,7 +379,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -433,7 +433,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -491,7 +491,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -548,7 +548,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -606,7 +606,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -663,7 +663,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -721,7 +721,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -779,7 +779,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -837,7 +837,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -895,7 +895,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -953,7 +953,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1011,7 +1011,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1074,7 +1074,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1137,7 +1137,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1199,7 +1199,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1261,7 +1261,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1323,7 +1323,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1385,7 +1385,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1447,7 +1447,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json index 9bc77dc7d039..33fae15eb56e 100644 --- a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json @@ -30,7 +30,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -82,7 +82,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -134,7 +134,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -186,7 +186,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -238,7 +238,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -290,7 +290,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -342,7 +342,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -395,7 +395,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -445,7 +445,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -500,7 +500,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -553,7 +553,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -607,7 +607,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -659,7 +659,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -714,7 +714,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json index 7763ca178817..61ab924d1100 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json @@ -36,7 +36,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -92,7 +92,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json index 5943488f3241..1bdf1661a7d7 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/user_accounts/test/gsuite-user_accounts-test.json.log-expected.json @@ -29,7 +29,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -80,7 +80,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -131,7 +131,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -182,7 +182,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -233,7 +233,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -284,7 +284,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -335,7 +335,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -386,7 +386,7 @@ ], "service.type": "gsuite", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.geo.city_name": "State College", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json index 14061516c323..f5b1c6bf0333 100644 --- a/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json +++ b/x-pack/filebeat/module/iptables/log/test/geo.log-expected.json @@ -54,11 +54,14 @@ "service.type": "iptables", "source.as.number": 13041, "source.as.organization.name": "Consorci de Serveis Universitaris de Catalunya", + "source.geo.city_name": "Sant Cugat del Vall\u00e8s", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.4172, - "source.geo.location.lon": -3.684, + "source.geo.location.lat": 41.4656, + "source.geo.location.lon": 2.0794, + "source.geo.region_iso_code": "ES-B", + "source.geo.region_name": "Barcelona", "source.ip": "158.109.0.1", "source.mac": "90:10:65:29:b6:2a", "source.port": 38842, diff --git a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json index 9227f428e4a1..d36ca3467065 100644 --- a/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/atp.log-expected.json @@ -5,14 +5,14 @@ "client.port": 57116, "destination.as.number": 28126, "destination.as.organization.name": "BRISANET SERVICOS DE TELECOMUNICACOES LTDA", - "destination.geo.city_name": "Juazeiro do Norte", + "destination.geo.city_name": "Doutor Severiano", "destination.geo.continent_name": "South America", "destination.geo.country_iso_code": "BR", "destination.geo.country_name": "Brazil", - "destination.geo.location.lat": -7.1467, - "destination.geo.location.lon": -39.247, - "destination.geo.region_iso_code": "BR-CE", - "destination.geo.region_name": "Ceara", + "destination.geo.location.lat": -6.0934, + "destination.geo.location.lon": -38.3746, + "destination.geo.region_iso_code": "BR-RN", + "destination.geo.region_name": "Rio Grande do Norte", "destination.ip": "187.19.188.200", "destination.port": 80, "event.action": "malware_detected", @@ -229,7 +229,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 13335, - "source.as.organization.name": "Cloudflare, Inc.", + "source.as.organization.name": "CLOUDFLARENET", "source.domain": "dummy_host", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "AU", diff --git a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json index 622200c634ae..ee3a7fe8609e 100644 --- a/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/flow.log-expected.json @@ -169,14 +169,11 @@ "server.ip": "5.6.7.8", "server.port": 2003, "service.type": "juniper", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "source.port": 56639, "tags": [ @@ -254,14 +251,11 @@ "server.port": 902, "service.type": "juniper", "source.bytes": 94, - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "source.nat.ip": "1.2.3.4", "source.nat.port": 63456, @@ -493,7 +487,7 @@ "client.packets": 6, "client.port": 47776, "destination.as.number": 14627, - "destination.as.organization.name": "Vitalwerks Internet Solutions, LLC", + "destination.as.organization.name": "NOIP-VITAL", "destination.bytes": 535, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -655,14 +649,12 @@ "client.nat.port": 11152, "client.packets": 1, "client.port": 52890, - "destination.as.number": 10201, - "destination.as.organization.name": "Dishnet Wireless Limited. Broadband Wireless", "destination.bytes": 136, "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IN", "destination.geo.country_name": "India", - "destination.geo.location.lat": 20.0, - "destination.geo.location.lon": 77.0, + "destination.geo.location.lat": 20.0063, + "destination.geo.location.lon": 77.006, "destination.ip": "58.68.126.198", "destination.nat.ip": "58.68.126.198", "destination.nat.port": 53, @@ -720,17 +712,17 @@ "server.packets": 1, "server.port": 53, "service.type": "juniper", - "source.as.number": 3786, - "source.as.organization.name": "LG DACOM Corporation", + "source.as.number": 17858, + "source.as.organization.name": "LG POWERCOMM", "source.bytes": 72, - "source.geo.city_name": "Seogwipo", + "source.geo.city_name": "Hanam", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "KR", "source.geo.country_name": "South Korea", - "source.geo.location.lat": 33.2486, - "source.geo.location.lon": 126.5628, - "source.geo.region_iso_code": "KR-49", - "source.geo.region_name": "Jeju-do", + "source.geo.location.lat": 37.5359, + "source.geo.location.lon": 127.2078, + "source.geo.region_iso_code": "KR-41", + "source.geo.region_name": "Gyeonggi-do", "source.ip": "100.73.10.92", "source.nat.ip": "58.78.140.131", "source.nat.port": 11152, @@ -749,7 +741,7 @@ "client.packets": 1, "client.port": 62047, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 116, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -907,8 +899,8 @@ "client.ip": "192.168.224.30", "client.nat.port": 14406, "client.port": 3129, - "destination.as.number": 701, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.number": 14203, + "destination.as.organization.name": "JUNIPER-NETWORKS", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -961,13 +953,13 @@ "server.port": 21, "service.type": "juniper", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", - "source.geo.city_name": "Plymouth", + "source.as.organization.name": "COMCAST-7922", + "source.geo.city_name": "Sterling Heights", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 42.3695, - "source.geo.location.lon": -83.4769, + "source.geo.location.lat": 42.558, + "source.geo.location.lon": -82.998, "source.geo.region_iso_code": "US-MI", "source.geo.region_name": "Michigan", "source.ip": "192.168.224.30", @@ -986,8 +978,8 @@ "client.nat.port": 14406, "client.packets": 1, "client.port": 3129, - "destination.as.number": 701, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.number": 14203, + "destination.as.organization.name": "JUNIPER-NETWORKS", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1049,14 +1041,14 @@ "server.port": 21, "service.type": "juniper", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.bytes": 48, - "source.geo.city_name": "Plymouth", + "source.geo.city_name": "Sterling Heights", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 42.3695, - "source.geo.location.lon": -83.4769, + "source.geo.location.lat": 42.558, + "source.geo.location.lon": -82.998, "source.geo.region_iso_code": "US-MI", "source.geo.region_name": "Michigan", "source.ip": "192.168.224.30", @@ -1076,8 +1068,8 @@ "client.nat.port": 14406, "client.packets": 3, "client.port": 3129, - "destination.as.number": 701, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.number": 14203, + "destination.as.organization.name": "JUNIPER-NETWORKS", "destination.bytes": 104, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1141,14 +1133,14 @@ "server.port": 21, "service.type": "juniper", "source.as.number": 7922, - "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.as.organization.name": "COMCAST-7922", "source.bytes": 144, - "source.geo.city_name": "Plymouth", + "source.geo.city_name": "Sterling Heights", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 42.3695, - "source.geo.location.lon": -83.4769, + "source.geo.location.lat": 42.558, + "source.geo.location.lon": -82.998, "source.geo.region_iso_code": "US-MI", "source.geo.region_name": "Michigan", "source.ip": "192.168.224.30", @@ -1238,7 +1230,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 3356, - "source.as.organization.name": "Level 3 Parent, LLC", + "source.as.organization.name": "LEVEL3", "source.bytes": 19592, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1325,7 +1317,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 3356, - "source.as.organization.name": "Level 3 Parent, LLC", + "source.as.organization.name": "LEVEL3", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -1417,7 +1409,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 3356, - "source.as.organization.name": "Level 3 Parent, LLC", + "source.as.organization.name": "LEVEL3", "source.bytes": 392, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1636,7 +1628,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 3356, - "source.as.organization.name": "Level 3 Parent, LLC", + "source.as.organization.name": "LEVEL3", "source.bytes": 392, "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -1664,14 +1656,14 @@ "destination.as.number": 42652, "destination.as.organization.name": "inexio Informationstechnologie und Telekommunikation Gmbh", "destination.bytes": 2132, - "destination.geo.city_name": "Philippsburg", + "destination.geo.city_name": "Blieskastel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 49.2317, - "destination.geo.location.lon": 8.4607, - "destination.geo.region_iso_code": "DE-BW", - "destination.geo.region_name": "Baden-W\u00fcrttemberg", + "destination.geo.location.lat": 49.2363, + "destination.geo.location.lon": 7.2621, + "destination.geo.region_iso_code": "DE-SL", + "destination.geo.region_name": "Saarland", "destination.ip": "46.165.154.241", "destination.nat.ip": "46.165.154.241", "destination.nat.port": 80, @@ -1753,8 +1745,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", "destination.geo.country_name": "Slovakia", - "destination.geo.location.lat": 48.15, - "destination.geo.location.lon": 17.1078, + "destination.geo.location.lat": 48.1833, + "destination.geo.location.lon": 17.0379, "destination.geo.region_iso_code": "SK-BL", "destination.geo.region_name": "Bratislava", "destination.ip": "91.228.167.172", @@ -1840,7 +1832,7 @@ "client.nat.port": 30838, "client.port": 49583, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1914,7 +1906,7 @@ "client.packets": 1, "client.port": 63381, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 82, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/juniper/srx/test/ids.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/ids.log-expected.json index e92c17e6a4c0..37c983445c47 100644 --- a/x-pack/filebeat/module/juniper/srx/test/ids.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/ids.log-expected.json @@ -4,7 +4,7 @@ "client.ip": "113.113.17.17", "client.port": 6000, "destination.as.number": 4249, - "destination.as.organization.name": "Eli Lilly and Company", + "destination.as.organization.name": "LILLY-AS", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -51,14 +51,12 @@ "server.port": 1433, "service.type": "juniper", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "113.113.17.17", "source.port": 6000, "tags": [ @@ -169,7 +167,7 @@ "server.port": 50010, "service.type": "juniper", "source.as.number": 13335, - "source.as.organization.name": "Cloudflare, Inc.", + "source.as.organization.name": "CLOUDFLARENET", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "AU", "source.geo.country_name": "Australia", @@ -186,14 +184,14 @@ "@timestamp": "2018-07-19T21:22:02.309-02:00", "client.ip": "111.1.1.3", "client.port": 40001, - "destination.geo.city_name": "Seattle", + "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", "destination.ip": "3.4.2.2", "destination.port": 53, "event.action": "flood_detected", @@ -240,8 +238,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 27.9983, - "source.geo.location.lon": 120.6666, + "source.geo.location.lat": 27.996, + "source.geo.location.lon": 120.6664, "source.geo.region_iso_code": "CN-ZJ", "source.geo.region_name": "Zhejiang", "source.ip": "111.1.1.3", @@ -254,14 +252,14 @@ { "@timestamp": "2018-07-19T21:25:02.309-02:00", "client.ip": "111.1.1.3", - "destination.geo.city_name": "Seattle", + "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", "destination.ip": "3.4.2.2", "event.action": "fragment_detected", "event.category": [ @@ -306,8 +304,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 27.9983, - "source.geo.location.lon": 120.6666, + "source.geo.location.lat": 27.996, + "source.geo.location.lon": 120.6664, "source.geo.region_iso_code": "CN-ZJ", "source.geo.region_name": "Zhejiang", "source.ip": "111.1.1.3", @@ -319,14 +317,14 @@ { "@timestamp": "2018-07-19T21:26:02.309-02:00", "client.ip": "111.1.1.3", - "destination.geo.city_name": "Seattle", + "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 39.0481, + "destination.geo.location.lon": -77.4728, + "destination.geo.region_iso_code": "US-VA", + "destination.geo.region_name": "Virginia", "destination.ip": "3.4.2.2", "event.category": [ "network", @@ -371,8 +369,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 27.9983, - "source.geo.location.lon": 120.6666, + "source.geo.location.lat": 27.996, + "source.geo.location.lon": 120.6664, "source.geo.region_iso_code": "CN-ZJ", "source.geo.region_name": "Zhejiang", "source.ip": "111.1.1.3", @@ -432,6 +430,8 @@ { "@timestamp": "2018-07-19T21:28:02.309-02:00", "client.ip": "12.12.12.1", + "destination.as.number": 8003, + "destination.as.organization.name": "GRS-DOD", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -477,7 +477,7 @@ "server.ip": "11.11.11.1", "service.type": "juniper", "source.as.number": 32328, - "source.as.organization.name": "Alascom, Inc.", + "source.as.organization.name": "ALASCOM-IP-MANAGED-NETWORK", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -584,8 +584,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 27.9983, - "source.geo.location.lon": 120.6666, + "source.geo.location.lat": 27.996, + "source.geo.location.lon": 120.6664, "source.geo.region_iso_code": "CN-ZJ", "source.geo.region_name": "Zhejiang", "source.ip": "111.1.1.3", diff --git a/x-pack/filebeat/module/juniper/srx/test/secintel.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/secintel.log-expected.json index 9385beef0b08..f597d674b6fa 100644 --- a/x-pack/filebeat/module/juniper/srx/test/secintel.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/secintel.log-expected.json @@ -123,7 +123,7 @@ "server.port": 80, "service.type": "juniper", "source.as.number": 13335, - "source.as.organization.name": "Cloudflare, Inc.", + "source.as.organization.name": "CLOUDFLARENET", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "AU", "source.geo.country_name": "Australia", diff --git a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json index 1da203ed4510..8cdb07753759 100644 --- a/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json +++ b/x-pack/filebeat/module/juniper/srx/test/utm.log-expected.json @@ -8,8 +8,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "HK", "destination.geo.country_name": "Hong Kong", - "destination.geo.location.lat": 22.25, - "destination.geo.location.lon": 114.1667, + "destination.geo.location.lat": 22.2578, + "destination.geo.location.lon": 114.1657, "destination.ip": "103.235.46.39", "destination.port": 80, "event.action": "web_filter", @@ -70,7 +70,7 @@ "client.ip": "10.10.10.50", "client.port": 1402, "destination.as.number": 6461, - "destination.as.organization.name": "Zayo Bandwidth", + "destination.as.organization.name": "ZAYO-6461", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -230,7 +230,7 @@ "server.port": 33578, "service.type": "juniper", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -404,8 +404,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "HK", "destination.geo.country_name": "Hong Kong", - "destination.geo.location.lat": 22.25, - "destination.geo.location.lon": 114.1667, + "destination.geo.location.lat": 22.2578, + "destination.geo.location.lon": 114.1657, "destination.ip": "103.235.46.39", "destination.port": 80, "event.action": "web_filter", @@ -528,7 +528,7 @@ "client.ip": "10.1.1.100", "client.port": 58974, "destination.as.number": 13335, - "destination.as.organization.name": "Cloudflare, Inc.", + "destination.as.organization.name": "CLOUDFLARENET", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -697,12 +697,15 @@ "server.port": 58954, "service.type": "juniper", "source.as.number": 16625, - "source.as.organization.name": "Akamai Technologies, Inc.", + "source.as.organization.name": "AKAMAI-AS", + "source.geo.city_name": "Slough", "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "NL", - "source.geo.country_name": "Netherlands", - "source.geo.location.lat": 52.3824, - "source.geo.location.lon": 4.8995, + "source.geo.country_iso_code": "GB", + "source.geo.country_name": "United Kingdom", + "source.geo.location.lat": 51.4991, + "source.geo.location.lon": -0.5545, + "source.geo.region_iso_code": "GB-SLG", + "source.geo.region_name": "Slough", "source.ip": "23.209.86.45", "source.port": 80, "tags": [ diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json index 5c77c57a26be..a08731300a1e 100644 --- a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json @@ -45,12 +45,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -62,7 +62,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -116,12 +115,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -133,7 +132,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -187,12 +185,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -204,7 +202,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -258,12 +255,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -275,7 +272,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json index dc9605ee5a7f..f049117cfd96 100644 --- a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json @@ -52,12 +52,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -70,7 +70,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -131,12 +130,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -149,7 +148,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -210,12 +208,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -228,7 +226,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -289,12 +286,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -307,7 +304,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -369,12 +365,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -387,7 +383,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -448,12 +443,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -466,7 +461,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -527,12 +521,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -545,7 +539,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -607,12 +600,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -625,7 +618,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -686,12 +678,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -704,7 +696,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -765,12 +756,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -783,7 +774,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -844,12 +834,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -862,7 +852,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json b/x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json index 826e8fbd857a..b6f6894f219e 100644 --- a/x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/08-azuread-users.log-expected.json @@ -428,13 +428,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", "source.geo.country_name": "Ireland", - "source.geo.location.lat": 53.3338, - "source.geo.location.lon": -6.2488, + "source.geo.location.lat": 53.3382, + "source.geo.location.lon": -6.2591, "source.geo.region_iso_code": "IE-L", "source.geo.region_name": "Leinster", "source.ip": "20.190.129.100", @@ -737,13 +737,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Dublin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "IE", "source.geo.country_name": "Ireland", - "source.geo.location.lat": 53.3338, - "source.geo.location.lon": -6.2488, + "source.geo.location.lat": 53.3382, + "source.geo.location.lon": -6.2591, "source.geo.region_iso_code": "IE-L", "source.geo.region_name": "Leinster", "source.ip": "20.190.129.100", @@ -868,7 +868,7 @@ ], "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Paris", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", @@ -995,7 +995,7 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Paris", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "FR", diff --git a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json index a81af5396ccb..dcbb122fff8e 100644 --- a/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/08-azuread.log-expected.json @@ -133,8 +133,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -280,8 +280,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -427,8 +427,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -583,8 +583,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -739,8 +739,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -902,8 +902,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1065,8 +1065,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1228,8 +1228,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1391,8 +1391,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1554,8 +1554,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1717,8 +1717,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1880,8 +1880,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2043,8 +2043,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2206,8 +2206,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2369,8 +2369,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2532,8 +2532,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2695,8 +2695,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2858,8 +2858,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3005,8 +3005,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3152,8 +3152,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3308,8 +3308,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3455,8 +3455,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3602,8 +3602,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3749,8 +3749,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3905,8 +3905,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4068,8 +4068,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4231,8 +4231,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4394,8 +4394,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4557,8 +4557,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4720,8 +4720,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4883,8 +4883,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5046,8 +5046,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5209,8 +5209,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5373,8 +5373,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5537,8 +5537,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5842,8 +5842,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6005,8 +6005,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6168,8 +6168,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6331,8 +6331,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6494,8 +6494,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6657,8 +6657,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6820,8 +6820,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6983,8 +6983,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7146,8 +7146,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7309,8 +7309,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7472,8 +7472,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7635,8 +7635,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7798,8 +7798,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -7961,8 +7961,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8124,8 +8124,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8288,8 +8288,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8452,8 +8452,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8615,8 +8615,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8778,8 +8778,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -8941,8 +8941,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9104,8 +9104,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9267,8 +9267,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9430,8 +9430,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9593,8 +9593,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9756,8 +9756,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -9919,8 +9919,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10072,8 +10072,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10225,8 +10225,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10378,8 +10378,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10531,8 +10531,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10686,8 +10686,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -10852,8 +10852,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11018,8 +11018,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11184,8 +11184,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11350,8 +11350,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11493,8 +11493,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11640,8 +11640,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11787,8 +11787,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -11943,8 +11943,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12099,8 +12099,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12255,8 +12255,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12402,8 +12402,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12549,8 +12549,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12696,8 +12696,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -12852,8 +12852,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13008,8 +13008,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13164,8 +13164,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13327,8 +13327,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13490,8 +13490,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13653,8 +13653,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13816,8 +13816,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -13979,8 +13979,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14142,8 +14142,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14305,8 +14305,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14468,8 +14468,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14631,8 +14631,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14794,8 +14794,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -14957,8 +14957,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15121,8 +15121,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15285,8 +15285,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15449,8 +15449,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15610,8 +15610,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15771,8 +15771,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -15932,8 +15932,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json index 7aa2f3533967..826a86380854 100644 --- a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json @@ -48,7 +48,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -101,7 +100,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -154,7 +152,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -207,7 +204,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -260,7 +256,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -316,8 +311,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -329,7 +324,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -393,8 +387,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -406,7 +400,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -471,8 +464,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -484,7 +477,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -549,8 +541,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -562,7 +554,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -627,8 +618,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -640,7 +631,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json index 4cef7b83abbf..22c3c37cabf8 100644 --- a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json @@ -78,8 +78,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -91,7 +91,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -178,8 +177,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -191,7 +190,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -278,8 +276,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -291,7 +289,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -378,8 +375,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -391,7 +388,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -478,8 +474,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -491,7 +487,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -574,12 +569,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -591,7 +586,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -674,12 +668,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -691,7 +685,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -774,12 +767,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -791,7 +784,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -878,8 +870,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -891,7 +883,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -974,12 +965,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -991,7 +982,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1078,8 +1068,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -1091,7 +1081,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1178,8 +1167,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1191,7 +1180,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1278,8 +1266,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1291,7 +1279,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1374,12 +1361,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -1391,7 +1378,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1472,13 +1458,16 @@ "related.ip": "37.29.234.179", "related.user": "asr", "service.type": "o365", - "source.as.number": 16299, - "source.as.organization.name": "XFERA Moviles S.A.", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.4172, - "source.geo.location.lon": -3.684, + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "37.29.234.179", "tags": [ "forwarded" @@ -1488,7 +1477,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1575,8 +1563,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1588,7 +1576,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1675,8 +1662,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -1688,7 +1675,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1769,13 +1755,16 @@ "related.ip": "37.29.234.179", "related.user": "asr", "service.type": "o365", - "source.as.number": 16299, - "source.as.organization.name": "XFERA Moviles S.A.", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.4172, - "source.geo.location.lon": -3.684, + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "37.29.234.179", "tags": [ "forwarded" @@ -1785,7 +1774,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1872,8 +1860,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1885,7 +1873,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1972,8 +1959,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -1985,7 +1972,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2072,8 +2058,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -2085,7 +2071,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2168,12 +2153,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -2185,7 +2170,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2272,8 +2256,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -2285,7 +2269,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2372,8 +2355,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2385,7 +2368,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2468,12 +2450,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -2485,7 +2467,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2572,8 +2553,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -2585,7 +2566,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2672,8 +2652,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -2685,7 +2665,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2772,8 +2751,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -2785,7 +2764,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2872,8 +2850,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -2885,7 +2863,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2967,12 +2944,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -2984,7 +2961,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3068,12 +3044,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -3085,7 +3061,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3161,8 +3136,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -3171,7 +3146,6 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3254,12 +3228,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -3271,7 +3245,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3347,8 +3320,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3357,7 +3330,6 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3445,8 +3417,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3458,7 +3430,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3534,8 +3505,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3544,7 +3515,6 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3632,8 +3602,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3645,7 +3615,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3732,8 +3701,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3745,7 +3714,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3832,8 +3800,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -3845,7 +3813,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3921,8 +3888,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -3931,7 +3898,6 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4019,8 +3985,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -4032,7 +3998,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4113,13 +4078,16 @@ "related.ip": "37.29.234.179", "related.user": "asr", "service.type": "o365", - "source.as.number": 16299, - "source.as.organization.name": "XFERA Moviles S.A.", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.4172, - "source.geo.location.lon": -3.684, + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "37.29.234.179", "tags": [ "forwarded" @@ -4129,7 +4097,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4216,8 +4183,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -4229,7 +4196,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4312,12 +4278,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -4329,7 +4295,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4405,8 +4370,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4415,7 +4380,6 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4502,8 +4466,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -4515,7 +4479,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4602,8 +4565,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4615,7 +4578,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4702,8 +4664,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -4715,7 +4677,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4798,12 +4759,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -4815,7 +4776,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4902,8 +4862,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -4915,7 +4875,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5002,8 +4961,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -5015,7 +4974,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5102,8 +5060,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5115,7 +5073,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5202,8 +5159,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5215,7 +5172,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5302,8 +5258,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5315,7 +5271,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5402,8 +5357,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5415,7 +5370,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5502,8 +5456,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5515,7 +5469,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5602,8 +5555,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -5615,7 +5568,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5702,8 +5654,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -5715,7 +5667,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5796,13 +5747,16 @@ "related.ip": "37.29.234.179", "related.user": "asr", "service.type": "o365", - "source.as.number": 16299, - "source.as.organization.name": "XFERA Moviles S.A.", + "source.as.number": 15704, + "source.as.organization.name": "Xtra Telecom S.A.", + "source.geo.city_name": "Madrid", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 40.4172, - "source.geo.location.lon": -3.684, + "source.geo.location.lat": 40.4153, + "source.geo.location.lon": -3.694, + "source.geo.region_iso_code": "ES-M", + "source.geo.region_name": "Madrid", "source.ip": "37.29.234.179", "tags": [ "forwarded" @@ -5812,7 +5766,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5899,8 +5852,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -5912,7 +5865,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5995,12 +5947,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -6012,7 +5964,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6099,8 +6050,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6112,7 +6063,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6199,8 +6149,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6212,7 +6162,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6299,8 +6248,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", @@ -6312,7 +6261,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6395,12 +6343,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -6412,7 +6360,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6495,12 +6442,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -6512,7 +6459,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6599,8 +6545,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6612,7 +6558,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6699,8 +6644,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "83.57.233.151", @@ -6712,7 +6657,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6795,12 +6739,12 @@ "service.type": "o365", "source.as.number": 3352, "source.as.organization.name": "Telefonica De Espana", - "source.geo.city_name": "Barcelona", + "source.geo.city_name": "Sant Esteve Sesrovires", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.4909, + "source.geo.location.lon": 1.8815, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "213.97.47.133", @@ -6812,7 +6756,6 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json index 2ec4eca31f4f..0ae15269af19 100644 --- a/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/22-yammer.log-expected.json @@ -49,8 +49,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.10.151", diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json index 4a7b5761b356..298bb30e4507 100644 --- a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json @@ -161,13 +161,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -179,7 +179,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -237,13 +236,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -256,7 +255,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -309,7 +307,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -362,7 +359,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -415,7 +411,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -468,7 +463,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -521,7 +515,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -570,13 +563,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "20.190.143.50", @@ -588,7 +581,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -641,7 +633,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -694,7 +685,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -754,13 +744,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -772,7 +762,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -825,13 +814,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -843,7 +832,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -903,13 +891,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -921,7 +909,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -981,13 +968,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -999,7 +986,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1059,13 +1045,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -1077,7 +1063,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1137,13 +1122,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -1155,7 +1140,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1215,13 +1199,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -1233,7 +1217,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1293,13 +1276,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -1311,7 +1294,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1477,13 +1459,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -1495,7 +1477,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -1553,13 +1534,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -1572,7 +1553,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -1625,7 +1605,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1678,7 +1657,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1731,7 +1709,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1784,7 +1761,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1837,7 +1813,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1886,13 +1861,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "20.190.143.50", @@ -1904,7 +1879,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1957,7 +1931,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -2010,7 +1983,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -2070,13 +2042,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -2088,7 +2060,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -2141,13 +2112,13 @@ "related.user": "root", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "London", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.5132, - "source.geo.location.lon": -0.0961, + "source.geo.location.lat": 51.5096, + "source.geo.location.lon": -0.0972, "source.geo.region_iso_code": "GB-ENG", "source.geo.region_name": "England", "source.ip": "52.114.88.180", @@ -2159,7 +2130,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -2219,13 +2189,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2237,7 +2207,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2297,13 +2266,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2315,7 +2284,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2375,13 +2343,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2393,7 +2361,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2453,13 +2420,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2471,7 +2438,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2531,13 +2497,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2549,7 +2515,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2609,13 +2574,13 @@ "related.user": "app", "service.type": "o365", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Cardiff", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "GB", "source.geo.country_name": "United Kingdom", - "source.geo.location.lat": 51.4975, - "source.geo.location.lon": -3.2004, + "source.geo.location.lat": 51.521, + "source.geo.location.lon": -3.2037, "source.geo.region_iso_code": "GB-CRF", "source.geo.region_name": "Cardiff", "source.ip": "51.141.50.227", @@ -2627,7 +2592,6 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2705,8 +2669,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -2718,7 +2682,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2800,8 +2763,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -2813,7 +2776,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2895,8 +2857,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -2908,7 +2870,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2990,8 +2951,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -3003,7 +2964,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3283,8 +3243,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -3296,7 +3256,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3380,8 +3339,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -3393,7 +3352,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3475,8 +3433,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 41.3891, - "source.geo.location.lon": 2.1611, + "source.geo.location.lat": 41.387, + "source.geo.location.lon": 2.1701, "source.geo.region_iso_code": "ES-B", "source.geo.region_name": "Barcelona", "source.ip": "79.159.11.115", @@ -3488,7 +3446,6 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index bf6ff1e9006a..3b0092505b70 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -734,7 +734,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 5388af2b9034..73f26f54b8ac 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -6,7 +6,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -106,7 +106,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -207,7 +207,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -308,7 +308,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -409,7 +409,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -510,7 +510,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -611,7 +611,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -711,7 +711,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -811,7 +811,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -911,7 +911,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1012,7 +1012,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1111,7 +1111,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1211,7 +1211,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1312,7 +1312,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1412,7 +1412,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1512,7 +1512,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1709,7 +1709,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1808,7 +1808,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1907,7 +1907,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2007,7 +2007,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2106,7 +2106,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2206,7 +2206,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2300,7 +2300,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2394,7 +2394,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2488,7 +2488,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2582,7 +2582,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2676,7 +2676,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2770,7 +2770,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2864,7 +2864,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2958,7 +2958,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3052,7 +3052,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3146,7 +3146,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3240,13 +3240,16 @@ "client.user.name": "crusher", "destination.address": "69.43.161.167", "destination.as.number": 22489, - "destination.as.organization.name": "Castle Access Inc", + "destination.as.organization.name": "ZCOLO-SAN01", + "destination.geo.city_name": "Murrieta", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.5631, + "destination.geo.location.lon": -117.2738, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "69.43.161.167", "destination.port": 80, "event.action": "url_filtering", @@ -3433,8 +3436,8 @@ "client.port": 59251, "client.user.name": "crusher", "destination.address": "89.111.176.67", - "destination.as.number": 41126, - "destination.as.organization.name": "CJSC Registrar R01", + "destination.as.number": 39494, + "destination.as.organization.name": "Jsc ru-center", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", "destination.geo.country_name": "Russia", @@ -3530,7 +3533,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3630,12 +3633,7 @@ "client.user.name": "crusher", "destination.address": "208.73.210.29", "destination.as.number": 40034, - "destination.as.organization.name": "Confluence Networks Inc", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "CONFLUENCE-NETWORK-INC", "destination.geo.name": "United States", "destination.ip": "208.73.210.29", "destination.port": 80, @@ -3726,12 +3724,7 @@ "client.user.name": "crusher", "destination.address": "208.73.210.29", "destination.as.number": 40034, - "destination.as.organization.name": "Confluence Networks Inc", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "CONFLUENCE-NETWORK-INC", "destination.geo.name": "United States", "destination.ip": "208.73.210.29", "destination.port": 80, @@ -3822,7 +3815,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3921,12 +3914,7 @@ "client.user.name": "crusher", "destination.address": "208.73.210.29", "destination.as.number": 40034, - "destination.as.organization.name": "Confluence Networks Inc", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "CONFLUENCE-NETWORK-INC", "destination.geo.name": "United States", "destination.ip": "208.73.210.29", "destination.port": 80, @@ -4277,7 +4265,7 @@ "service.type": "panw", "source.address": "204.232.231.46", "source.as.number": 27357, - "source.as.organization.name": "Rackspace Hosting", + "source.as.organization.name": "RACKSPACE", "source.geo.city_name": "Fort Lauderdale", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -4301,13 +4289,13 @@ "client.user.name": "crusher", "destination.address": "216.8.179.25", "destination.as.number": 13727, - "destination.as.organization.name": "NEXT DIMENSION INC", - "destination.geo.city_name": "Kitchener", + "destination.as.organization.name": "ND-CA-ASN", + "destination.geo.city_name": "Waterloo", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", "destination.geo.country_name": "Canada", - "destination.geo.location.lat": 43.4419, - "destination.geo.location.lon": -80.4216, + "destination.geo.location.lat": 43.4939, + "destination.geo.location.lon": -80.4933, "destination.geo.name": "Canada", "destination.geo.region_iso_code": "CA-ON", "destination.geo.region_name": "Ontario", @@ -4399,13 +4387,16 @@ "client.user.name": "crusher", "destination.address": "69.43.161.154", "destination.as.number": 22489, - "destination.as.organization.name": "Castle Access Inc", + "destination.as.organization.name": "ZCOLO-SAN01", + "destination.geo.city_name": "Murrieta", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 33.5631, + "destination.geo.location.lon": -117.2738, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "69.43.161.154", "destination.port": 80, "event.action": "url_filtering", @@ -4494,12 +4485,12 @@ "client.user.name": "crusher", "destination.address": "208.91.196.252", "destination.as.number": 40034, - "destination.as.organization.name": "Confluence Networks Inc", + "destination.as.organization.name": "CONFLUENCE-NETWORK-INC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "VG", "destination.geo.country_name": "British Virgin Islands", - "destination.geo.location.lat": 18.5, - "destination.geo.location.lon": -64.5, + "destination.geo.location.lat": 18.4985, + "destination.geo.location.lon": -64.4999, "destination.geo.name": "Virgin Islands British", "destination.ip": "208.91.196.252", "destination.port": 80, @@ -4590,12 +4581,7 @@ "client.user.name": "crusher", "destination.address": "208.73.210.29", "destination.as.number": 40034, - "destination.as.organization.name": "Confluence Networks Inc", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "CONFLUENCE-NETWORK-INC", "destination.geo.name": "United States", "destination.ip": "208.73.210.29", "destination.port": 80, @@ -4685,7 +4671,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4783,7 +4769,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4882,7 +4868,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4981,7 +4967,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5080,7 +5066,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5249,16 +5235,13 @@ "service.type": "panw", "source.address": "173.236.179.57", "source.as.number": 26347, - "source.as.organization.name": "New Dream Network, LLC", - "source.geo.city_name": "Brea", + "source.as.organization.name": "DREAMHOST-AS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 33.9339, - "source.geo.location.lon": -117.8854, + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.geo.name": "United States", - "source.geo.region_iso_code": "US-CA", - "source.geo.region_name": "California", "source.ip": "173.236.179.57", "source.port": 80, "tags": [ @@ -5273,7 +5256,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5536,15 +5519,13 @@ "service.type": "panw", "source.address": "122.226.169.183", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 30.294, - "source.geo.location.lon": 120.1619, + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.geo.name": "China", - "source.geo.region_iso_code": "CN-ZJ", - "source.geo.region_name": "Zhejiang", "source.ip": "122.226.169.183", "source.port": 80, "tags": [ @@ -5559,7 +5540,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6201,16 +6182,13 @@ "service.type": "panw", "source.address": "173.236.179.57", "source.as.number": 26347, - "source.as.organization.name": "New Dream Network, LLC", - "source.geo.city_name": "Brea", + "source.as.organization.name": "DREAMHOST-AS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 33.9339, - "source.geo.location.lon": -117.8854, + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.geo.name": "United States", - "source.geo.region_iso_code": "US-CA", - "source.geo.region_name": "California", "source.ip": "173.236.179.57", "source.port": 80, "tags": [ @@ -6225,7 +6203,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6324,13 +6302,13 @@ "client.user.name": "jordy", "destination.address": "207.46.140.46", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.geo.city_name": "Central", "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "HK", "destination.geo.country_name": "Hong Kong", - "destination.geo.location.lat": 22.2909, - "destination.geo.location.lon": 114.15, + "destination.geo.location.lat": 22.2795, + "destination.geo.location.lon": 114.146, "destination.geo.name": "United States", "destination.geo.region_iso_code": "HK-HCW", "destination.geo.region_name": "Central and Western District", @@ -6488,16 +6466,13 @@ "service.type": "panw", "source.address": "65.54.161.34", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", - "source.geo.city_name": "Redmond", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 47.6722, - "source.geo.location.lon": -122.1257, + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.geo.name": "United States", - "source.geo.region_iso_code": "US-WA", - "source.geo.region_name": "Washington", "source.ip": "65.54.161.34", "source.port": 80, "tags": [ @@ -6582,13 +6557,12 @@ "service.type": "panw", "source.address": "65.55.5.231", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", - "source.geo.city_name": "Redmond", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 47.6722, - "source.geo.location.lon": -122.1257, + "source.geo.location.lat": 47.6032, + "source.geo.location.lon": -122.3412, "source.geo.name": "United States", "source.geo.region_iso_code": "US-WA", "source.geo.region_name": "Washington", @@ -6606,7 +6580,7 @@ "client.user.name": "jordy", "destination.address": "65.54.71.11", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.geo.city_name": "Los Angeles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6769,7 +6743,7 @@ "service.type": "panw", "source.address": "74.125.239.17", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -6790,7 +6764,7 @@ "client.user.name": "picard", "destination.address": "208.85.40.48", "destination.as.number": 40428, - "destination.as.organization.name": "Pandora Media, Inc", + "destination.as.organization.name": "PANDORA-EQX-SJL", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -6950,7 +6924,7 @@ "service.type": "panw", "source.address": "74.125.224.198", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7040,14 +7014,14 @@ "server.user.name": "jordy", "service.type": "panw", "source.address": "188.190.124.75", - "source.as.number": 12357, - "source.as.organization.name": "Vodafone Spain", + "source.as.number": 207294, + "source.as.organization.name": "Tns Grupo Oliva Valley, Sl", "source.geo.city_name": "Oliva", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "ES", "source.geo.country_name": "Spain", - "source.geo.location.lat": 38.9197, - "source.geo.location.lon": -0.1193, + "source.geo.location.lat": 38.9159, + "source.geo.location.lon": -0.1209, "source.geo.name": "Ukraine", "source.geo.region_iso_code": "ES-V", "source.geo.region_name": "Valencia", @@ -7134,7 +7108,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7224,7 +7198,7 @@ "service.type": "panw", "source.address": "74.125.239.3", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7314,7 +7288,7 @@ "service.type": "panw", "source.address": "74.125.239.3", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7404,7 +7378,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7425,7 +7399,7 @@ "client.user.name": "picard", "destination.address": "74.125.239.6", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -7585,7 +7559,7 @@ "service.type": "panw", "source.address": "74.125.224.193", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7676,7 +7650,7 @@ "service.type": "panw", "source.address": "74.125.239.20", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7766,7 +7740,7 @@ "service.type": "panw", "source.address": "208.80.154.225", "source.as.number": 14907, - "source.as.organization.name": "Wikimedia Foundation Inc.", + "source.as.organization.name": "WIKIMEDIA", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7857,7 +7831,7 @@ "service.type": "panw", "source.address": "208.80.154.234", "source.as.number": 14907, - "source.as.organization.name": "Wikimedia Foundation Inc.", + "source.as.organization.name": "WIKIMEDIA", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -7948,7 +7922,7 @@ "service.type": "panw", "source.address": "65.54.75.25", "source.as.number": 8075, - "source.as.organization.name": "Microsoft Corporation", + "source.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "source.geo.city_name": "Los Angeles", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -8041,7 +8015,7 @@ "service.type": "panw", "source.address": "74.125.224.206", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8131,7 +8105,7 @@ "service.type": "panw", "source.address": "74.125.224.195", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8222,16 +8196,13 @@ "service.type": "panw", "source.address": "207.178.96.34", "source.as.number": 20376, - "source.as.organization.name": "Hubris Communications", - "source.geo.city_name": "Liberal", + "source.as.organization.name": "HUBRIS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 37.0438, - "source.geo.location.lon": -100.9286, + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.geo.name": "United States", - "source.geo.region_iso_code": "US-KS", - "source.geo.region_name": "Kansas", "source.ip": "207.178.96.34", "source.port": 80, "tags": [ @@ -8315,7 +8286,7 @@ "service.type": "panw", "source.address": "74.125.224.195", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8405,7 +8376,7 @@ "service.type": "panw", "source.address": "74.125.239.20", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8496,13 +8467,13 @@ "service.type": "panw", "source.address": "66.152.109.24", "source.as.number": 13536, - "source.as.organization.name": "First Light Fiber", - "source.geo.city_name": "Albany", + "source.as.organization.name": "TVC-AS1", + "source.geo.city_name": "Schenectady", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 42.7008, - "source.geo.location.lon": -73.8601, + "source.geo.location.lat": 42.789, + "source.geo.location.lon": -73.9759, "source.geo.name": "United States", "source.geo.region_iso_code": "US-NY", "source.geo.region_name": "New York", @@ -8589,7 +8560,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8610,7 +8581,7 @@ "client.user.name": "picard", "destination.address": "74.125.224.201", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -8770,7 +8741,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8860,7 +8831,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -8881,7 +8852,7 @@ "client.user.name": "jordy", "destination.address": "208.85.40.48", "destination.as.number": 40428, - "destination.as.organization.name": "Pandora Media, Inc", + "destination.as.organization.name": "PANDORA-EQX-SJL", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -9041,7 +9012,7 @@ "service.type": "panw", "source.address": "74.125.224.201", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -9131,7 +9102,7 @@ "service.type": "panw", "source.address": "74.125.224.201", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -9221,7 +9192,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -9311,7 +9282,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -9402,7 +9373,7 @@ "service.type": "panw", "source.address": "74.125.224.198", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -9492,7 +9463,7 @@ "service.type": "panw", "source.address": "74.125.224.200", "source.as.number": 15169, - "source.as.organization.name": "Google LLC", + "source.as.organization.name": "GOOGLE", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index c90c76236b3f..c04cfcb322d4 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -8,7 +8,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -109,7 +109,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -207,7 +207,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -305,7 +305,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -406,7 +406,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -507,7 +507,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -605,7 +605,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -703,7 +703,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -804,7 +804,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -905,7 +905,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1006,7 +1006,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1107,7 +1107,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1208,7 +1208,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1309,7 +1309,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1410,7 +1410,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1511,7 +1511,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1612,7 +1612,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 551, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1713,7 +1713,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1814,7 +1814,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -1915,7 +1915,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2013,7 +2013,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2111,7 +2111,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -2212,7 +2212,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 98, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2310,7 +2310,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -2411,7 +2411,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 806, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -2512,7 +2512,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -2613,7 +2613,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2711,7 +2711,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2809,7 +2809,7 @@ "client.user.name": "crusher", "destination.address": "98.149.55.63", "destination.as.number": 20001, - "destination.as.organization.name": "Charter Communications Inc", + "destination.as.organization.name": "TWC-20001-PACWEST", "destination.bytes": 504, "destination.geo.city_name": "Westminster", "destination.geo.continent_name": "North America", @@ -2910,7 +2910,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -3011,7 +3011,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3115,8 +3115,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 45.4087, - "destination.geo.location.lon": 9.1225, + "destination.geo.location.lat": 45.4641, + "destination.geo.location.lon": 9.281, "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", @@ -3210,7 +3210,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -3311,7 +3311,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3409,7 +3409,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3507,7 +3507,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -3608,7 +3608,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -3709,7 +3709,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3807,7 +3807,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3904,7 +3904,7 @@ "client.port": 38796, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 111, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3999,11 +3999,14 @@ "destination.as.number": 3269, "destination.as.organization.name": "Telecom Italia", "destination.bytes": 906, + "destination.geo.city_name": "Brescia", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 43.1479, - "destination.geo.location.lon": 12.1097, + "destination.geo.location.lat": 45.55, + "destination.geo.location.lon": 10.25, + "destination.geo.region_iso_code": "IT-BS", + "destination.geo.region_name": "Provincia di Brescia", "destination.ip": "62.211.68.12", "destination.packets": 7, "destination.port": 80, @@ -4094,7 +4097,7 @@ "client.port": 48412, "destination.address": "50.19.102.116", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 5013, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -4190,7 +4193,7 @@ "client.user.name": "crusher", "destination.address": "65.55.223.19", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.bytes": 99, "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", @@ -4291,7 +4294,7 @@ "client.user.name": "crusher", "destination.address": "65.55.223.24", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.bytes": 902, "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", @@ -4391,7 +4394,7 @@ "client.port": 52189, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 141, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4484,7 +4487,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -4585,7 +4588,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4683,7 +4686,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -4784,7 +4787,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4882,7 +4885,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 316, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4980,7 +4983,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 121, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5078,7 +5081,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5178,11 +5181,14 @@ "destination.as.number": 3269, "destination.as.organization.name": "Telecom Italia", "destination.bytes": 954, + "destination.geo.city_name": "Brescia", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 43.1479, - "destination.geo.location.lon": 12.1097, + "destination.geo.location.lat": 45.55, + "destination.geo.location.lon": 10.25, + "destination.geo.region_iso_code": "IT-BS", + "destination.geo.region_name": "Provincia di Brescia", "destination.ip": "62.211.68.12", "destination.packets": 7, "destination.port": 80, @@ -5280,8 +5286,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 45.4087, - "destination.geo.location.lon": 9.1225, + "destination.geo.location.lat": 45.4641, + "destination.geo.location.lon": 9.281, "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", @@ -5375,7 +5381,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 555, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -5476,7 +5482,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5574,7 +5580,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -5675,7 +5681,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5773,7 +5779,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5871,7 +5877,7 @@ "client.user.name": "crusher", "destination.address": "65.55.223.31", "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.bytes": 0, "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", @@ -5972,7 +5978,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -6073,7 +6079,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6171,7 +6177,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6271,11 +6277,14 @@ "destination.as.number": 3269, "destination.as.organization.name": "Telecom Italia", "destination.bytes": 906, + "destination.geo.city_name": "Brescia", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 43.1479, - "destination.geo.location.lon": 12.1097, + "destination.geo.location.lat": 45.55, + "destination.geo.location.lon": 10.25, + "destination.geo.region_iso_code": "IT-BS", + "destination.geo.region_name": "Provincia di Brescia", "destination.ip": "62.211.68.12", "destination.packets": 7, "destination.port": 80, @@ -6367,7 +6376,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 163, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6465,7 +6474,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6563,7 +6572,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6661,7 +6670,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -6764,11 +6773,14 @@ "destination.as.number": 3269, "destination.as.organization.name": "Telecom Italia", "destination.bytes": 922, + "destination.geo.city_name": "Brescia", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 43.1479, - "destination.geo.location.lon": 12.1097, + "destination.geo.location.lat": 45.55, + "destination.geo.location.lon": 10.25, + "destination.geo.region_iso_code": "IT-BS", + "destination.geo.region_name": "Provincia di Brescia", "destination.ip": "62.211.68.12", "destination.packets": 7, "destination.port": 80, @@ -6860,7 +6872,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -6961,7 +6973,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7059,7 +7071,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7157,7 +7169,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -7258,7 +7270,7 @@ "client.user.name": "crusher", "destination.address": "8.5.1.1", "destination.as.number": 3356, - "destination.as.organization.name": "Level 3 Parent, LLC", + "destination.as.organization.name": "LEVEL3", "destination.bytes": 26786, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7356,7 +7368,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7454,7 +7466,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7552,7 +7564,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -7750,8 +7762,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 45.4087, - "destination.geo.location.lon": 9.1225, + "destination.geo.location.lat": 45.4641, + "destination.geo.location.lon": 9.281, "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", @@ -7851,8 +7863,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 45.4087, - "destination.geo.location.lon": 9.1225, + "destination.geo.location.lat": 45.4641, + "destination.geo.location.lon": 9.281, "destination.geo.region_iso_code": "IT-MI", "destination.geo.region_name": "Milan", "destination.ip": "212.48.10.58", @@ -8128,7 +8140,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -8229,7 +8241,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8327,7 +8339,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8425,7 +8437,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -8526,7 +8538,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8715,7 +8727,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8813,7 +8825,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -8914,7 +8926,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -9012,7 +9024,7 @@ "client.user.name": "crusher", "destination.address": "205.171.2.25", "destination.as.number": 209, - "destination.as.organization.name": "CenturyLink Communications, LLC", + "destination.as.organization.name": "CENTURYLINK-US-LEGACY-QWEST", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -9112,11 +9124,14 @@ "destination.as.number": 3269, "destination.as.organization.name": "Telecom Italia", "destination.bytes": 906, + "destination.geo.city_name": "Brescia", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IT", "destination.geo.country_name": "Italy", - "destination.geo.location.lat": 43.1479, - "destination.geo.location.lon": 12.1097, + "destination.geo.location.lat": 45.55, + "destination.geo.location.lon": 10.25, + "destination.geo.region_iso_code": "IT-BS", + "destination.geo.region_name": "Provincia di Brescia", "destination.ip": "62.211.68.12", "destination.packets": 7, "destination.port": 80, @@ -9208,7 +9223,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -9309,7 +9324,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -9410,7 +9425,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -9602,7 +9617,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 78, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -9703,7 +9718,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 78, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", @@ -9804,7 +9819,7 @@ "client.user.name": "crusher", "destination.address": "204.232.231.46", "destination.as.number": 27357, - "destination.as.organization.name": "Rackspace Hosting", + "destination.as.organization.name": "RACKSPACE", "destination.bytes": 0, "destination.geo.city_name": "Fort Lauderdale", "destination.geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index ef9975180c14..c7c9be453d84 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -7,7 +7,7 @@ "client.port": 52984, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -112,7 +112,7 @@ "client.port": 52983, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -217,7 +217,7 @@ "client.port": 52986, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -322,7 +322,7 @@ "client.port": 52985, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -427,7 +427,7 @@ "client.port": 52987, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -532,7 +532,7 @@ "client.port": 52988, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -637,7 +637,7 @@ "client.port": 52990, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -742,7 +742,7 @@ "client.port": 52989, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -847,7 +847,7 @@ "client.port": 52992, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -952,7 +952,7 @@ "client.port": 52991, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1057,7 +1057,7 @@ "client.port": 52994, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1162,7 +1162,7 @@ "client.port": 52993, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1267,7 +1267,7 @@ "client.port": 52995, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1372,7 +1372,7 @@ "client.port": 52996, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1477,7 +1477,7 @@ "client.port": 52997, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1582,7 +1582,7 @@ "client.port": 52998, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1687,7 +1687,7 @@ "client.port": 52999, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1792,7 +1792,7 @@ "client.port": 53001, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1897,7 +1897,7 @@ "client.port": 53002, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2002,7 +2002,7 @@ "client.port": 53003, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2212,7 +2212,7 @@ "client.port": 53000, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2317,7 +2317,7 @@ "client.port": 53006, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2422,7 +2422,7 @@ "client.port": 53007, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2527,7 +2527,7 @@ "client.port": 53008, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2632,7 +2632,7 @@ "client.port": 53010, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2737,7 +2737,7 @@ "client.port": 53011, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2842,7 +2842,7 @@ "client.port": 53012, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2947,7 +2947,7 @@ "client.port": 53013, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3052,7 +3052,7 @@ "client.port": 53014, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3157,7 +3157,7 @@ "client.port": 53022, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3262,7 +3262,7 @@ "client.port": 53023, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3367,7 +3367,7 @@ "client.port": 53024, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3472,7 +3472,7 @@ "client.port": 53025, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3577,7 +3577,7 @@ "client.port": 53026, "destination.address": "152.195.55.192", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3682,7 +3682,7 @@ "client.port": 53041, "destination.address": "151.101.2.2", "destination.as.number": 54113, - "destination.as.organization.name": "Fastly", + "destination.as.organization.name": "FASTLY", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3787,16 +3787,13 @@ "client.port": 53040, "destination.address": "54.192.7.152", "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", - "destination.geo.city_name": "Seattle", + "destination.as.organization.name": "AMAZON-02", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6109, - "destination.geo.location.lon": -122.3303, + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.geo.name": "United States", - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", "destination.ip": "54.192.7.152", "destination.nat.ip": "54.192.7.152", "destination.nat.port": 443, @@ -3895,7 +3892,7 @@ "client.port": 53093, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4003,7 +4000,7 @@ "client.port": 53094, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4111,7 +4108,7 @@ "client.port": 53095, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4219,7 +4216,7 @@ "client.port": 53096, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4327,7 +4324,7 @@ "client.port": 53097, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4435,7 +4432,7 @@ "client.port": 53099, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4543,7 +4540,7 @@ "client.port": 53100, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4651,7 +4648,7 @@ "client.port": 53101, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4759,7 +4756,7 @@ "client.port": 53104, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4867,7 +4864,7 @@ "client.port": 53107, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4975,7 +4972,7 @@ "client.port": 53108, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5083,7 +5080,7 @@ "client.port": 53109, "destination.address": "52.4.120.175", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5191,13 +5188,13 @@ "client.port": 53118, "destination.address": "216.58.194.98", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.3861, - "destination.geo.location.lon": -122.0839, + "destination.geo.location.lat": 37.3891, + "destination.geo.location.lon": -122.0866, "destination.geo.name": "United States", "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", @@ -5299,13 +5296,16 @@ "client.port": 53126, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5404,13 +5404,16 @@ "client.port": 53127, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5509,13 +5512,16 @@ "client.port": 53128, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5614,13 +5620,16 @@ "client.port": 53129, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5719,13 +5728,16 @@ "client.port": 53130, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5824,13 +5836,16 @@ "client.port": 53131, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -5929,13 +5944,16 @@ "client.port": 53132, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -6034,13 +6052,16 @@ "client.port": 53133, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -6139,13 +6160,16 @@ "client.port": 53134, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -6244,13 +6268,16 @@ "client.port": 53135, "destination.address": "23.72.145.245", "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.as.organization.name": "AKAMAI-AS", + "destination.geo.city_name": "Slough", + "destination.geo.continent_name": "Europe", + "destination.geo.country_iso_code": "GB", + "destination.geo.country_name": "United Kingdom", + "destination.geo.location.lat": 51.4991, + "destination.geo.location.lon": -0.5545, "destination.geo.name": "United States", + "destination.geo.region_iso_code": "GB-SLG", + "destination.geo.region_name": "Slough", "destination.ip": "23.72.145.245", "destination.nat.ip": "23.72.145.245", "destination.nat.port": 443, @@ -6349,7 +6376,7 @@ "client.port": 53152, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6457,7 +6484,7 @@ "client.port": 53155, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6565,7 +6592,7 @@ "client.port": 53158, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6673,7 +6700,7 @@ "client.port": 53160, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6781,7 +6808,7 @@ "client.port": 53161, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6889,7 +6916,7 @@ "client.port": 53162, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6997,7 +7024,7 @@ "client.port": 53163, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7105,7 +7132,7 @@ "client.port": 53164, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7213,7 +7240,7 @@ "client.port": 53165, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7321,7 +7348,7 @@ "client.port": 53166, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7429,7 +7456,7 @@ "client.port": 53167, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7537,7 +7564,7 @@ "client.port": 53150, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7645,7 +7672,7 @@ "client.port": 53185, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7753,7 +7780,7 @@ "client.port": 53187, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7861,7 +7888,7 @@ "client.port": 53188, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7969,7 +7996,7 @@ "client.port": 53178, "destination.address": "54.209.101.70", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 9d86fbf8e1b3..cbe6e097cd28 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -8,8 +8,8 @@ "client.packets": 16, "client.port": 55113, "destination.address": "184.51.253.152", - "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", "destination.bytes": 5976, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -119,7 +119,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -229,14 +229,14 @@ "client.port": 55114, "destination.address": "17.253.3.202", "destination.as.number": 6185, - "destination.as.organization.name": "Apple Inc.", + "destination.as.organization.name": "APPLE-AUSTIN", "destination.bytes": 1035, "destination.geo.city_name": "Dallas", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 32.7787, - "destination.geo.location.lon": -96.8217, + "destination.geo.location.lat": 32.7797, + "destination.geo.location.lon": -96.8022, "destination.geo.region_iso_code": "US-TX", "destination.geo.region_name": "Texas", "destination.ip": "17.253.3.202", @@ -342,7 +342,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -452,14 +452,14 @@ "client.port": 46774, "destination.address": "216.58.194.99", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 1613, "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.3861, - "destination.geo.location.lon": -122.0839, + "destination.geo.location.lat": 37.3891, + "destination.geo.location.lon": -122.0866, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "216.58.194.99", @@ -565,7 +565,7 @@ "client.port": 52408, "destination.address": "209.234.224.22", "destination.as.number": 395162, - "destination.as.organization.name": "Markit On Demand, Inc.", + "destination.as.organization.name": "MOD-PTC", "destination.bytes": 21111, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -675,7 +675,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -785,7 +785,7 @@ "client.port": 59190, "destination.address": "172.217.2.238", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 3732, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -895,7 +895,7 @@ "client.port": 49728, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1005,7 +1005,7 @@ "client.port": 50500, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 221, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1115,7 +1115,7 @@ "client.port": 55112, "destination.address": "17.249.60.78", "destination.as.number": 714, - "destination.as.organization.name": "Apple Inc.", + "destination.as.organization.name": "APPLE-ENGINEERING", "destination.bytes": 5469, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1225,7 +1225,7 @@ "client.port": 57632, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 224, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1335,7 +1335,7 @@ "client.port": 50271, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 117, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1445,7 +1445,7 @@ "client.port": 54061, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 307, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1555,7 +1555,7 @@ "client.port": 52701, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 365, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1665,7 +1665,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1775,7 +1775,7 @@ "client.port": 62503, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 161, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1885,7 +1885,7 @@ "client.port": 52442, "destination.address": "98.138.49.44", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.bytes": 7805, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1995,7 +1995,7 @@ "client.port": 52441, "destination.address": "72.30.3.43", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.bytes": 6106, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2105,7 +2105,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 196, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2215,7 +2215,7 @@ "client.port": 52355, "destination.address": "172.217.9.142", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 3245, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2325,7 +2325,7 @@ "client.port": 50196, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 179, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2435,7 +2435,7 @@ "client.port": 52454, "destination.address": "54.84.80.198", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 4537, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -2548,12 +2548,12 @@ "client.port": 52445, "destination.address": "199.167.55.52", "destination.bytes": 0, - "destination.geo.city_name": "Sunnyvale", + "destination.geo.city_name": "Fremont", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.386, - "destination.geo.location.lon": -122.0144, + "destination.geo.location.lat": 37.5625, + "destination.geo.location.lon": -122.0004, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.55.52", @@ -2659,7 +2659,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2769,7 +2769,7 @@ "client.port": 35485, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2875,7 +2875,7 @@ "client.port": 62730, "destination.address": "172.217.9.142", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 1991, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2982,7 +2982,7 @@ "client.port": 52506, "destination.address": "151.101.2.2", "destination.as.number": 54113, - "destination.as.organization.name": "Fastly", + "destination.as.organization.name": "FASTLY", "destination.bytes": 523, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3092,14 +3092,14 @@ "client.port": 60596, "destination.address": "216.58.194.66", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 2428, "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.3861, - "destination.geo.location.lon": -122.0839, + "destination.geo.location.lat": 37.3891, + "destination.geo.location.lon": -122.0866, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "216.58.194.66", @@ -3205,7 +3205,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3315,7 +3315,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 196, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3424,8 +3424,8 @@ "client.packets": 12, "client.port": 52514, "destination.address": "184.51.253.193", - "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", "destination.bytes": 5003, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3535,7 +3535,7 @@ "client.port": 55155, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 171, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -3645,12 +3645,12 @@ "client.port": 52445, "destination.address": "199.167.55.52", "destination.bytes": 0, - "destination.geo.city_name": "Sunnyvale", + "destination.geo.city_name": "Fremont", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.386, - "destination.geo.location.lon": -122.0144, + "destination.geo.location.lat": 37.5625, + "destination.geo.location.lon": -122.0004, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.55.52", @@ -3756,14 +3756,14 @@ "client.port": 52516, "destination.address": "199.167.52.219", "destination.as.number": 54538, - "destination.as.organization.name": "PALO ALTO NETWORKS", + "destination.as.organization.name": "PAN0001", "destination.bytes": 2316, - "destination.geo.city_name": "Sunnyvale", + "destination.geo.city_name": "Fremont", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.386, - "destination.geo.location.lon": -122.0144, + "destination.geo.location.lat": 37.5625, + "destination.geo.location.lon": -122.0004, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "199.167.52.219", @@ -3869,7 +3869,7 @@ "client.port": 52511, "destination.address": "52.71.117.196", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 13966, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -3982,7 +3982,7 @@ "client.port": 3018, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 244, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4092,7 +4092,7 @@ "client.port": 16569, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 205, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4202,16 +4202,16 @@ "client.port": 52479, "destination.address": "35.186.194.41", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 2302, - "destination.geo.city_name": "Mountain View", + "destination.geo.city_name": "Kansas City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "35.186.194.41", "destination.nat.ip": "35.186.194.41", "destination.nat.port": 443, @@ -4315,11 +4315,16 @@ "client.port": 52478, "destination.address": "35.201.124.9", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 6757, - "destination.geo.continent_name": "Asia", - "destination.geo.location.lat": 35.0, - "destination.geo.location.lon": 105.0, + "destination.geo.city_name": "Kansas City", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "35.201.124.9", "destination.nat.ip": "35.201.124.9", "destination.nat.port": 443, @@ -4423,7 +4428,7 @@ "client.port": 52502, "destination.address": "100.24.131.237", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 9007, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -4535,8 +4540,8 @@ "client.packets": 8, "client.port": 52458, "destination.address": "184.51.252.247", - "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", "destination.bytes": 661, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4646,16 +4651,16 @@ "client.port": 52484, "destination.address": "35.190.88.148", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 11136, - "destination.geo.city_name": "Mountain View", + "destination.geo.city_name": "Kansas City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "35.190.88.148", "destination.nat.ip": "35.190.88.148", "destination.nat.port": 443, @@ -4759,16 +4764,16 @@ "client.port": 52482, "destination.address": "35.186.243.83", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 11136, - "destination.geo.city_name": "Mountain View", + "destination.geo.city_name": "Kansas City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "35.186.243.83", "destination.nat.ip": "35.186.243.83", "destination.nat.port": 443, @@ -4872,7 +4877,7 @@ "client.port": 33769, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 182, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -4982,7 +4987,7 @@ "client.port": 14106, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 90, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5092,7 +5097,7 @@ "client.port": 52503, "destination.address": "100.24.165.74", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 6669, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -5204,8 +5209,8 @@ "client.packets": 8, "client.port": 52459, "destination.address": "184.51.252.247", - "destination.as.number": 16625, - "destination.as.organization.name": "Akamai Technologies, Inc.", + "destination.as.number": 20940, + "destination.as.organization.name": "Akamai International B.V.", "destination.bytes": 661, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5315,11 +5320,16 @@ "client.port": 52483, "destination.address": "35.201.94.140", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 11136, - "destination.geo.continent_name": "Asia", - "destination.geo.location.lat": 35.0, - "destination.geo.location.lon": 105.0, + "destination.geo.city_name": "Kansas City", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "35.201.94.140", "destination.nat.ip": "35.201.94.140", "destination.nat.port": 443, @@ -5423,7 +5433,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5529,7 +5539,7 @@ "client.port": 38663, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 144, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5639,7 +5649,7 @@ "client.port": 50443, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5749,7 +5759,7 @@ "client.port": 54215, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5859,7 +5869,7 @@ "client.port": 35827, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -5969,7 +5979,7 @@ "client.port": 60609, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 132, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6079,7 +6089,7 @@ "client.port": 3248, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 127, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6189,7 +6199,7 @@ "client.port": 49284, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 105, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6299,7 +6309,7 @@ "client.port": 57732, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6409,7 +6419,7 @@ "client.port": 49195, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 134, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6519,7 +6529,7 @@ "client.port": 17266, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 179, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6629,7 +6639,7 @@ "client.port": 48631, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 218, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6739,7 +6749,7 @@ "client.port": 58540, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6849,7 +6859,7 @@ "client.port": 42678, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 305, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -6959,16 +6969,16 @@ "client.port": 16576, "destination.address": "66.28.0.45", "destination.as.number": 174, - "destination.as.organization.name": "Cogent Communications", + "destination.as.organization.name": "COGENT-174", "destination.bytes": 527, - "destination.geo.city_name": "Lanham", + "destination.geo.city_name": "Houston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9705, - "destination.geo.location.lon": -76.8388, - "destination.geo.region_iso_code": "US-MD", - "destination.geo.region_name": "Maryland", + "destination.geo.location.lat": 29.675, + "destination.geo.location.lon": -95.486, + "destination.geo.region_iso_code": "US-TX", + "destination.geo.region_name": "Texas", "destination.ip": "66.28.0.45", "destination.nat.ip": "66.28.0.45", "destination.nat.port": 53, @@ -7072,7 +7082,7 @@ "client.port": 39830, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 153, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7182,7 +7192,7 @@ "client.port": 6185, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 169, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7292,7 +7302,7 @@ "client.port": 8781, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 128, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7402,7 +7412,7 @@ "client.port": 16788, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 181, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7512,7 +7522,7 @@ "client.port": 45307, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 121, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7624,14 +7634,11 @@ "destination.as.number": 20940, "destination.as.organization.name": "Akamai International B.V.", "destination.bytes": 1246, - "destination.geo.city_name": "San Antonio", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 29.4551, - "destination.geo.location.lon": -98.6498, - "destination.geo.region_iso_code": "US-TX", - "destination.geo.region_name": "Texas", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "23.52.174.25", "destination.nat.ip": "23.52.174.25", "destination.nat.port": 80, @@ -7735,7 +7742,7 @@ "client.port": 8503, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 315, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7845,7 +7852,7 @@ "client.port": 6910, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 130, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -7954,17 +7961,12 @@ "client.packets": 5, "client.port": 52475, "destination.address": "54.230.5.228", - "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", "destination.bytes": 288, - "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.54, - "destination.geo.location.lon": -122.3032, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "54.230.5.228", "destination.nat.ip": "54.230.5.228", "destination.nat.port": 443, @@ -8068,7 +8070,7 @@ "client.port": 14342, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 149, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8178,7 +8180,7 @@ "client.port": 48197, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 202, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8288,7 +8290,7 @@ "client.port": 32296, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 195, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8398,7 +8400,7 @@ "client.port": 33870, "destination.address": "208.83.246.20", "destination.as.number": 30303, - "destination.as.organization.name": "Ooma, Inc.", + "destination.as.organization.name": "OOMA", "destination.bytes": 90, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8508,7 +8510,7 @@ "client.port": 54659, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 192, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8617,7 +8619,7 @@ "client.port": 57446, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 208, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8726,7 +8728,7 @@ "client.port": 22655, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 100, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -8835,15 +8837,16 @@ "client.port": 52509, "destination.address": "35.185.88.112", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 7237, + "destination.geo.city_name": "North Charleston", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.6583, - "destination.geo.location.lon": -77.2481, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 32.8608, + "destination.geo.location.lon": -79.9746, + "destination.geo.region_iso_code": "US-SC", + "destination.geo.region_name": "South Carolina", "destination.ip": "35.185.88.112", "destination.nat.ip": "35.185.88.112", "destination.nat.port": 443, @@ -8946,7 +8949,7 @@ "client.port": 27192, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 109, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -9056,7 +9059,7 @@ "client.port": 30221, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 116, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -9166,7 +9169,7 @@ "client.port": 30570, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 96, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -9276,7 +9279,7 @@ "client.port": 52497, "destination.address": "50.19.85.24", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 654, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -9389,7 +9392,7 @@ "client.port": 52498, "destination.address": "50.19.85.24", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 654, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -9502,7 +9505,7 @@ "client.port": 52496, "destination.address": "50.19.85.24", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 654, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -9615,13 +9618,16 @@ "client.port": 52510, "destination.address": "104.254.150.9", "destination.as.number": 29990, - "destination.as.organization.name": "AppNexus, Inc", + "destination.as.organization.name": "ASN-APPNEX", "destination.bytes": 7820, + "destination.geo.city_name": "Los Angeles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 34.0544, + "destination.geo.location.lon": -118.244, + "destination.geo.region_iso_code": "US-CA", + "destination.geo.region_name": "California", "destination.ip": "104.254.150.9", "destination.nat.ip": "104.254.150.9", "destination.nat.port": 443, @@ -9725,7 +9731,7 @@ "client.port": 52495, "destination.address": "50.19.85.24", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 654, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -9838,7 +9844,7 @@ "client.port": 52486, "destination.address": "52.0.218.108", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 214, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -9951,7 +9957,7 @@ "client.port": 52489, "destination.address": "52.6.117.19", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 214, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -10064,7 +10070,7 @@ "client.port": 52490, "destination.address": "34.238.96.22", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.bytes": 214, "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", @@ -10177,16 +10183,16 @@ "client.port": 52493, "destination.address": "130.211.47.17", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 280, - "destination.geo.city_name": "Mountain View", + "destination.geo.city_name": "Kansas City", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 39.1028, + "destination.geo.location.lon": -94.5778, + "destination.geo.region_iso_code": "US-MO", + "destination.geo.region_name": "Missouri", "destination.ip": "130.211.47.17", "destination.nat.ip": "130.211.47.17", "destination.nat.port": 443, @@ -10290,7 +10296,7 @@ "client.port": 59320, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 172, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10400,7 +10406,7 @@ "client.port": 0, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 588, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10510,7 +10516,7 @@ "client.port": 13076, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10620,7 +10626,7 @@ "client.port": 5511, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 170, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10730,7 +10736,7 @@ "client.port": 9799, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10840,7 +10846,7 @@ "client.port": 39169, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 94, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -10950,7 +10956,7 @@ "client.port": 42476, "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 166, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", diff --git a/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json b/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json index dc2a22faf280..69d7fd050412 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json +++ b/x-pack/filebeat/module/sonicwall/firewall/test/general.log-expected.json @@ -345,11 +345,14 @@ "rsa.network.sinterface": "WAN", "rsa.time.event_time": "2007-01-03T16:48:14.000Z", "service.type": "sonicwall", + "source.geo.city_name": "Nelson", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "NZ", "source.geo.country_name": "New Zealand", - "source.geo.location.lat": -41.0, - "source.geo.location.lon": 174.0, + "source.geo.location.lat": -41.314, + "source.geo.location.lon": 173.2367, + "source.geo.region_iso_code": "NZ-NSN", + "source.geo.region_name": "Nelson", "source.ip": [ "219.89.19.223" ], @@ -433,7 +436,7 @@ "rsa.time.event_time": "2007-01-03T16:48:15.000Z", "service.type": "sonicwall", "source.as.number": 13335, - "source.as.organization.name": "Cloudflare, Inc.", + "source.as.organization.name": "CLOUDFLARENET", "source.geo.continent_name": "Oceania", "source.geo.country_iso_code": "AU", "source.geo.country_name": "Australia", diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json index 044a0b01f339..dc4061511320 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-spam.log-expected.json @@ -70,14 +70,14 @@ "destination.as.number": 199567, "destination.as.organization.name": "Fr. Sauter AG", "destination.bytes": 0, - "destination.geo.city_name": "Saint-Prex", + "destination.geo.city_name": "Basel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", "destination.geo.country_name": "Switzerland", - "destination.geo.location.lat": 46.4796, - "destination.geo.location.lon": 6.4599, - "destination.geo.region_iso_code": "CH-VD", - "destination.geo.region_name": "Vaud", + "destination.geo.location.lat": 47.5654, + "destination.geo.location.lon": 7.5706, + "destination.geo.region_iso_code": "CH-BS", + "destination.geo.region_name": "Basel-City", "destination.ip": "185.8.209.194", "destination.port": 25, "destination.user.email": "info@pelasticuser.com", @@ -159,14 +159,14 @@ "destination.as.number": 199567, "destination.as.organization.name": "Fr. Sauter AG", "destination.bytes": 0, - "destination.geo.city_name": "Saint-Prex", + "destination.geo.city_name": "Basel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", "destination.geo.country_name": "Switzerland", - "destination.geo.location.lat": 46.4796, - "destination.geo.location.lon": 6.4599, - "destination.geo.region_iso_code": "CH-VD", - "destination.geo.region_name": "Vaud", + "destination.geo.location.lat": 47.5654, + "destination.geo.location.lon": 7.5706, + "destination.geo.region_iso_code": "CH-BS", + "destination.geo.region_name": "Basel-City", "destination.ip": "185.8.209.194", "destination.port": 25, "destination.user.email": "hein.mueck@elasticuser.de", @@ -223,15 +223,15 @@ "sophos.xg.spamaction": "Reject", "sophos.xg.src_country_code": "BRA", "source.as.number": 262696, - "source.as.organization.name": "Turbonet Telecomunica\u00e7\u00f5es", + "source.as.organization.name": "Turbonet Telecomunicacoes", "source.bytes": 0, "source.domain": "17buddies.net", - "source.geo.city_name": "Cabreuva", + "source.geo.city_name": "S\u00e3o Paulo", "source.geo.continent_name": "South America", "source.geo.country_iso_code": "BR", "source.geo.country_name": "Brazil", - "source.geo.location.lat": -23.3149, - "source.geo.location.lon": -47.0763, + "source.geo.location.lat": -23.6376, + "source.geo.location.lon": -46.6295, "source.geo.region_iso_code": "BR-SP", "source.geo.region_name": "Sao Paulo", "source.ip": "187.95.82.175", @@ -250,14 +250,14 @@ "destination.as.number": 199567, "destination.as.organization.name": "Fr. Sauter AG", "destination.bytes": 0, - "destination.geo.city_name": "Saint-Prex", + "destination.geo.city_name": "Basel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", "destination.geo.country_name": "Switzerland", - "destination.geo.location.lat": 46.4796, - "destination.geo.location.lon": 6.4599, - "destination.geo.region_iso_code": "CH-VD", - "destination.geo.region_name": "Vaud", + "destination.geo.location.lat": 47.5654, + "destination.geo.location.lon": 7.5706, + "destination.geo.region_iso_code": "CH-BS", + "destination.geo.region_name": "Basel-City", "destination.ip": "185.8.209.194", "destination.port": 25, "destination.user.email": "info@elasticuser.com", diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json index 4afefcee9b49..04a9f3526746 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json @@ -5,16 +5,13 @@ "client.ip": "172.16.34.24", "client.port": 57695, "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.bytes": 1616, - "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "13.226.155.93", "destination.port": 80, "event.action": "Virus", @@ -86,16 +83,13 @@ "client.ip": "172.16.34.24", "client.port": 57835, "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-02", "destination.bytes": 553, - "destination.geo.city_name": "Seattle", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "13.226.155.18", "destination.port": 80, "event.action": "Virus", @@ -257,11 +251,14 @@ "destination.as.number": 42652, "destination.as.organization.name": "inexio Informationstechnologie und Telekommunikation Gmbh", "destination.bytes": 0, + "destination.geo.city_name": "Piesport", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 51.2993, - "destination.geo.location.lon": 9.491, + "destination.geo.location.lat": 49.8855, + "destination.geo.location.lon": 6.9192, + "destination.geo.region_iso_code": "DE-RP", + "destination.geo.region_name": "Rheinland-Pfalz", "destination.ip": "185.7.209.194", "destination.port": 25, "destination.user.email": "info@elastic-user.local", @@ -321,16 +318,13 @@ "sophos.xg.subject": "Re: NEW PRO-FORMA INVOICE", "sophos.xg.virus": "Mal/BredoZp-B", "source.as.number": 54290, - "source.as.organization.name": "Hostwinds LLC.", + "source.as.organization.name": "HOSTWINDS", "source.bytes": 0, - "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 47.4902, - "source.geo.location.lon": -122.3004, - "source.geo.region_iso_code": "US-WA", - "source.geo.region_name": "Washington", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.ip": "23.254.247.78", "source.port": 54693, "source.user.email": "spedizioni@divella.it", diff --git a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json index a0230cb1dc49..2a3c456368d5 100644 --- a/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/atp.log-expected.json @@ -3,8 +3,8 @@ "@timestamp": "2017-01-31T18:44:31.000-02:00", "client.ip": "10.198.47.71", "client.port": 22623, - "destination.as.number": 44050, - "destination.as.organization.name": "Petersburg Internet Network ltd.", + "destination.as.number": 211849, + "destination.as.organization.name": "Kakharov Orinbassar Maratuly", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "RU", "destination.geo.country_name": "Russia", @@ -76,15 +76,12 @@ "client.ip": "172.16.34.24", "client.port": 57579, "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", - "destination.geo.city_name": "Seattle", + "destination.as.organization.name": "AMAZON-02", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "13.226.155.22", "destination.port": 80, "event.action": "drop", @@ -147,15 +144,12 @@ "client.ip": "172.16.34.24", "client.port": 57540, "destination.as.number": 16509, - "destination.as.organization.name": "Amazon.com, Inc.", - "destination.geo.city_name": "Seattle", + "destination.as.organization.name": "AMAZON-02", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 47.6348, - "destination.geo.location.lon": -122.3451, - "destination.geo.region_iso_code": "US-WA", - "destination.geo.region_name": "Washington", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": "13.226.155.22", "destination.port": 80, "event.action": "drop", @@ -218,7 +212,7 @@ "client.ip": "10.198.32.89", "client.port": 0, "destination.as.number": 31400, - "destination.as.organization.name": "Accelerated IT Services & Consulting GmbH", + "destination.as.organization.name": "diva-e Datacenters GmbH", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", diff --git a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json index c8bb6001058b..11a936e3581d 100644 --- a/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/cfilter.log-expected.json @@ -8,8 +8,8 @@ "destination.geo.continent_name": "Asia", "destination.geo.country_iso_code": "IN", "destination.geo.country_name": "India", - "destination.geo.location.lat": 20.0, - "destination.geo.location.lon": 77.0, + "destination.geo.location.lat": 20.0063, + "destination.geo.location.lon": 77.006, "destination.ip": "182.79.221.19", "destination.port": 443, "event.action": "allowed", @@ -78,7 +78,7 @@ "client.ip": "5.5.5.15", "client.port": 46719, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.city_name": "Mountain View", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -159,7 +159,7 @@ "client.ip": "5.5.5.15", "client.port": 49128, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -241,13 +241,13 @@ "client.ip": "172.17.34.10", "client.port": 62851, "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.geo.city_name": "Dublin", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "IE", "destination.geo.country_name": "Ireland", - "destination.geo.location.lat": 53.3338, - "destination.geo.location.lon": -6.2488, + "destination.geo.location.lat": 53.3382, + "destination.geo.location.lon": -6.2591, "destination.geo.region_iso_code": "IE-L", "destination.geo.region_name": "Leinster", "destination.ip": "13.79.168.201", @@ -316,7 +316,7 @@ "client.ip": "172.16.34.15", "client.port": 60471, "destination.as.number": 8075, - "destination.as.organization.name": "Microsoft Corporation", + "destination.as.organization.name": "MICROSOFT-CORP-MSN-AS-BLOCK", "destination.geo.city_name": "Washington", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -398,8 +398,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", "destination.geo.country_name": "Slovakia", - "destination.geo.location.lat": 48.15, - "destination.geo.location.lon": 17.1078, + "destination.geo.location.lat": 48.1833, + "destination.geo.location.lon": 17.0379, "destination.geo.region_iso_code": "SK-BL", "destination.geo.region_name": "Bratislava", "destination.ip": "91.228.167.133", @@ -524,7 +524,7 @@ "client.ip": "192.168.73.220", "client.port": 37832, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -599,7 +599,7 @@ "client.ip": "192.168.73.220", "client.port": 46322, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json index f08587eaa912..bde2b8b23a45 100644 --- a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json @@ -60,7 +60,7 @@ "@timestamp": "2020-05-18T14:38:58.000-02:00", "client.ip": "83.20.132.250", "destination.as.number": 721, - "destination.as.organization.name": "DoD Network Information Center", + "destination.as.organization.name": "DNIC-ASBLK-00721-00726", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -110,14 +110,14 @@ "sophos.xg.status": "Failed", "source.as.number": 5617, "source.as.organization.name": "Orange Polska Spolka Akcyjna", - "source.geo.city_name": "Elblag", + "source.geo.city_name": "Komorniki", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 54.172, - "source.geo.location.lon": 19.4195, - "source.geo.region_iso_code": "PL-28", - "source.geo.region_name": "Warmia-Masuria", + "source.geo.location.lat": 51.533, + "source.geo.location.lon": 16.1476, + "source.geo.region_iso_code": "PL-02", + "source.geo.region_name": "Lower Silesia", "source.ip": "83.20.132.250", "source.user.name": "elastic.user@elastic.test.com", "tags": [ @@ -211,14 +211,14 @@ "sophos.xg.status": "Successful", "source.as.number": 5617, "source.as.organization.name": "Orange Polska Spolka Akcyjna", - "source.geo.city_name": "August\u00f3w", + "source.geo.city_name": "Borkowice", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 53.845, - "source.geo.location.lon": 22.985, - "source.geo.region_iso_code": "PL-20", - "source.geo.region_name": "Podlasie", + "source.geo.location.lat": 51.3244, + "source.geo.location.lon": 20.6801, + "source.geo.region_iso_code": "PL-14", + "source.geo.region_name": "Mazovia", "source.ip": "83.9.140.96", "source.user.name": "elastic.user@elastic.test.com", "tags": [ @@ -359,12 +359,12 @@ "sophos.xg.status": "Successful", "source.as.number": 3320, "source.as.organization.name": "Deutsche Telekom AG", - "source.geo.city_name": "Schleidweiler", + "source.geo.city_name": "Trier", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.8808, - "source.geo.location.lon": 6.6593, + "source.geo.location.lat": 49.75, + "source.geo.location.lon": 6.6333, "source.geo.region_iso_code": "DE-RP", "source.geo.region_name": "Rheinland-Pfalz", "source.ip": "217.250.157.135", @@ -468,14 +468,14 @@ "sophos.xg.priority": "Notice", "sophos.xg.reason": "wrong credentials", "sophos.xg.status": "Failed", - "source.as.number": 31334, - "source.as.organization.name": "Vodafone Kabel Deutschland GmbH", - "source.geo.city_name": "Fell", + "source.as.number": 3209, + "source.as.organization.name": "Vodafone GmbH", + "source.geo.city_name": "Trier", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.7667, - "source.geo.location.lon": 6.7833, + "source.geo.location.lat": 49.744, + "source.geo.location.lon": 6.6262, "source.geo.region_iso_code": "DE-RP", "source.geo.region_name": "Rheinland-Pfalz", "source.ip": "91.67.201.4", diff --git a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json index 35557e557da9..20afc60e27a4 100644 --- a/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/firewall.log-expected.json @@ -14,8 +14,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", "destination.geo.country_name": "Slovakia", - "destination.geo.location.lat": 48.15, - "destination.geo.location.lon": 17.1078, + "destination.geo.location.lat": 48.1833, + "destination.geo.location.lon": 17.0379, "destination.geo.region_iso_code": "SK-BL", "destination.geo.region_name": "Bratislava", "destination.ip": "91.228.167.86", @@ -100,11 +100,14 @@ "source.as.number": 8905, "source.as.organization.name": "Digit One LLC", "source.bytes": 459, + "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7386, - "source.geo.location.lon": 37.6068, + "source.geo.location.lat": 55.7483, + "source.geo.location.lon": 37.6171, + "source.geo.region_iso_code": "RU-MOW", + "source.geo.region_name": "Moscow", "source.ip": "172.17.34.15", "source.mac": "00:00:00:00:00:00", "source.nat.ip": "213.167.51.66", @@ -131,8 +134,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "SK", "destination.geo.country_name": "Slovakia", - "destination.geo.location.lat": 48.15, - "destination.geo.location.lon": 17.1078, + "destination.geo.location.lat": 48.1833, + "destination.geo.location.lon": 17.0379, "destination.geo.region_iso_code": "SK-BL", "destination.geo.region_name": "Bratislava", "destination.ip": "91.228.165.117", @@ -217,14 +220,14 @@ "source.as.number": 199567, "source.as.organization.name": "Fr. Sauter AG", "source.bytes": 0, - "source.geo.city_name": "Saint-Prex", + "source.geo.city_name": "Basel", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "CH", "source.geo.country_name": "Switzerland", - "source.geo.location.lat": 46.4796, - "source.geo.location.lon": 6.4599, - "source.geo.region_iso_code": "CH-VD", - "source.geo.region_name": "Vaud", + "source.geo.location.lat": 47.5654, + "source.geo.location.lon": 7.5706, + "source.geo.region_iso_code": "CH-BS", + "source.geo.region_name": "Basel-City", "source.ip": "172.16.66.155", "source.mac": "00:00:00:00:00:00", "source.nat.ip": "185.8.209.194", @@ -424,11 +427,14 @@ "destination.as.number": 42652, "destination.as.organization.name": "inexio Informationstechnologie und Telekommunikation Gmbh", "destination.bytes": 0, + "destination.geo.city_name": "Piesport", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", "destination.geo.country_name": "Germany", - "destination.geo.location.lat": 51.2993, - "destination.geo.location.lon": 9.491, + "destination.geo.location.lat": 49.8855, + "destination.geo.location.lon": 6.9192, + "destination.geo.region_iso_code": "DE-RP", + "destination.geo.region_name": "Rheinland-Pfalz", "destination.ip": "185.7.209.207", "destination.nat.port": 0, "destination.packets": 0, @@ -502,8 +508,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 52.25, - "source.geo.location.lon": 21.0, + "source.geo.location.lat": 52.2484, + "source.geo.location.lon": 21.0026, "source.geo.region_iso_code": "PL-14", "source.geo.region_name": "Mazovia", "source.ip": "51.77.56.9", @@ -1065,7 +1071,7 @@ "client.packets": 0, "client.port": 1353, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1487,7 +1493,7 @@ "client.packets": 0, "client.port": 1571, "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 0, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -1746,7 +1752,7 @@ "client.nat.port": 0, "client.packets": 0, "destination.as.number": 109, - "destination.as.organization.name": "Cisco Systems, Inc.", + "destination.as.organization.name": "CISCOSYSTEMS", "destination.bytes": 0, "destination.geo.city_name": "Richardson", "destination.geo.continent_name": "North America", diff --git a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json index 2dcaffd634e3..9fa3c1192684 100644 --- a/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/idp.log-expected.json @@ -60,13 +60,16 @@ "sophos.xg.rule_priority": "2", "sophos.xg.src_country_code": "ROU", "sophos.xg.target": "Server", - "source.as.number": 28684, - "source.as.organization.name": "Bestnet Service SRL", + "source.as.number": 9009, + "source.as.organization.name": "M247 Ltd", + "source.geo.city_name": "Milan", "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RO", - "source.geo.country_name": "Romania", - "source.geo.location.lat": 46.0, - "source.geo.location.lon": 25.0, + "source.geo.country_iso_code": "IT", + "source.geo.country_name": "Italy", + "source.geo.location.lat": 45.4722, + "source.geo.location.lon": 9.1922, + "source.geo.region_iso_code": "IT-MI", + "source.geo.region_name": "Milan", "source.ip": "89.40.182.58", "source.port": 41528, "tags": [ @@ -135,15 +138,13 @@ "sophos.xg.rule_priority": "1", "sophos.xg.src_country_code": "CHN", "sophos.xg.target": "Server", - "source.as.number": 4808, - "source.as.organization.name": "China Unicom Beijing Province Network", + "source.as.number": 9808, + "source.as.organization.name": "Guangdong Mobile Communication Co.Ltd.", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 31.0449, - "source.geo.location.lon": 121.4012, - "source.geo.region_iso_code": "CN-SH", - "source.geo.region_name": "Shanghai", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "117.50.11.192", "source.port": 58914, "tags": [ @@ -214,11 +215,14 @@ "sophos.xg.target": "Server", "source.as.number": 1136, "source.as.organization.name": "KPN B.V.", + "source.geo.city_name": "Breda", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "NL", "source.geo.country_name": "Netherlands", - "source.geo.location.lat": 52.3824, - "source.geo.location.lon": 4.8995, + "source.geo.location.lat": 51.5869, + "source.geo.location.lon": 4.7471, + "source.geo.region_iso_code": "NL-NB", + "source.geo.region_name": "North Brabant", "source.ip": "77.61.185.101", "source.port": 59476, "tags": [ diff --git a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json index 055f255a15a1..d063dd6459c2 100644 --- a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json @@ -6,14 +6,14 @@ "destination.as.number": 199567, "destination.as.organization.name": "Fr. Sauter AG", "destination.bytes": 401, - "destination.geo.city_name": "Saint-Prex", + "destination.geo.city_name": "Basel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", "destination.geo.country_name": "Switzerland", - "destination.geo.location.lat": 46.4796, - "destination.geo.location.lon": 6.4599, - "destination.geo.region_iso_code": "CH-VD", - "destination.geo.region_name": "Vaud", + "destination.geo.location.lat": 47.5654, + "destination.geo.location.lon": 7.5706, + "destination.geo.region_iso_code": "CH-BS", + "destination.geo.region_name": "Basel-City", "destination.ip": "185.8.209.207", "event.action": "denied", "event.category": [ @@ -71,8 +71,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 54.5055, - "source.geo.location.lon": 18.5403, + "source.geo.location.lat": 54.5143, + "source.geo.location.lon": 18.5295, "source.geo.region_iso_code": "PL-22", "source.geo.region_name": "Pomerania", "source.ip": "89.68.140.204", @@ -90,14 +90,14 @@ "destination.as.number": 199567, "destination.as.organization.name": "Fr. Sauter AG", "destination.bytes": 200, - "destination.geo.city_name": "Saint-Prex", + "destination.geo.city_name": "Basel", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CH", "destination.geo.country_name": "Switzerland", - "destination.geo.location.lat": 46.4796, - "destination.geo.location.lon": 6.4599, - "destination.geo.region_iso_code": "CH-VD", - "destination.geo.region_name": "Vaud", + "destination.geo.location.lat": 47.5654, + "destination.geo.location.lon": 7.5706, + "destination.geo.region_iso_code": "CH-BS", + "destination.geo.region_name": "Basel-City", "destination.ip": "185.8.209.207", "event.action": "denied", "event.category": [ @@ -156,8 +156,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 54.5055, - "source.geo.location.lon": 18.5403, + "source.geo.location.lat": 54.5143, + "source.geo.location.lon": 18.5295, "source.geo.region_iso_code": "PL-22", "source.geo.region_name": "Pomerania", "source.ip": "89.68.140.204", @@ -316,7 +316,7 @@ "client.bytes": 295, "client.ip": "83.97.20.30", "destination.as.number": 2914, - "destination.as.organization.name": "NTT America, Inc.", + "destination.as.organization.name": "NTT-COMMUNICATIONS-2914", "destination.bytes": 403, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -383,8 +383,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RO", "source.geo.country_name": "Romania", - "source.geo.location.lat": 44.4176, - "source.geo.location.lon": 26.1708, + "source.geo.location.lat": 44.4205, + "source.geo.location.lon": 26.169, "source.geo.region_iso_code": "RO-B", "source.geo.region_name": "Bucuresti", "source.ip": "83.97.20.30", diff --git a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json index a5c384819124..3d5e148f8626 100644 --- a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json +++ b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json @@ -2,7 +2,7 @@ { "@timestamp": "2006-09-08T04:21:52.000Z", "destination.as.number": 36752, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-SP1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -37,8 +37,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_MISS" + "TCP_MISS", + "CONNECT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -70,15 +70,12 @@ { "@timestamp": "2006-09-08T04:22:00.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -97,8 +94,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -109,8 +106,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -142,15 +139,12 @@ { "@timestamp": "2006-09-08T04:22:00.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -170,8 +164,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -182,8 +176,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -241,8 +235,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -300,8 +294,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "text/javascript", "rsa.misc.result_code": "200", @@ -333,15 +327,12 @@ { "@timestamp": "2006-09-08T04:22:03.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -360,8 +351,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -372,8 +363,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -405,12 +396,15 @@ { "@timestamp": "2006-09-08T04:22:04.000Z", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", + "destination.geo.city_name": "Cypress", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, + "destination.geo.location.lat": 29.8772, + "destination.geo.location.lon": -95.6938, + "destination.geo.region_iso_code": "US-TX", + "destination.geo.region_name": "Texas", "destination.ip": [ "66.102.9.147" ], @@ -430,8 +424,8 @@ "www.google-analytics.com" ], "related.ip": [ - "66.102.9.147", - "10.105.21.199" + "10.105.21.199", + "66.102.9.147" ], "related.user": [ "badeyek" @@ -475,15 +469,12 @@ { "@timestamp": "2006-09-08T04:22:04.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -503,8 +494,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -515,8 +506,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -548,15 +539,12 @@ { "@timestamp": "2006-09-08T04:22:04.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -588,8 +576,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -621,15 +609,12 @@ { "@timestamp": "2006-09-08T04:22:05.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -753,15 +738,12 @@ { "@timestamp": "2006-09-08T04:22:05.000Z", "destination.as.number": 36351, - "destination.as.organization.name": "SoftLayer Technologies Inc.", - "destination.geo.city_name": "Dallas", + "destination.as.organization.name": "SOFTLAYER", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 32.9379, - "destination.geo.location.lon": -96.8384, - "destination.geo.region_iso_code": "US-TX", - "destination.geo.region_name": "Texas", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "209.85.16.38" ], @@ -781,8 +763,8 @@ "as.casalemedia.com" ], "related.ip": [ - "10.105.21.199", - "209.85.16.38" + "209.85.16.38", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -793,8 +775,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -848,8 +830,8 @@ "us.bc.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "68.142.213.132" + "68.142.213.132", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -859,8 +841,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_MISS" + "TCP_MISS", + "CONNECT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -917,8 +899,8 @@ "impgb.tradedoubler.com" ], "related.ip": [ - "217.212.240.172", - "10.105.21.199" + "10.105.21.199", + "217.212.240.172" ], "related.user": [ "badeyek" @@ -929,8 +911,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -962,15 +944,15 @@ { "@timestamp": "2006-09-08T04:22:07.000Z", "destination.as.number": 3549, - "destination.as.organization.name": "Level 3 Parent, LLC", - "destination.geo.city_name": "Los Angeles", + "destination.as.organization.name": "LVLT-3549", + "destination.geo.city_name": "Las Vegas", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 34.0675, - "destination.geo.location.lon": -118.3521, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 36.1724, + "destination.geo.location.lon": -115.0677, + "destination.geo.region_iso_code": "US-NV", + "destination.geo.region_name": "Nevada", "destination.ip": [ "206.169.136.22" ], @@ -1002,8 +984,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -1061,8 +1043,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -1094,15 +1076,12 @@ { "@timestamp": "2006-09-08T04:22:09.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -1167,15 +1146,12 @@ { "@timestamp": "2006-09-08T04:22:09.000Z", "destination.as.number": 30633, - "destination.as.organization.name": "Leaseweb USA, Inc.", - "destination.geo.city_name": "Falls Church", + "destination.as.organization.name": "LEASEWEB-USA-WDC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 38.9307, - "destination.geo.location.lon": -77.1673, - "destination.geo.region_iso_code": "US-VA", - "destination.geo.region_name": "Virginia", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, "destination.ip": [ "207.58.145.61" ], @@ -1195,8 +1171,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1207,8 +1183,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -1263,8 +1239,8 @@ "4.adbrite.com" ], "related.ip": [ - "64.127.126.178", - "10.105.21.199" + "10.105.21.199", + "64.127.126.178" ], "related.user": [ "badeyek" @@ -1308,15 +1284,15 @@ { "@timestamp": "2006-09-08T04:22:11.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.161" ], @@ -1336,8 +1312,8 @@ "ff.connextra.com" ], "related.ip": [ - "213.160.98.161", - "10.105.21.199" + "10.105.21.199", + "213.160.98.161" ], "related.user": [ "badeyek" @@ -1381,15 +1357,15 @@ { "@timestamp": "2006-09-08T04:22:15.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.160" ], @@ -1409,8 +1385,8 @@ "dd.connextra.com" ], "related.ip": [ - "213.160.98.160", - "10.105.21.199" + "10.105.21.199", + "213.160.98.160" ], "related.user": [ "badeyek" @@ -1510,7 +1486,7 @@ { "@timestamp": "2006-09-08T04:22:22.000Z", "destination.as.number": 36752, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-SP1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1534,8 +1510,8 @@ "login.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "209.73.177.115" + "209.73.177.115", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1637,7 +1613,7 @@ { "@timestamp": "2006-09-08T04:22:23.000Z", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1705,15 +1681,12 @@ { "@timestamp": "2006-09-08T04:22:24.000Z", "destination.as.number": 36077, - "destination.as.organization.name": "Dynamic ASP Inc.", - "destination.geo.city_name": "Victoria", + "destination.as.organization.name": "DYNAMICHOSTINGBIZ", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", "destination.geo.country_name": "Canada", - "destination.geo.location.lat": 48.4267, - "destination.geo.location.lon": -123.3655, - "destination.geo.region_iso_code": "CA-BC", - "destination.geo.region_name": "British Columbia", + "destination.geo.location.lat": 43.6319, + "destination.geo.location.lon": -79.3716, "destination.ip": [ "204.13.51.238" ], @@ -1732,8 +1705,8 @@ "hi5.com" ], "related.ip": [ - "10.105.47.218", - "204.13.51.238" + "204.13.51.238", + "10.105.47.218" ], "related.user": [ "nazsoau" @@ -1744,8 +1717,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -1775,15 +1748,12 @@ { "@timestamp": "2006-09-08T04:22:24.000Z", "destination.as.number": 36077, - "destination.as.organization.name": "Dynamic ASP Inc.", - "destination.geo.city_name": "Victoria", + "destination.as.organization.name": "DYNAMICHOSTINGBIZ", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", "destination.geo.country_name": "Canada", - "destination.geo.location.lat": 48.4267, - "destination.geo.location.lon": -123.3655, - "destination.geo.region_iso_code": "CA-BC", - "destination.geo.region_name": "British Columbia", + "destination.geo.location.lat": 43.6319, + "destination.geo.location.lon": -79.3716, "destination.ip": [ "204.13.51.238" ], @@ -1846,7 +1816,7 @@ { "@timestamp": "2006-09-08T04:22:25.000Z", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -1870,8 +1840,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "216.155.194.239", - "10.105.33.214" + "10.105.33.214", + "216.155.194.239" ], "related.user": [ "adeolaegbedokun" @@ -1881,8 +1851,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "POST" + "POST", + "TCP_MISS" ], "rsa.misc.content_type": "text/plain", "rsa.misc.result_code": "200", @@ -1940,8 +1910,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -1999,8 +1969,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -2058,8 +2028,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -2091,15 +2061,12 @@ { "@timestamp": "2006-09-08T04:22:27.000Z", "destination.as.number": 36077, - "destination.as.organization.name": "Dynamic ASP Inc.", - "destination.geo.city_name": "Victoria", + "destination.as.organization.name": "DYNAMICHOSTINGBIZ", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", "destination.geo.country_name": "Canada", - "destination.geo.location.lat": 48.4267, - "destination.geo.location.lon": -123.3655, - "destination.geo.region_iso_code": "CA-BC", - "destination.geo.region_name": "British Columbia", + "destination.geo.location.lat": 43.6319, + "destination.geo.location.lon": -79.3716, "destination.ip": [ "204.13.51.238" ], @@ -2118,8 +2085,8 @@ "hi5.com" ], "related.ip": [ - "10.105.47.218", - "204.13.51.238" + "204.13.51.238", + "10.105.47.218" ], "related.user": [ "nazsoau" @@ -2161,15 +2128,12 @@ { "@timestamp": "2006-09-08T04:22:29.000Z", "destination.as.number": 36077, - "destination.as.organization.name": "Dynamic ASP Inc.", - "destination.geo.city_name": "Victoria", + "destination.as.organization.name": "DYNAMICHOSTINGBIZ", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "CA", "destination.geo.country_name": "Canada", - "destination.geo.location.lat": 48.4267, - "destination.geo.location.lon": -123.3655, - "destination.geo.region_iso_code": "CA-BC", - "destination.geo.region_name": "British Columbia", + "destination.geo.location.lat": 43.6319, + "destination.geo.location.lon": -79.3716, "destination.ip": [ "204.13.51.238" ], @@ -2232,7 +2196,7 @@ { "@timestamp": "2006-09-08T04:22:30.000Z", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2256,8 +2220,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "216.155.194.239" + "216.155.194.239", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2267,8 +2231,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "POST" + "POST", + "TCP_MISS" ], "rsa.misc.content_type": "text/plain", "rsa.misc.result_code": "200", @@ -2322,8 +2286,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.194.14" + "68.142.194.14", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2334,8 +2298,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -2367,7 +2331,7 @@ { "@timestamp": "2006-09-08T04:22:33.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2392,8 +2356,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2437,7 +2401,7 @@ { "@timestamp": "2006-09-08T04:22:34.000Z", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2472,8 +2436,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "POST" + "POST", + "TCP_MISS" ], "rsa.misc.content_type": "text/plain", "rsa.misc.result_code": "200", @@ -2504,6 +2468,8 @@ }, { "@timestamp": "2006-09-08T04:22:35.000Z", + "destination.as.number": 10310, + "destination.as.organization.name": "YAHOO-1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2528,8 +2494,8 @@ "address.yahoo.com" ], "related.ip": [ - "209.191.93.51", - "10.105.33.214" + "10.105.33.214", + "209.191.93.51" ], "related.user": [ "adeolaegbedokun" @@ -2540,8 +2506,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -2573,7 +2539,7 @@ { "@timestamp": "2006-09-08T04:22:36.000Z", "destination.as.number": 36856, - "destination.as.organization.name": "Mozilla Corporation", + "destination.as.organization.name": "MOZILLA-MDC1", "destination.geo.city_name": "Sacramento", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -2601,8 +2567,8 @@ "fxfeeds.mozilla.org" ], "related.ip": [ - "10.105.21.199", - "63.245.209.21" + "63.245.209.21", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -2646,7 +2612,7 @@ { "@timestamp": "2006-09-08T04:22:37.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -2737,8 +2703,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "68.142.194.14", - "10.105.33.214" + "10.105.33.214", + "68.142.194.14" ], "related.user": [ "adeolaegbedokun" @@ -2806,8 +2772,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_DENIED" + "TCP_DENIED", + "CONNECT" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -2922,8 +2888,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_DENIED" + "TCP_DENIED", + "POST" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -2979,8 +2945,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_DENIED" + "TCP_DENIED", + "CONNECT" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3012,7 +2978,7 @@ { "@timestamp": "2006-09-08T04:22:38.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3037,8 +3003,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -3049,8 +3015,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3139,7 +3105,7 @@ { "@timestamp": "2006-09-08T04:22:39.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3164,8 +3130,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -3176,8 +3142,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3209,7 +3175,7 @@ { "@timestamp": "2006-09-08T04:22:39.000Z", "destination.as.number": 36646, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-NE1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3244,8 +3210,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_MISS" + "TCP_MISS", + "POST" ], "rsa.misc.content_type": "text/plain", "rsa.misc.result_code": "200", @@ -3277,7 +3243,7 @@ { "@timestamp": "2006-09-08T04:22:39.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3347,7 +3313,7 @@ { "@timestamp": "2006-09-08T04:22:40.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3372,8 +3338,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -3384,8 +3350,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3500,8 +3466,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "POST" + "POST", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3533,7 +3499,7 @@ { "@timestamp": "2006-09-08T04:22:41.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3603,7 +3569,7 @@ { "@timestamp": "2006-09-08T04:22:41.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3628,8 +3594,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3673,7 +3639,7 @@ { "@timestamp": "2006-09-08T04:22:42.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3710,8 +3676,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3743,7 +3709,7 @@ { "@timestamp": "2006-09-08T04:22:42.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -3768,8 +3734,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -3839,8 +3805,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -3898,8 +3864,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -4015,8 +3981,8 @@ "newsrss.bbc.co.uk" ], "related.ip": [ - "212.58.226.33", - "10.105.21.199" + "10.105.21.199", + "212.58.226.33" ], "related.user": [ "badeyek" @@ -4060,7 +4026,7 @@ { "@timestamp": "2006-09-08T04:22:44.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4085,8 +4051,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.231.252" + "68.142.231.252", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4156,8 +4122,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "304", @@ -4215,8 +4181,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "200", @@ -4248,7 +4214,7 @@ { "@timestamp": "2006-09-08T04:22:45.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4273,8 +4239,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -4284,8 +4250,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_MISS" + "TCP_MISS", + "POST" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -4317,15 +4283,15 @@ { "@timestamp": "2006-09-08T04:22:46.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -4390,7 +4356,7 @@ { "@timestamp": "2006-09-08T04:22:48.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4415,8 +4381,8 @@ "radio.music.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -4427,8 +4393,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -4460,7 +4426,7 @@ { "@timestamp": "2006-09-08T04:22:48.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4485,8 +4451,8 @@ "radio.music.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -4497,8 +4463,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -4530,7 +4496,7 @@ { "@timestamp": "2006-09-08T04:22:48.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4567,8 +4533,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -4685,8 +4651,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -4718,15 +4684,15 @@ { "@timestamp": "2006-09-08T04:22:50.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -4746,8 +4712,8 @@ "us.news1.yimg.com" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4758,8 +4724,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "200", @@ -4791,7 +4757,7 @@ { "@timestamp": "2006-09-08T04:22:50.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4816,8 +4782,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4828,8 +4794,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -4861,7 +4827,7 @@ { "@timestamp": "2006-09-08T04:22:51.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -4898,8 +4864,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -4931,15 +4897,15 @@ { "@timestamp": "2006-09-08T04:22:51.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.152" ], @@ -4971,8 +4937,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "application/x-shockwave-flash", "rsa.misc.result_code": "200", @@ -5004,7 +4970,7 @@ { "@timestamp": "2006-09-08T04:22:53.000Z", "destination.as.number": 26101, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-BF1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -5029,8 +4995,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5041,8 +5007,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -5097,8 +5063,8 @@ "us.bc.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.213.132" + "68.142.213.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5109,8 +5075,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -5177,8 +5143,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -5243,8 +5209,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "CONNECT" + "CONNECT", + "TCP_MISS" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -5302,8 +5268,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "304", @@ -5335,15 +5301,15 @@ { "@timestamp": "2006-09-08T04:22:57.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -5363,8 +5329,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "213.160.98.159", - "10.105.33.214" + "10.105.33.214", + "213.160.98.159" ], "related.user": [ "adeolaegbedokun" @@ -5408,15 +5374,15 @@ { "@timestamp": "2006-09-08T04:22:58.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -5436,8 +5402,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5448,8 +5414,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5481,7 +5447,7 @@ { "@timestamp": "2006-09-08T04:22:58.000Z", "destination.as.number": 36752, - "destination.as.organization.name": "Oath Holdings Inc.", + "destination.as.organization.name": "YAHOO-SP1", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -5549,15 +5515,15 @@ { "@timestamp": "2006-09-08T04:22:58.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.167" ], @@ -5622,15 +5588,15 @@ { "@timestamp": "2006-09-08T04:22:58.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -5662,8 +5628,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5754,15 +5720,15 @@ { "@timestamp": "2006-09-08T04:22:59.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.167" ], @@ -5782,8 +5748,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.167" + "213.160.98.167", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5827,15 +5793,15 @@ { "@timestamp": "2006-09-08T04:22:59.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.159" ], @@ -5855,8 +5821,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "213.160.98.159", - "10.105.33.214" + "10.105.33.214", + "213.160.98.159" ], "related.user": [ "adeolaegbedokun" @@ -5867,8 +5833,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5900,15 +5866,15 @@ { "@timestamp": "2006-09-08T04:23:00.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.167" ], @@ -5928,8 +5894,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.167" + "213.160.98.167", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5940,8 +5906,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -6114,8 +6080,8 @@ "launch.adserver.yahoo.com" ], "related.ip": [ - "216.109.125.112", - "10.105.33.214" + "10.105.33.214", + "216.109.125.112" ], "related.user": [ "adeolaegbedokun" @@ -6126,8 +6092,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -6184,8 +6150,8 @@ "uk.f250.mail.yahoo.com" ], "related.ip": [ - "217.12.10.96", - "10.105.21.199" + "10.105.21.199", + "217.12.10.96" ], "related.user": [ "badeyek" @@ -6196,8 +6162,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -6286,15 +6252,15 @@ { "@timestamp": "2006-09-08T04:23:04.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.169" ], @@ -6418,15 +6384,15 @@ { "@timestamp": "2006-09-08T04:23:07.000Z", "destination.as.number": 8190, - "destination.as.organization.name": "MDNX Internet Limited", - "destination.geo.city_name": "London", + "destination.as.organization.name": "MDNX", + "destination.geo.city_name": "Chelmsford", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5064, - "destination.geo.location.lon": -0.02, - "destination.geo.region_iso_code": "GB-ENG", - "destination.geo.region_name": "England", + "destination.geo.location.lat": 51.7626, + "destination.geo.location.lon": 0.471, + "destination.geo.region_iso_code": "GB-ESS", + "destination.geo.region_name": "Essex", "destination.ip": [ "213.160.98.169" ], @@ -6446,8 +6412,8 @@ "us.js2.yimg.com" ], "related.ip": [ - "10.105.21.199", - "213.160.98.169" + "213.160.98.169", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -6458,8 +6424,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "200", @@ -6576,8 +6542,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "200", diff --git a/x-pack/filebeat/module/squid/log/test/generated.log-expected.json b/x-pack/filebeat/module/squid/log/test/generated.log-expected.json index 39d375f06905..bfa75dc8a5b4 100644 --- a/x-pack/filebeat/module/squid/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/squid/log/test/generated.log-expected.json @@ -22,8 +22,8 @@ "example.net" ], "related.ip": [ - "10.234.224.44", - "10.251.224.219" + "10.251.224.219", + "10.234.224.44" ], "related.user": [ "tation" @@ -61,7 +61,6 @@ "url.top_level_domain": "org", "user.name": "tation", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -88,12 +87,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.org", - "example.com" + "example.com", + "www.example.org" ], "related.ip": [ - "10.102.123.34", - "10.70.36.222" + "10.70.36.222", + "10.102.123.34" ], "related.user": [ "doeiu" @@ -133,7 +132,6 @@ "url.top_level_domain": "org", "user.name": "doeiu", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -164,16 +162,16 @@ "example.net" ], "related.ip": [ - "10.142.172.64", - "10.15.135.248" + "10.15.135.248", + "10.142.172.64" ], "related.user": [ "tia" ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "OPTIONS", - "accept" + "accept", + "OPTIONS" ], "rsa.misc.content_type": "iatu", "rsa.misc.result_code": "temvel", @@ -205,7 +203,6 @@ "url.top_level_domain": "com", "user.name": "tia", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -235,16 +232,16 @@ "mail.example.com" ], "related.ip": [ - "10.44.134.153", - "10.81.122.126" + "10.81.122.126", + "10.44.134.153" ], "rsa.internal.messageid": "GET", "rsa.investigations.ec_activity": "Request", "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "allow" + "allow", + "GET" ], "rsa.misc.content_type": "taev", "rsa.misc.result_code": "quiavo", @@ -276,7 +273,6 @@ "url.subdomain": "api", "url.top_level_domain": "org", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -303,8 +299,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "api.example.net" + "api.example.net", + "api.example.org" ], "related.ip": [ "10.160.95.56", @@ -315,8 +311,8 @@ ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "cancel", - "PUT" + "PUT", + "cancel" ], "rsa.misc.content_type": "aquaeabi", "rsa.misc.result_code": "laboreet", @@ -348,7 +344,6 @@ "url.top_level_domain": "org", "user.name": "onev", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -379,8 +374,8 @@ "api.example.com" ], "related.ip": [ - "10.12.195.60", - "10.175.107.139" + "10.175.107.139", + "10.12.195.60" ], "related.user": [ "mrema" @@ -423,7 +418,6 @@ "url.top_level_domain": "org", "user.name": "mrema", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -495,7 +489,6 @@ "url.top_level_domain": "com", "user.name": "tsed", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -522,12 +515,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.net", - "example.org" + "example.org", + "internal.example.net" ], "related.ip": [ - "10.34.9.93", - "10.116.120.216" + "10.116.120.216", + "10.34.9.93" ], "related.user": [ "umdo" @@ -565,7 +558,6 @@ "url.top_level_domain": "org", "user.name": "umdo", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -592,8 +584,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "example.org" + "example.org", + "mail.example.net" ], "related.ip": [ "10.30.216.41", @@ -638,7 +630,6 @@ "url.top_level_domain": "org", "user.name": "saute", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -665,12 +656,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.org", - "www5.example.org" + "www5.example.org", + "mail.example.org" ], "related.ip": [ - "10.8.88.110", - "10.203.172.203" + "10.203.172.203", + "10.8.88.110" ], "related.user": [ "Nemoeni" @@ -712,7 +703,6 @@ "url.top_level_domain": "org", "user.name": "Nemoeni", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -750,8 +740,8 @@ ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "UNLOCK", - "allow" + "allow", + "UNLOCK" ], "rsa.misc.content_type": "adm", "rsa.misc.result_code": "quam", @@ -783,7 +773,6 @@ "url.top_level_domain": "org", "user.name": "aliq", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -814,8 +803,8 @@ "internal.example.net" ], "related.ip": [ - "10.210.74.24", - "10.201.76.240" + "10.201.76.240", + "10.210.74.24" ], "related.user": [ "uines" @@ -855,7 +844,6 @@ "url.top_level_domain": "net", "user.name": "uines", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -890,8 +878,8 @@ ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "deny", - "COPY" + "COPY", + "deny" ], "rsa.misc.content_type": "eli", "rsa.misc.result_code": "tatn", @@ -923,7 +911,6 @@ "url.top_level_domain": "org", "user.name": "xeac", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -954,16 +941,16 @@ "www.example.com" ], "related.ip": [ - "10.134.161.118", - "10.200.199.166" + "10.200.199.166", + "10.134.161.118" ], "related.user": [ "ipitla" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "block", - "COPY" + "COPY", + "block" ], "rsa.misc.content_type": "uptat", "rsa.misc.result_code": "maccusa", @@ -995,7 +982,6 @@ "url.top_level_domain": "org", "user.name": "ipitla", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -1026,16 +1012,16 @@ "www5.example.com" ], "related.ip": [ - "10.122.46.71", - "10.76.3.41" + "10.76.3.41", + "10.122.46.71" ], "related.user": [ "aturve" ], "rsa.internal.messageid": "NONE", "rsa.misc.action": [ - "allow", - "NONE" + "NONE", + "allow" ], "rsa.misc.content_type": "aaliquaU", "rsa.misc.result_code": "mpori", @@ -1067,7 +1053,6 @@ "url.top_level_domain": "org", "user.name": "aturve", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -1139,7 +1124,6 @@ "url.top_level_domain": "net", "user.name": "itame", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -1166,12 +1150,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "api.example.net" + "api.example.net", + "www5.example.net" ], "related.ip": [ - "10.236.248.65", - "10.61.242.75" + "10.61.242.75", + "10.236.248.65" ], "related.user": [ "iquidex" @@ -1214,7 +1198,6 @@ "url.top_level_domain": "net", "user.name": "iquidex", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1286,7 +1269,6 @@ "url.top_level_domain": "com", "user.name": "etdol", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1328,8 +1310,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "accept" + "accept", + "GET" ], "rsa.misc.content_type": "tcons", "rsa.misc.result_code": "tsu", @@ -1361,7 +1343,6 @@ "url.top_level_domain": "net", "user.name": "isnisiu", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1388,8 +1369,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "mail.example.net" + "mail.example.net", + "api.example.org" ], "related.ip": [ "10.90.86.89", @@ -1433,7 +1414,6 @@ "url.top_level_domain": "org", "user.name": "lapar", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -1464,16 +1444,16 @@ "www5.example.net" ], "related.ip": [ - "10.14.48.16", - "10.14.211.43" + "10.14.211.43", + "10.14.48.16" ], "related.user": [ "volupt" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "PROPFIND", - "cancel" + "cancel", + "PROPFIND" ], "rsa.misc.content_type": "Utenima", "rsa.misc.result_code": "uiinea", @@ -1505,7 +1485,6 @@ "url.top_level_domain": "org", "user.name": "volupt", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1546,8 +1525,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "block", - "CONNECT" + "CONNECT", + "block" ], "rsa.misc.content_type": "iusmodi", "rsa.misc.result_code": "etcons", @@ -1579,7 +1558,6 @@ "url.top_level_domain": "net", "user.name": "reetdolo", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -1651,7 +1629,6 @@ "url.top_level_domain": "net", "user.name": "tlab", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1682,16 +1659,16 @@ "mail.example.com" ], "related.ip": [ - "10.93.220.10", - "10.27.58.92" + "10.27.58.92", + "10.93.220.10" ], "related.user": [ "qui" ], "rsa.internal.messageid": "PROPATCH", "rsa.misc.action": [ - "accept", - "PROPATCH" + "PROPATCH", + "accept" ], "rsa.misc.content_type": "squirati", "rsa.misc.result_code": "Nemoenim", @@ -1723,7 +1700,6 @@ "url.top_level_domain": "net", "user.name": "qui", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1795,7 +1771,6 @@ "url.top_level_domain": "net", "user.name": "ntexplic", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1867,7 +1842,6 @@ "url.top_level_domain": "net", "user.name": "mquelau", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1908,8 +1882,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "CONNECT" + "CONNECT", + "accept" ], "rsa.misc.content_type": "seq", "rsa.misc.result_code": "edic", @@ -1941,7 +1915,6 @@ "url.top_level_domain": "org", "user.name": "ice", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1968,8 +1941,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.com", - "www.example.net" + "www.example.net", + "api.example.com" ], "related.ip": [ "10.69.139.26", @@ -2013,7 +1986,6 @@ "url.top_level_domain": "net", "user.name": "edqui", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2040,8 +2012,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.org", - "www5.example.org" + "www5.example.org", + "mail.example.org" ], "related.ip": [ "10.10.213.83", @@ -2052,8 +2024,8 @@ ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "COPY", - "accept" + "accept", + "COPY" ], "rsa.misc.content_type": "onulam", "rsa.misc.result_code": "ugiat", @@ -2085,7 +2057,6 @@ "url.top_level_domain": "org", "user.name": "onsecte", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2112,20 +2083,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.org", - "api.example.org" + "api.example.org", + "example.org" ], "related.ip": [ - "10.125.131.91", - "10.116.230.217" + "10.116.230.217", + "10.125.131.91" ], "related.user": [ "isis" ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "UNLOCK", - "block" + "block", + "UNLOCK" ], "rsa.misc.content_type": "emUteni", "rsa.misc.result_code": "utlab", @@ -2155,7 +2126,6 @@ "url.top_level_domain": "org", "user.name": "isis", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2184,8 +2154,8 @@ "mail.example.com" ], "related.ip": [ - "10.119.90.128", - "10.26.96.202" + "10.26.96.202", + "10.119.90.128" ], "related.user": [ "oraincid" @@ -2225,7 +2195,6 @@ "url.top_level_domain": "com", "user.name": "oraincid", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -2252,8 +2221,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.com", - "api.example.net" + "api.example.net", + "mail.example.com" ], "related.ip": [ "10.76.110.144", @@ -2300,7 +2269,6 @@ "url.top_level_domain": "net", "user.name": "upt", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -2327,8 +2295,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.org", - "www.example.org" + "www.example.org", + "internal.example.org" ], "related.ip": [ "10.135.46.242", @@ -2339,8 +2307,8 @@ ], "rsa.internal.messageid": "MOVE", "rsa.misc.action": [ - "deny", - "MOVE" + "MOVE", + "deny" ], "rsa.misc.content_type": "elites", "rsa.misc.result_code": "oremi", @@ -2372,7 +2340,6 @@ "url.top_level_domain": "org", "user.name": "xeaco", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -2402,8 +2369,8 @@ "internal.example.org" ], "related.ip": [ - "10.154.53.249", - "10.27.44.4" + "10.27.44.4", + "10.154.53.249" ], "related.user": [ "autodit" @@ -2443,7 +2410,6 @@ "url.top_level_domain": "org", "user.name": "autodit", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -2482,8 +2448,8 @@ ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "cancel", - "COPY" + "COPY", + "cancel" ], "rsa.misc.content_type": "iusmodte", "rsa.misc.result_code": "ntutlabo", @@ -2515,7 +2481,6 @@ "url.top_level_domain": "net", "user.name": "reetd", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -2554,8 +2519,8 @@ ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "block", - "UNLOCK" + "UNLOCK", + "block" ], "rsa.misc.content_type": "commodi", "rsa.misc.result_code": "ssecil", @@ -2587,7 +2552,6 @@ "url.top_level_domain": "com", "user.name": "atu", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2656,7 +2620,6 @@ "url.registered_domain": "example.net", "url.top_level_domain": "net", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -2683,8 +2646,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "api.example.org" + "api.example.org", + "www5.example.net" ], "related.ip": [ "10.211.234.224", @@ -2728,7 +2691,6 @@ "url.top_level_domain": "net", "user.name": "Duisa", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2755,8 +2717,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "www5.example.net" + "www5.example.net", + "mail.example.net" ], "related.ip": [ "10.11.83.126", @@ -2800,7 +2762,6 @@ "url.top_level_domain": "net", "user.name": "atu", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2827,8 +2788,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "api.example.com" + "api.example.com", + "www5.example.com" ], "related.ip": [ "10.228.77.21", @@ -2839,8 +2800,8 @@ ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "PUT", - "cancel" + "cancel", + "PUT" ], "rsa.misc.content_type": "mod", "rsa.misc.result_code": "gnaa", @@ -2872,7 +2833,6 @@ "url.top_level_domain": "com", "user.name": "onse", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -2903,8 +2863,8 @@ "www5.example.net" ], "related.ip": [ - "10.20.28.92", - "10.102.215.23" + "10.102.215.23", + "10.20.28.92" ], "related.user": [ "ntexpl" @@ -2913,8 +2873,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "allow" + "allow", + "POST" ], "rsa.misc.content_type": "nderiti", "rsa.misc.result_code": "litsedq", @@ -2946,7 +2906,6 @@ "url.top_level_domain": "net", "user.name": "ntexpl", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2975,8 +2934,8 @@ "www5.example.com" ], "related.ip": [ - "10.45.28.159", - "10.17.87.79" + "10.17.87.79", + "10.45.28.159" ], "related.user": [ "tionula" @@ -3016,7 +2975,6 @@ "url.top_level_domain": "net", "user.name": "tionula", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -3043,8 +3001,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.com", - "internal.example.com" + "internal.example.com", + "api.example.com" ], "related.ip": [ "10.177.238.45", @@ -3088,7 +3046,6 @@ "url.top_level_domain": "com", "user.name": "rsp", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3130,8 +3087,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "GET" + "GET", + "accept" ], "rsa.misc.content_type": "radi", "rsa.misc.result_code": "Finibus", @@ -3163,7 +3120,6 @@ "url.top_level_domain": "org", "user.name": "liquid", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3190,12 +3146,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.net", - "www5.example.org" + "www5.example.org", + "example.net" ], "related.ip": [ - "10.231.7.209", - "10.24.54.129" + "10.24.54.129", + "10.231.7.209" ], "related.user": [ "eavol" @@ -3205,8 +3161,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "HEAD", - "block" + "block", + "HEAD" ], "rsa.misc.content_type": "scipitl", "rsa.misc.result_code": "temaccu", @@ -3236,7 +3192,6 @@ "url.top_level_domain": "net", "user.name": "eavol", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3310,7 +3265,6 @@ "url.top_level_domain": "org", "user.name": "BCS", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3337,12 +3291,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.com", - "www.example.com" + "www.example.com", + "mail.example.com" ], "related.ip": [ - "10.116.146.114", - "10.51.236.148" + "10.51.236.148", + "10.116.146.114" ], "related.user": [ "obea" @@ -3382,7 +3336,6 @@ "url.top_level_domain": "com", "user.name": "obea", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -3413,16 +3366,16 @@ "internal.example.net" ], "related.ip": [ - "10.217.222.99", - "10.244.108.135" + "10.244.108.135", + "10.217.222.99" ], "related.user": [ "amvolu" ], "rsa.internal.messageid": "NONE", "rsa.misc.action": [ - "NONE", - "block" + "block", + "NONE" ], "rsa.misc.content_type": "tobeatae", "rsa.misc.result_code": "tion", @@ -3454,7 +3407,6 @@ "url.top_level_domain": "net", "user.name": "amvolu", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3481,12 +3433,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "www.example.net" + "www.example.net", + "api.example.org" ], "related.ip": [ - "10.150.198.112", - "10.4.69.152" + "10.4.69.152", + "10.150.198.112" ], "related.user": [ "mexer" @@ -3526,7 +3478,6 @@ "url.top_level_domain": "org", "user.name": "mexer", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -3557,8 +3508,8 @@ "www5.example.org" ], "related.ip": [ - "10.45.114.111", - "10.45.54.107" + "10.45.54.107", + "10.45.114.111" ], "related.user": [ "nse" @@ -3598,7 +3549,6 @@ "url.top_level_domain": "org", "user.name": "nse", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -3625,8 +3575,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "www5.example.net" + "www5.example.net", + "mail.example.net" ], "related.ip": [ "10.49.242.174", @@ -3670,7 +3620,6 @@ "url.top_level_domain": "net", "user.name": "untutlab", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3701,8 +3650,8 @@ "www5.example.org" ], "related.ip": [ - "10.183.223.149", - "10.17.202.219" + "10.17.202.219", + "10.183.223.149" ], "related.user": [ "odoco" @@ -3745,7 +3694,6 @@ "url.top_level_domain": "org", "user.name": "odoco", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -3768,8 +3716,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.org", - "internal.example.net" + "internal.example.net", + "internal.example.org" ], "related.ip": [ "10.81.140.173", @@ -3813,7 +3761,6 @@ "url.top_level_domain": "net", "user.name": "etdol", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -3848,8 +3795,8 @@ ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "OPTIONS", - "accept" + "accept", + "OPTIONS" ], "rsa.misc.content_type": "eacommo", "rsa.misc.result_code": "hend", @@ -3881,7 +3828,6 @@ "url.top_level_domain": "net", "user.name": "identsu", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -3904,8 +3850,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "mail.example.com" + "mail.example.com", + "www5.example.net" ], "related.ip": [ "10.172.148.223", @@ -3949,7 +3895,6 @@ "url.top_level_domain": "com", "user.name": "enimadm", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -3976,12 +3921,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.net", - "www5.example.com" + "www5.example.com", + "internal.example.net" ], "related.ip": [ - "10.232.19.43", - "10.93.159.170" + "10.93.159.170", + "10.232.19.43" ], "related.user": [ "riame" @@ -4024,7 +3969,6 @@ "url.top_level_domain": "com", "user.name": "riame", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4051,12 +3995,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "example.net" + "example.net", + "api.example.net" ], "related.ip": [ - "10.55.55.72", - "10.207.97.192" + "10.207.97.192", + "10.55.55.72" ], "related.user": [ "asp" @@ -4096,7 +4040,6 @@ "url.top_level_domain": "net", "user.name": "asp", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -4127,16 +4070,16 @@ "www5.example.net" ], "related.ip": [ - "10.89.73.240", - "10.41.156.88" + "10.41.156.88", + "10.89.73.240" ], "related.user": [ "ntorever" ], "rsa.internal.messageid": "MOVE", "rsa.misc.action": [ - "MOVE", - "deny" + "deny", + "MOVE" ], "rsa.misc.content_type": "seos", "rsa.misc.result_code": "fugiatqu", @@ -4168,7 +4111,6 @@ "url.top_level_domain": "net", "user.name": "ntorever", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4209,8 +4151,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "allow" + "allow", + "CONNECT" ], "rsa.misc.content_type": "oreverit", "rsa.misc.result_code": "abor", @@ -4242,7 +4184,6 @@ "url.top_level_domain": "org", "user.name": "mcorpo", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4269,16 +4210,16 @@ "internal.example.org" ], "related.ip": [ - "10.181.177.74", - "10.130.150.189" + "10.130.150.189", + "10.181.177.74" ], "related.user": [ "nvo" ], "rsa.internal.messageid": "LOCK", "rsa.misc.action": [ - "accept", - "LOCK" + "LOCK", + "accept" ], "rsa.misc.content_type": "colabori", "rsa.misc.result_code": "tassita", @@ -4310,7 +4251,6 @@ "url.top_level_domain": "org", "user.name": "nvo", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4337,8 +4277,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "api.example.net" + "api.example.net", + "api.example.org" ], "related.ip": [ "10.76.220.3", @@ -4352,8 +4292,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "deny", - "GET" + "GET", + "deny" ], "rsa.misc.content_type": "liqua", "rsa.misc.result_code": "nderi", @@ -4385,7 +4325,6 @@ "url.top_level_domain": "org", "user.name": "userror", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4416,8 +4355,8 @@ "www.example.com" ], "related.ip": [ - "10.166.160.217", - "10.219.245.58" + "10.219.245.58", + "10.166.160.217" ], "related.user": [ "radip" @@ -4457,7 +4396,6 @@ "url.top_level_domain": "com", "user.name": "radip", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4486,16 +4424,16 @@ "example.com" ], "related.ip": [ - "10.183.243.246", - "10.121.121.153" + "10.121.121.153", + "10.183.243.246" ], "related.user": [ "tatio" ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "UNLOCK", - "cancel" + "cancel", + "UNLOCK" ], "rsa.misc.content_type": "magnam", "rsa.misc.result_code": "modoc", @@ -4527,7 +4465,6 @@ "url.top_level_domain": "org", "user.name": "tatio", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -4558,16 +4495,16 @@ "www.example.com" ], "related.ip": [ - "10.202.224.209", - "10.54.5.47" + "10.54.5.47", + "10.202.224.209" ], "related.user": [ "aturv" ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "OPTIONS", - "cancel" + "cancel", + "OPTIONS" ], "rsa.misc.content_type": "umf", "rsa.misc.result_code": "obeataev", @@ -4599,7 +4536,6 @@ "url.top_level_domain": "net", "user.name": "aturv", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4626,8 +4562,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.com", - "mail.example.net" + "mail.example.net", + "mail.example.com" ], "related.ip": [ "10.170.234.233", @@ -4638,8 +4574,8 @@ ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "allow", - "PROPFIND" + "PROPFIND", + "allow" ], "rsa.misc.content_type": "uido", "rsa.misc.result_code": "lab", @@ -4671,7 +4607,6 @@ "url.top_level_domain": "net", "user.name": "uatu", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4710,8 +4645,8 @@ ], "rsa.internal.messageid": "DELETE", "rsa.misc.action": [ - "DELETE", - "allow" + "allow", + "DELETE" ], "rsa.misc.content_type": "scivelit", "rsa.misc.result_code": "liquaUte", @@ -4743,7 +4678,6 @@ "url.top_level_domain": "org", "user.name": "odic", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -4770,8 +4704,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "api.example.net" + "api.example.net", + "example.com" ], "related.ip": [ "10.62.188.193", @@ -4815,7 +4749,6 @@ "url.top_level_domain": "net", "user.name": "quaU", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4842,16 +4775,16 @@ "www.example.net" ], "related.ip": [ - "10.172.139.78", - "10.68.198.188" + "10.68.198.188", + "10.172.139.78" ], "related.user": [ "onsectet" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "COPY", - "block" + "block", + "COPY" ], "rsa.misc.content_type": "animid", "rsa.misc.result_code": "inea", @@ -4883,7 +4816,6 @@ "url.top_level_domain": "net", "user.name": "onsectet", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4910,8 +4842,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.org", - "api.example.net" + "api.example.net", + "www.example.org" ], "related.ip": [ "10.172.47.7", @@ -4957,7 +4889,6 @@ "url.top_level_domain": "org", "user.name": "midestl", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4982,12 +4913,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "example.org" + "example.org", + "api.example.org" ], "related.ip": [ - "10.62.10.137", - "10.32.98.109" + "10.32.98.109", + "10.62.10.137" ], "related.user": [ "deomnisi" @@ -5025,7 +4956,6 @@ "url.top_level_domain": "org", "user.name": "deomnisi", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5097,7 +5027,6 @@ "url.top_level_domain": "net", "user.name": "oeiusmo", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -5123,12 +5052,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "internal.example.com" + "internal.example.com", + "api.example.org" ], "related.ip": [ - "10.194.198.46", - "10.88.98.31" + "10.88.98.31", + "10.194.198.46" ], "rsa.internal.messageid": "GET", "rsa.investigations.ec_activity": "Request", @@ -5168,7 +5097,6 @@ "url.subdomain": "api", "url.top_level_domain": "org", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5195,8 +5123,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "www5.example.com" + "www5.example.com", + "example.com" ], "related.ip": [ "10.5.49.20", @@ -5238,7 +5166,6 @@ "url.top_level_domain": "com", "user.name": "tationu", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -5269,8 +5196,8 @@ "internal.example.com" ], "related.ip": [ - "10.70.244.155", - "10.11.73.145" + "10.11.73.145", + "10.70.244.155" ], "related.user": [ "caboNemo" @@ -5312,7 +5239,6 @@ "url.top_level_domain": "org", "user.name": "caboNemo", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5339,8 +5265,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "internal.example.com" + "internal.example.com", + "www5.example.net" ], "related.ip": [ "10.204.214.98", @@ -5351,8 +5277,8 @@ ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "accept", - "PURGE" + "PURGE", + "accept" ], "rsa.misc.content_type": "uames", "rsa.misc.result_code": "moenimip", @@ -5384,7 +5310,6 @@ "url.top_level_domain": "net", "user.name": "cillumdo", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5415,8 +5340,8 @@ "api.example.net" ], "related.ip": [ - "10.74.115.33", - "10.139.151.19" + "10.139.151.19", + "10.74.115.33" ], "related.user": [ "roquisq" @@ -5456,7 +5381,6 @@ "url.top_level_domain": "net", "user.name": "roquisq", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5528,7 +5452,6 @@ "url.top_level_domain": "net", "user.name": "isi", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -5600,7 +5523,6 @@ "url.top_level_domain": "com", "user.name": "aparia", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5639,8 +5561,8 @@ ], "rsa.internal.messageid": "LOCK", "rsa.misc.action": [ - "LOCK", - "deny" + "deny", + "LOCK" ], "rsa.misc.content_type": "etur", "rsa.misc.result_code": "remeum", @@ -5672,7 +5594,6 @@ "url.top_level_domain": "com", "user.name": "onemul", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -5699,20 +5620,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.org", - "example.com" + "example.com", + "internal.example.org" ], "related.ip": [ - "10.18.199.203", - "10.0.0.240" + "10.0.0.240", + "10.18.199.203" ], "related.user": [ "ittenb" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "allow", - "PROPFIND" + "PROPFIND", + "allow" ], "rsa.misc.content_type": "llum", "rsa.misc.result_code": "ntut", @@ -5744,7 +5665,6 @@ "url.top_level_domain": "org", "user.name": "ittenb", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5771,20 +5691,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "www5.example.org" + "www5.example.org", + "www5.example.com" ], "related.ip": [ - "10.73.80.251", - "10.1.220.47" + "10.1.220.47", + "10.73.80.251" ], "related.user": [ "ercitati" ], "rsa.internal.messageid": "NONE", "rsa.misc.action": [ - "NONE", - "allow" + "allow", + "NONE" ], "rsa.misc.content_type": "lumquid", "rsa.misc.result_code": "serro", @@ -5816,7 +5736,6 @@ "url.top_level_domain": "com", "user.name": "ercitati", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -5847,16 +5766,16 @@ "www.example.net" ], "related.ip": [ - "10.22.34.206", - "10.153.109.61" + "10.153.109.61", + "10.22.34.206" ], "related.user": [ "mve" ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "PURGE", - "block" + "block", + "PURGE" ], "rsa.misc.content_type": "velites", "rsa.misc.result_code": "uasiarch", @@ -5888,7 +5807,6 @@ "url.top_level_domain": "net", "user.name": "mve", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -5915,8 +5833,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.com", - "www.example.net" + "www.example.net", + "mail.example.com" ], "related.ip": [ "10.62.168.226", @@ -5929,8 +5847,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "allow", - "CONNECT" + "CONNECT", + "allow" ], "rsa.misc.content_type": "sequamn", "rsa.misc.result_code": "eirured", @@ -5962,7 +5880,6 @@ "url.top_level_domain": "net", "user.name": "ipsa", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5993,16 +5910,16 @@ "example.com" ], "related.ip": [ - "10.97.33.56", - "10.128.84.27" + "10.128.84.27", + "10.97.33.56" ], "related.user": [ "ptate" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "COPY", - "block" + "block", + "COPY" ], "rsa.misc.content_type": "utla", "rsa.misc.result_code": "umfu", @@ -6032,7 +5949,6 @@ "url.top_level_domain": "com", "user.name": "ptate", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6105,7 +6021,6 @@ "url.top_level_domain": "com", "user.name": "ore", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6136,16 +6051,16 @@ "internal.example.com" ], "related.ip": [ - "10.33.112.100", - "10.213.100.153" + "10.213.100.153", + "10.33.112.100" ], "related.user": [ "enimad" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "PROPFIND", - "block" + "block", + "PROPFIND" ], "rsa.misc.content_type": "ionev", "rsa.misc.result_code": "velillum", @@ -6177,7 +6092,6 @@ "url.top_level_domain": "org", "user.name": "enimad", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -6204,12 +6118,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "example.net" + "example.net", + "api.example.net" ], "related.ip": [ - "10.25.53.93", - "10.216.143.226" + "10.216.143.226", + "10.25.53.93" ], "related.user": [ "oremeu" @@ -6251,7 +6165,6 @@ "url.top_level_domain": "net", "user.name": "oremeu", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -6278,12 +6191,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "www.example.net" + "www.example.net", + "example.com" ], "related.ip": [ - "10.246.115.57", - "10.139.195.188" + "10.139.195.188", + "10.246.115.57" ], "related.user": [ "mSecti" @@ -6326,7 +6239,6 @@ "url.top_level_domain": "net", "user.name": "mSecti", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6398,7 +6310,6 @@ "url.top_level_domain": "com", "user.name": "ita", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -6437,8 +6348,8 @@ ], "rsa.internal.messageid": "DELETE", "rsa.misc.action": [ - "accept", - "DELETE" + "DELETE", + "accept" ], "rsa.misc.content_type": "onsequ", "rsa.misc.result_code": "strud", @@ -6470,7 +6381,6 @@ "url.top_level_domain": "com", "user.name": "tvolu", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6544,7 +6454,6 @@ "url.top_level_domain": "org", "user.name": "lumd", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6575,8 +6484,8 @@ "internal.example.com" ], "related.ip": [ - "10.6.88.105", - "10.187.86.64" + "10.187.86.64", + "10.6.88.105" ], "related.user": [ "rem" @@ -6616,7 +6525,6 @@ "url.top_level_domain": "com", "user.name": "rem", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6643,12 +6551,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.org", - "example.com" + "example.com", + "mail.example.org" ], "related.ip": [ - "10.163.9.35", - "10.252.146.132" + "10.252.146.132", + "10.163.9.35" ], "related.user": [ "umq" @@ -6657,8 +6565,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "accept" + "accept", + "CONNECT" ], "rsa.misc.content_type": "ota", "rsa.misc.result_code": "oremip", @@ -6690,7 +6598,6 @@ "url.top_level_domain": "org", "user.name": "umq", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6721,8 +6628,8 @@ "api.example.org" ], "related.ip": [ - "10.235.160.245", - "10.249.101.177" + "10.249.101.177", + "10.235.160.245" ], "related.user": [ "upta" @@ -6762,7 +6669,6 @@ "url.top_level_domain": "com", "user.name": "upta", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6801,8 +6707,8 @@ ], "rsa.internal.messageid": "TRACE", "rsa.misc.action": [ - "block", - "TRACE" + "TRACE", + "block" ], "rsa.misc.content_type": "umq", "rsa.misc.result_code": "nse", @@ -6834,7 +6740,6 @@ "url.top_level_domain": "com", "user.name": "tinv", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6861,8 +6766,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "example.net" + "example.net", + "example.com" ], "related.ip": [ "10.67.148.40", @@ -6873,8 +6778,8 @@ ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "OPTIONS", - "deny" + "deny", + "OPTIONS" ], "rsa.misc.content_type": "siuta", "rsa.misc.result_code": "emveleum", @@ -6904,7 +6809,6 @@ "url.top_level_domain": "net", "user.name": "squamest", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -6929,20 +6833,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.com", - "www.example.org" + "www.example.org", + "api.example.com" ], "related.ip": [ - "10.83.154.75", - "10.37.33.179" + "10.37.33.179", + "10.83.154.75" ], "related.user": [ "eatae" ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "accept", - "UNLOCK" + "UNLOCK", + "accept" ], "rsa.misc.content_type": "sum", "rsa.misc.result_code": "oloremq", @@ -6974,7 +6878,6 @@ "url.top_level_domain": "com", "user.name": "eatae", "user_agent.device.name": "Meizu M6", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -7001,8 +6904,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "www5.example.org" + "www5.example.org", + "www5.example.net" ], "related.ip": [ "10.14.29.202", @@ -7013,8 +6916,8 @@ ], "rsa.internal.messageid": "MKOL", "rsa.misc.action": [ - "deny", - "MKOL" + "MKOL", + "deny" ], "rsa.misc.content_type": "itse", "rsa.misc.result_code": "qui", @@ -7046,7 +6949,6 @@ "url.top_level_domain": "net", "user.name": "usmod", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -7073,12 +6975,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "api.example.com" + "api.example.com", + "example.com" ], "related.ip": [ - "10.221.86.133", - "10.204.223.184" + "10.204.223.184", + "10.221.86.133" ], "related.user": [ "ptasnul" @@ -7120,7 +7022,6 @@ "url.top_level_domain": "com", "user.name": "ptasnul", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -7151,16 +7052,16 @@ "api.example.org" ], "related.ip": [ - "10.195.4.70", - "10.229.39.190" + "10.229.39.190", + "10.195.4.70" ], "related.user": [ "edictas" ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "PUT", - "deny" + "deny", + "PUT" ], "rsa.misc.content_type": "exeaco", "rsa.misc.result_code": "rmagnido", @@ -7192,7 +7093,6 @@ "url.top_level_domain": "com", "user.name": "edictas", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json index 32f58f199c20..9ba851e7c409 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json @@ -45,15 +45,14 @@ "rule.name": "GPL ATTACK_RESPONSE id check returned root", "service.type": "suricata", "source.address": "52.222.141.99", + "source.as.number": 16509, + "source.as.organization.name": "AMAZON-02", "source.bytes": 496, - "source.geo.city_name": "Seattle", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 47.6348, - "source.geo.location.lon": -122.3451, - "source.geo.region_iso_code": "US-WA", - "source.geo.region_name": "Washington", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, "source.ip": "52.222.141.99", "source.mac": "00:03:2d:3f:e5:63", "source.packets": 6, @@ -81,7 +80,6 @@ "url.original": "/uid/index.html", "url.path": "/uid/index.html", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json index b36753a368cc..99cbcc9ad16d 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2018-10-03T14:42:44.836Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.net", "destination.geo.city_name": "Norwell", @@ -76,7 +76,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -85,7 +84,7 @@ "@timestamp": "2018-10-03T16:16:26.711Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.net", "destination.geo.city_name": "Norwell", @@ -158,7 +157,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -167,7 +165,7 @@ "@timestamp": "2018-10-03T16:44:50.813Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.net", "destination.geo.city_name": "Norwell", @@ -240,7 +238,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -249,7 +246,7 @@ "@timestamp": "2018-10-03T16:45:09.267Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.org", "destination.geo.city_name": "Norwell", @@ -322,7 +319,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -331,7 +327,7 @@ "@timestamp": "2018-10-03T16:45:34.481Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.org", "destination.geo.city_name": "Norwell", @@ -404,7 +400,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -413,7 +408,7 @@ "@timestamp": "2018-10-03T17:02:38.900Z", "destination.address": "93.184.216.34", "destination.as.number": 15133, - "destination.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", + "destination.as.organization.name": "EDGECAST", "destination.bytes": 1654, "destination.domain": "example.org", "destination.geo.city_name": "Norwell", @@ -486,7 +481,6 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -502,8 +496,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5132, - "destination.geo.location.lon": -0.0961, + "destination.geo.location.lat": 51.5096, + "destination.geo.location.lon": -0.0972, "destination.geo.region_iso_code": "GB-ENG", "destination.geo.region_name": "England", "destination.ip": "91.189.88.152", @@ -567,7 +561,6 @@ "url.original": "/ubuntu/dists/bionic-security/InRelease", "url.path": "/ubuntu/dists/bionic-security/InRelease", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -649,7 +642,6 @@ "url.original": "/ubuntu/dists/bionic/InRelease", "url.path": "/ubuntu/dists/bionic/InRelease", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -731,7 +723,6 @@ "url.original": "/ubuntu/dists/bionic-updates/InRelease", "url.path": "/ubuntu/dists/bionic-updates/InRelease", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -748,8 +739,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5132, - "destination.geo.location.lon": -0.0961, + "destination.geo.location.lat": 51.5096, + "destination.geo.location.lon": -0.0972, "destination.geo.region_iso_code": "GB-ENG", "destination.geo.region_name": "England", "destination.ip": "91.189.88.152", @@ -813,7 +804,6 @@ "url.original": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", "url.path": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -830,8 +820,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5132, - "destination.geo.location.lon": -0.0961, + "destination.geo.location.lat": 51.5096, + "destination.geo.location.lon": -0.0972, "destination.geo.region_iso_code": "GB-ENG", "destination.geo.region_name": "England", "destination.ip": "91.189.88.152", @@ -895,7 +885,6 @@ "url.original": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", "url.path": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -912,8 +901,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "GB", "destination.geo.country_name": "United Kingdom", - "destination.geo.location.lat": 51.5132, - "destination.geo.location.lon": -0.0961, + "destination.geo.location.lat": 51.5096, + "destination.geo.location.lon": -0.0972, "destination.geo.region_iso_code": "GB-ENG", "destination.geo.region_name": "England", "destination.ip": "91.189.88.152", @@ -977,7 +966,6 @@ "url.original": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", "url.path": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1059,7 +1047,6 @@ "url.original": "/ubuntu/dists/bionic-backports/InRelease", "url.path": "/ubuntu/dists/bionic-backports/InRelease", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1141,7 +1128,6 @@ "url.original": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", "url.path": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1223,7 +1209,6 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", "url.path": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1305,7 +1290,6 @@ "url.original": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", "url.path": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1387,7 +1371,6 @@ "url.original": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", "url.path": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1469,7 +1452,6 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", "url.path": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1550,7 +1532,6 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", "url.path": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1631,7 +1612,6 @@ "url.original": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", "url.path": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index 86962b58d984..e233b88d4730 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -154,7 +154,6 @@ "url.original": "/dd.xml", "url.path": "/dd.xml", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", "user_agent.os.full": "Mac OS X 10.13.5", @@ -216,7 +215,6 @@ "url.original": "/ssdp/device-desc.xml", "url.path": "/ssdp/device-desc.xml", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", "user_agent.os.full": "Mac OS X 10.13.5", @@ -420,7 +418,7 @@ "@timestamp": "2018-07-05T19:51:50.666Z", "destination.address": "17.142.164.13", "destination.as.number": 714, - "destination.as.organization.name": "Apple Inc.", + "destination.as.organization.name": "APPLE-ENGINEERING", "destination.domain": "p33-btmmdns.icloud.com", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -588,7 +586,6 @@ "url.path": "http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab", "url.query": "111111111111", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Microsoft-CryptoAPI", "user_agent.original": "Microsoft-CryptoAPI/10.0", "user_agent.version": "10.0" @@ -708,7 +705,6 @@ "url.path": "/uuid", "url.port": 8081, "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:84.0) Gecko/20100101 Firefox/84.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json b/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json index e73c0f86cd25..647015ab3f84 100644 --- a/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json @@ -15,9 +15,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.net", "example.com", - "https://example.com/illumqui/ventore.html?min=ite#utl" + "https://example.com/illumqui/ventore.html?min=ite#utl", + "mail.example.net" ], "related.ip": [ "10.251.224.219" @@ -53,7 +53,6 @@ "url.top_level_domain": "com", "user.name": "rci", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -77,9 +76,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "mail.example.com", "https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev", - "www5.example.net", - "mail.example.com" + "www5.example.net" ], "related.ip": [ "10.196.153.12" @@ -116,7 +115,6 @@ "url.top_level_domain": "net", "user.name": "abo", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -139,8 +137,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.com", "internal.example.com", + "www.example.com", "https://internal.example.com/tetur/idolor.html?ntex=eius#luptat", "ctetur5806.api.home" ], @@ -181,7 +179,6 @@ "url.top_level_domain": "com", "user.name": "enatus", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -205,9 +202,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.com", + "https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu", "www5.example.org", - "https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu" + "mail.example.com" ], "related.ip": [ "10.196.118.192" @@ -244,7 +241,6 @@ "url.top_level_domain": "org", "user.name": "tur", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -268,9 +264,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.com", + "internal.example.net", "https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn", - "internal.example.net" + "internal.example.com" ], "related.ip": [ "10.246.209.145" @@ -307,7 +303,6 @@ "url.top_level_domain": "com", "user.name": "llu", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -331,9 +326,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www5.example.org", "internal.example.com", - "https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu", - "www5.example.org" + "https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu" ], "related.ip": [ "10.114.191.225" @@ -370,7 +365,6 @@ "url.top_level_domain": "com", "user.name": "tempo", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -395,9 +389,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.com", "https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat", "www5.example.net", + "api.example.com", "erep2696.www.home" ], "related.ip": [ @@ -437,7 +431,6 @@ "url.top_level_domain": "net", "user.name": "liqu", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -462,9 +455,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www.example.org", "mail.example.org", "https://www.example.org/idexea/riat.txt?tvol=moll#tatione", - "www.example.org", "mUt2398.invalid" ], "related.ip": [ @@ -504,7 +497,6 @@ "url.top_level_domain": "org", "user.name": "ugits", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -528,9 +520,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.org", "https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan", - "api.example.org" + "api.example.org", + "example.org" ], "related.ip": [ "10.182.166.181" @@ -567,7 +559,6 @@ "url.top_level_domain": "org", "user.name": "mol", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -591,9 +582,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq", "internal.example.com", - "mail.example.net", - "https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq" + "mail.example.net" ], "related.ip": [ "10.185.126.247" @@ -630,7 +621,6 @@ "url.top_level_domain": "net", "user.name": "quu", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -694,7 +684,6 @@ "url.top_level_domain": "com", "user.name": "nsequu", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -719,9 +708,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.net", - "https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun", "example.net", + "https://example.net/nimadmin/ditautfu.html?lpa=entsu#dun", + "internal.example.net", "oin6316.www5.host" ], "related.ip": [ @@ -760,7 +749,6 @@ "url.top_level_domain": "net", "user.name": "lapariat", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -786,8 +774,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://www5.example.com/ono/stru.jpg?emaperi=tame#tinvol", - "internal.example.net", "www5.example.com", + "internal.example.net", "tionemu7691.www.local" ], "related.ip": [ @@ -827,7 +815,6 @@ "url.top_level_domain": "com", "user.name": "des", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -852,8 +839,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.org", - "https://example.net/tion/eataev.htm?uiineavo=tisetq#irati", - "example.net" + "example.net", + "https://example.net/tion/eataev.htm?uiineavo=tisetq#irati" ], "related.ip": [ "10.57.170.140" @@ -889,7 +876,6 @@ "url.top_level_domain": "net", "user.name": "onse", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -913,9 +899,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "internal.example.net", "https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip", - "internal.example.com", - "internal.example.net" + "internal.example.com" ], "related.ip": [ "10.33.153.47" @@ -952,7 +938,6 @@ "url.top_level_domain": "com", "user.name": "atquovo", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -1018,7 +1003,6 @@ "url.top_level_domain": "net", "user.name": "tat", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1042,9 +1026,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame", "example.com", - "internal.example.com", - "https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame" + "internal.example.com" ], "related.ip": [ "10.202.194.67" @@ -1081,7 +1065,6 @@ "url.top_level_domain": "com", "user.name": "ittenbyC", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1106,9 +1089,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.com", "www5.example.com", "https://www5.example.com/etconse/tincu.txt?lit=asun#estia", + "www.example.com", "wri2784.api.domain" ], "related.ip": [ @@ -1148,7 +1131,6 @@ "url.top_level_domain": "com", "user.name": "modocon", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1173,8 +1155,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.net", - "https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex", - "www5.example.org" + "www5.example.org", + "https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex" ], "related.ip": [ "10.52.186.29" @@ -1211,7 +1193,6 @@ "url.top_level_domain": "org", "user.name": "doloreme", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -1236,9 +1217,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.org", "example.net", "https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela", + "www.example.org", "oquisqu2937.mail.domain" ], "related.ip": [ @@ -1278,7 +1259,6 @@ "url.top_level_domain": "org", "user.name": "olor", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -1345,7 +1325,6 @@ "url.top_level_domain": "net", "user.name": "sin", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1408,7 +1387,6 @@ "url.top_level_domain": "org", "user.name": "orporiss", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -1432,9 +1410,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", "example.org", - "https://example.net/nisi/dant.txt?ecte=tinvolu#iurer" + "https://example.net/nisi/dant.txt?ecte=tinvolu#iurer", + "example.net" ], "related.ip": [ "10.238.164.29" @@ -1470,7 +1448,6 @@ "url.top_level_domain": "net", "user.name": "utlabor", "user_agent.device.name": "Meizu M6", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -1495,8 +1472,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.com", - "https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius", - "internal.example.com" + "internal.example.com", + "https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius" ], "related.ip": [ "10.155.230.17" @@ -1533,7 +1510,6 @@ "url.top_level_domain": "com", "user.name": "ionevo", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1558,9 +1534,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", "mail.example.net", "https://example.net/officiad/itam.html?madmi=tur#roi", + "example.net", "ide2767.www5.local" ], "related.ip": [ @@ -1599,7 +1575,6 @@ "url.top_level_domain": "net", "user.name": "tenbyCi", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1624,9 +1599,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www5.example.org", "mail.example.org", "https://mail.example.org/tor/qui.txt?eavolup=fugiatn#docon", - "www5.example.org", "sBon1759.invalid" ], "related.ip": [ @@ -1666,7 +1641,6 @@ "url.top_level_domain": "org", "user.name": "vita", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1690,9 +1664,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", "example.com", - "https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp" + "https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp", + "api.example.net" ], "related.ip": [ "10.99.0.226" @@ -1729,7 +1703,6 @@ "url.top_level_domain": "net", "user.name": "uidol", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1754,8 +1727,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.net", - "api.example.org", - "https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut" + "https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut", + "api.example.org" ], "related.ip": [ "10.107.174.213" @@ -1792,7 +1765,6 @@ "url.top_level_domain": "net", "user.name": "minimav", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -1817,8 +1789,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem", "mail.example.org", + "https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem", "www.example.org", "idunt4707.host" ], @@ -1859,7 +1831,6 @@ "url.top_level_domain": "org", "user.name": "isnost", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -1884,8 +1855,8 @@ "observer.vendor": "Apache", "related.hosts": [ "api.example.com", - "https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab", - "www.example.org" + "www.example.org", + "https://www.example.org/epre/tobeata.html?quia=iduntu#idestlab" ], "related.ip": [ "10.193.143.108" @@ -1922,7 +1893,6 @@ "url.top_level_domain": "org", "user.name": "luptate", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1947,9 +1917,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", - "https://example.com/mexe/its.htm?ice=oles#edic", "example.org", + "https://example.com/mexe/its.htm?ice=oles#edic", + "example.com", "emquia1497.www5.lan" ], "related.ip": [ @@ -1988,7 +1958,6 @@ "url.top_level_domain": "com", "user.name": "siut", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -2055,7 +2024,6 @@ "url.top_level_domain": "com", "user.name": "tconsect", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -2075,8 +2043,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita", "internal.example.com", + "https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita", "www.example.org" ], "related.ip": [ @@ -2114,7 +2082,6 @@ "url.top_level_domain": "org", "user.name": "psum", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -2139,9 +2106,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon", - "api.example.org", "mail.example.net", + "api.example.org", + "https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon", "aboreetd5461.host" ], "related.ip": [ @@ -2181,7 +2148,6 @@ "url.top_level_domain": "org", "user.name": "urv", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -2205,8 +2171,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", "www5.example.org", + "api.example.net", "https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun" ], "related.ip": [ @@ -2244,7 +2210,6 @@ "url.top_level_domain": "net", "user.name": "mve", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2269,8 +2234,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal", "api.example.com", + "https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal", "mail.example.org", "iquidexe304.mail.test" ], @@ -2311,7 +2276,6 @@ "url.top_level_domain": "org", "user.name": "uat", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2336,9 +2300,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.com", - "https://internal.example.com/llamc/nte.htm?utali=porinc#tetur", "internal.example.com", + "https://internal.example.com/llamc/nte.htm?utali=porinc#tetur", + "mail.example.com", "remips4828.www5.host" ], "related.ip": [ @@ -2378,7 +2342,6 @@ "url.top_level_domain": "com", "user.name": "itesseq", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2403,8 +2366,8 @@ "observer.vendor": "Apache", "related.hosts": [ "mail.example.org", - "example.net", - "https://example.net/ites/isetq.gif?nisiut=tur#avolupt" + "https://example.net/ites/isetq.gif?nisiut=tur#avolupt", + "example.net" ], "related.ip": [ "10.168.6.90" @@ -2440,7 +2403,6 @@ "url.top_level_domain": "net", "user.name": "amvolupt", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -2464,9 +2426,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.com", "https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu", - "api.example.org" + "api.example.org", + "mail.example.com" ], "related.ip": [ "10.89.137.238" @@ -2503,7 +2465,6 @@ "url.top_level_domain": "com", "user.name": "ore", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -2527,9 +2488,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.org", + "www5.example.net", "https://example.org/Nequepor/eirure.htm?idid=tesse#sequat", - "www5.example.net" + "example.org" ], "related.ip": [ "10.246.61.213" @@ -2565,7 +2526,6 @@ "url.top_level_domain": "org", "user.name": "iusmodte", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2590,9 +2550,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.net", "www.example.org", "https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", + "www5.example.net", "orin5238.host" ], "related.ip": [ @@ -2632,7 +2592,6 @@ "url.top_level_domain": "org", "user.name": "rcit", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2694,7 +2653,6 @@ "url.top_level_domain": "net", "user.name": "elits", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2717,8 +2675,8 @@ "observer.vendor": "Apache", "related.hosts": [ "api.example.com", - "example.org", - "https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq" + "https://api.example.com/dictasun/abore.txt?modocon=ipsu#ntNeq", + "example.org" ], "related.ip": [ "10.135.91.88" @@ -2755,7 +2713,6 @@ "url.top_level_domain": "com", "user.name": "eporroq", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2780,9 +2737,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "example.net", "api.example.org", "https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor", - "example.net", "agnaaliq1829.mail.test" ], "related.ip": [ @@ -2821,7 +2778,6 @@ "url.top_level_domain": "net", "user.name": "fugitse", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2845,8 +2801,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.org/umetMal/asper.htm?metcons=itasper#uae", - "www.example.org" + "www.example.org", + "https://www.example.org/umetMal/asper.htm?metcons=itasper#uae" ], "related.ip": [ "10.87.179.233" @@ -2883,7 +2839,6 @@ "url.top_level_domain": "org", "user.name": "avolu", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -2907,9 +2862,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", + "https://api.example.net/mquisn/queips.gif?emUte=molestia#quir", "example.com", - "https://api.example.net/mquisn/queips.gif?emUte=molestia#quir" + "api.example.net" ], "related.ip": [ "10.198.57.130" @@ -2946,7 +2901,6 @@ "url.top_level_domain": "net", "user.name": "henderit", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -2971,8 +2925,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.org", - "www.example.net", - "https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu" + "https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu", + "www.example.net" ], "related.ip": [ "10.218.0.197" @@ -3009,7 +2963,6 @@ "url.top_level_domain": "net", "user.name": "econs", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3076,7 +3029,6 @@ "url.top_level_domain": "com", "user.name": "illumqui", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3102,8 +3054,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.net", - "example.org", "https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu", + "example.org", "uamnihil6127.api.domain" ], "related.ip": [ @@ -3143,7 +3095,6 @@ "url.top_level_domain": "net", "user.name": "leumiur", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3169,8 +3120,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom", - "mail.example.net", "www.example.org", + "mail.example.net", "uov1629.internal.invalid" ], "related.ip": [ @@ -3210,7 +3161,6 @@ "url.top_level_domain": "net", "user.name": "quaU", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3234,9 +3184,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "mail.example.net", "internal.example.org", - "https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat", - "mail.example.net" + "https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat" ], "related.ip": [ "10.166.90.130" @@ -3273,7 +3223,6 @@ "url.top_level_domain": "net", "user.name": "eosquira", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3298,9 +3247,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://api.example.org/ratv/alorum.jpg?tali=BCS#qui", "internal.example.org", "api.example.org", + "https://api.example.org/ratv/alorum.jpg?tali=BCS#qui", "orumw5960.www5.home" ], "related.ip": [ @@ -3340,7 +3289,6 @@ "url.top_level_domain": "org", "user.name": "tiumto", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3364,9 +3312,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.net", "https://internal.example.net/gitse/ugitse.jpg?tvolup=tdolore#ventore", - "api.example.net" + "api.example.net", + "internal.example.net" ], "related.ip": [ "10.185.37.32" @@ -3403,7 +3351,6 @@ "url.top_level_domain": "net", "user.name": "tesseq", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -3427,9 +3374,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.org", + "internal.example.com", "https://example.org/pisc/urEx.html?rautod=olest#eataev", - "internal.example.com" + "example.org" ], "related.ip": [ "10.5.194.202" @@ -3465,7 +3412,6 @@ "url.top_level_domain": "org", "user.name": "ntmo", "user_agent.device.name": "LM-V350", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3490,9 +3436,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www5.example.com", "www.example.org", "https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation", - "www5.example.com", "deriti6952.mail.domain" ], "related.ip": [ @@ -3532,7 +3478,6 @@ "url.top_level_domain": "com", "user.name": "isn", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -3556,9 +3501,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema", "internal.example.com", - "mail.example.net", - "https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema" + "mail.example.net" ], "related.ip": [ "10.101.163.40" @@ -3595,7 +3540,6 @@ "url.top_level_domain": "net", "user.name": "nBCSe", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -3620,9 +3564,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.com", - "https://www5.example.com/mUteni/quira.htm?ore=tation#loinve", "www5.example.com", + "https://www5.example.com/mUteni/quira.htm?ore=tation#loinve", + "internal.example.com", "nse3421.mail.localhost" ], "related.ip": [ @@ -3662,7 +3606,6 @@ "url.top_level_domain": "com", "user.name": "ugitsedq", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3686,8 +3629,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna", "mail.example.net", + "https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna", "www5.example.org" ], "related.ip": [ @@ -3725,7 +3668,6 @@ "url.top_level_domain": "org", "user.name": "isnisiu", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3786,7 +3728,6 @@ "url.top_level_domain": "com", "user.name": "ccaec", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3811,9 +3752,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", "mail.example.org", "https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula", + "example.com", "tautfug689.localdomain" ], "related.ip": [ @@ -3853,7 +3794,6 @@ "url.top_level_domain": "org", "user.name": "serror", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3920,7 +3860,6 @@ "url.top_level_domain": "com", "user.name": "liquam", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3944,9 +3883,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.net/labori/porai.gif?utali=sed#xeac", + "example.net", "internal.example.org", - "example.net" + "https://example.net/labori/porai.gif?utali=sed#xeac" ], "related.ip": [ "10.158.6.52" @@ -3982,7 +3921,6 @@ "url.top_level_domain": "net", "user.name": "sed", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -4049,7 +3987,6 @@ "url.top_level_domain": "org", "user.name": "urerepre", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4073,9 +4010,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", "mail.example.com", - "https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat" + "https://mail.example.com/iuntNeq/eddoei.jpg?sseq=eriam#pernat", + "example.net" ], "related.ip": [ "10.20.68.117" @@ -4112,7 +4049,6 @@ "url.top_level_domain": "com", "user.name": "quas", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4179,7 +4115,6 @@ "url.top_level_domain": "com", "user.name": "iti", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -4246,7 +4181,6 @@ "url.top_level_domain": "net", "user.name": "ugiat", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4267,8 +4201,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www5.example.com/quu/xeac.htm?abor=oreverit#scip", "www5.example.com", + "https://www5.example.com/quu/xeac.htm?abor=oreverit#scip", "runtm5729.invalid" ], "related.ip": [ @@ -4308,7 +4242,6 @@ "url.top_level_domain": "com", "user.name": "ptate", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4333,8 +4266,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.net", - "https://www.example.net/mini/Loremip.html?tur=atnonpr#ita", - "www.example.net" + "www.example.net", + "https://www.example.net/mini/Loremip.html?tur=atnonpr#ita" ], "related.ip": [ "10.187.152.213" @@ -4371,7 +4304,6 @@ "url.top_level_domain": "net", "user.name": "ventor", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -4438,7 +4370,6 @@ "url.top_level_domain": "net", "user.name": "fugitse", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4463,8 +4394,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.net", - "www5.example.org", - "https://www5.example.net/tev/nre.html?occaeca=eturadip#ent" + "https://www5.example.net/tev/nre.html?occaeca=eturadip#ent", + "www5.example.org" ], "related.ip": [ "10.86.123.33" @@ -4501,7 +4432,6 @@ "url.top_level_domain": "net", "user.name": "meum", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -4525,8 +4455,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.net", "api.example.net", + "www5.example.net", "https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi" ], "related.ip": [ @@ -4564,7 +4494,6 @@ "url.top_level_domain": "net", "user.name": "oluptat", "user_agent.device.name": "LM-V350", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -4589,9 +4518,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.org", "example.net", "https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu", + "www5.example.org", "orsi2109.internal.home" ], "related.ip": [ @@ -4630,7 +4559,6 @@ "url.top_level_domain": "net", "user.name": "idolo", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4652,8 +4580,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.net", - "example.org", "https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu", + "example.org", "quaeabil2539.www5.lan" ], "related.ip": [ @@ -4692,7 +4620,6 @@ "url.top_level_domain": "org", "user.name": "quide", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4717,9 +4644,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.org", "https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa", "www5.example.net", + "www5.example.org", "aal1598.mail.host" ], "related.ip": [ @@ -4759,7 +4686,6 @@ "url.top_level_domain": "org", "user.name": "upta", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -4783,9 +4709,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "api.example.net", "www.example.org", - "https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit", - "api.example.net" + "https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit" ], "related.ip": [ "10.37.156.140" @@ -4822,7 +4748,6 @@ "url.top_level_domain": "org", "user.name": "olores", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4845,8 +4770,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex", - "example.com", - "www5.example.org" + "www5.example.org", + "example.com" ], "related.ip": [ "10.121.225.135" @@ -4882,7 +4807,6 @@ "url.top_level_domain": "com", "user.name": "cin", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4906,8 +4830,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.org", "mail.example.net", + "www.example.org", "https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN" ], "related.ip": [ @@ -4945,7 +4869,6 @@ "url.top_level_domain": "org", "user.name": "olore", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -5012,7 +4935,6 @@ "url.top_level_domain": "net", "user.name": "evo", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5037,8 +4959,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", "example.net", + "example.com", "https://example.net/deritinv/evelite.html?iav=odico#rsint", "sectetur2674.www5.test" ], @@ -5078,7 +5000,6 @@ "url.top_level_domain": "net", "user.name": "deomnisi", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5144,7 +5065,6 @@ "url.top_level_domain": "org", "user.name": "nimv", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -5168,9 +5088,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus", "api.example.org", - "www5.example.com", - "https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus" + "www5.example.com" ], "related.ip": [ "10.122.252.130" @@ -5207,7 +5127,6 @@ "url.top_level_domain": "com", "user.name": "mmo", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -5231,9 +5150,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.com", "www.example.net", - "https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun" + "https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun", + "api.example.com" ], "related.ip": [ "10.195.152.53" @@ -5270,7 +5189,6 @@ "url.top_level_domain": "com", "user.name": "ute", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -5332,7 +5250,6 @@ "url.top_level_domain": "com", "user.name": "emUtenim", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5357,9 +5274,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.net", "www.example.org", "https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor", + "internal.example.net", "nimadmin5630.localdomain" ], "related.ip": [ @@ -5399,7 +5316,6 @@ "url.top_level_domain": "org", "user.name": "nulapari", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5424,9 +5340,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.com", - "https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu", "api.example.org", + "https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu", + "api.example.com", "sequuntu3563.internal.test" ], "related.ip": [ @@ -5466,7 +5382,6 @@ "url.top_level_domain": "com", "user.name": "iarchit", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -5490,9 +5405,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "internal.example.com", "https://example.org/rep/mveni.txt?utpers=num#ctetura", - "example.org", - "internal.example.com" + "example.org" ], "related.ip": [ "10.144.111.42" @@ -5528,7 +5443,6 @@ "url.top_level_domain": "org", "user.name": "vento", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -5590,7 +5504,6 @@ "url.top_level_domain": "net", "user.name": "ola", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -5616,8 +5529,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.net", - "mail.example.com", "https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec", + "mail.example.com", "tdolo2150.www.example" ], "related.ip": [ @@ -5657,7 +5570,6 @@ "url.top_level_domain": "com", "user.name": "iusmodi", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5683,8 +5595,8 @@ "observer.vendor": "Apache", "related.hosts": [ "mail.example.org", - "https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa", "internal.example.org", + "https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa", "cinge6032.api.local" ], "related.ip": [ @@ -5724,7 +5636,6 @@ "url.top_level_domain": "org", "user.name": "tamr", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5748,9 +5659,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", "https://example.com/lorese/olupta.jpg?onsec=idestl#litani", - "internal.example.org" + "internal.example.org", + "example.com" ], "related.ip": [ "10.51.52.203" @@ -5786,7 +5697,6 @@ "url.top_level_domain": "com", "user.name": "itame", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -5811,8 +5721,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN", "internal.example.net", + "https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN", "ende6053.local" ], "related.ip": [ @@ -5852,7 +5762,6 @@ "url.top_level_domain": "net", "user.name": "imipsa", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -5876,9 +5785,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet", "mail.example.net", - "example.net" + "example.net", + "https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet" ], "related.ip": [ "10.106.34.244" @@ -5915,7 +5824,6 @@ "url.top_level_domain": "net", "user.name": "nim", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5978,7 +5886,6 @@ "url.top_level_domain": "org", "user.name": "ruredol", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -6002,9 +5909,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://www.example.com/bori/dipi.gif?utf=dolor#dexe", "www.example.org", - "www.example.com", - "https://www.example.com/bori/dipi.gif?utf=dolor#dexe" + "www.example.com" ], "related.ip": [ "10.2.38.49" @@ -6041,7 +5948,6 @@ "url.top_level_domain": "com", "user.name": "lor", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -6063,8 +5969,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.com", - "https://example.com/iat/tqui.gif?utaliqui=emse#emqui", "mail.example.com", + "https://example.com/iat/tqui.gif?utaliqui=emse#emqui", "didun1193.example" ], "related.ip": [ @@ -6103,7 +6009,6 @@ "url.top_level_domain": "com", "user.name": "atisu", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6128,9 +6033,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", - "mail.example.com", "https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost", + "mail.example.com", + "example.com", "apari2660.www5.lan" ], "related.ip": [ @@ -6169,7 +6074,6 @@ "url.top_level_domain": "com", "user.name": "teirured", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -6194,9 +6098,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni", "www5.example.org", "api.example.net", + "https://api.example.net/uiaco/aliqu.txt?udexerci=uae#imveni", "nvolupta238.www.host" ], "related.ip": [ @@ -6236,7 +6140,6 @@ "url.top_level_domain": "net", "user.name": "uira", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6261,9 +6164,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.org", - "https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed", "api.example.com", + "https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed", + "www.example.org", "icer123.mail.example" ], "related.ip": [ @@ -6303,7 +6206,6 @@ "url.top_level_domain": "org", "user.name": "culp", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -6370,7 +6272,6 @@ "url.top_level_domain": "net", "user.name": "deFini", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6394,9 +6295,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", + "https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui", "internal.example.org", - "https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui" + "api.example.net" ], "related.ip": [ "10.12.173.112" @@ -6433,7 +6334,6 @@ "url.top_level_domain": "org", "user.name": "mco", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", diff --git a/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json b/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json index b7c0e0bc8cbb..c617b358da94 100644 --- a/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/connection/test/connection-json.log-expected.json @@ -55,7 +55,7 @@ "@timestamp": "2019-01-11T06:33:36.857Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -113,7 +113,7 @@ "@timestamp": "2019-01-11T06:33:37.857Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.bytes": 206, "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -152,13 +152,16 @@ "service.type": "zeek", "source.address": "4.4.2.2", "source.as.number": 3356, - "source.as.organization.name": "Level 3 Parent, LLC", + "source.as.organization.name": "LEVEL3", "source.bytes": 103, + "source.geo.city_name": "Nashville", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, + "source.geo.location.lat": 36.0711, + "source.geo.location.lon": -86.7196, + "source.geo.region_iso_code": "US-TN", + "source.geo.region_name": "Tennessee", "source.ip": "4.4.2.2", "source.packets": 1, "source.port": 383341, diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json index df304170733a..dbedcd4e1145 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -3,13 +3,13 @@ "@timestamp": "2019-01-17T01:05:30.172Z", "destination.address": "17.253.5.203", "destination.as.number": 6185, - "destination.as.organization.name": "Apple Inc.", + "destination.as.organization.name": "APPLE-AUSTIN", "destination.geo.city_name": "San Jose", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.3388, - "destination.geo.location.lon": -121.8914, + "destination.geo.location.lat": 37.3322, + "destination.geo.location.lon": -121.8896, "destination.geo.region_iso_code": "US-CA", "destination.geo.region_name": "California", "destination.ip": "17.253.5.203", @@ -59,7 +59,6 @@ "url.username": "user", "user.name": "user", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "com.apple.trustd/2.0", "zeek.http.resp_fuids": [ @@ -77,7 +76,7 @@ "@timestamp": "2019-01-17T06:36:59.757Z", "destination.address": "34.206.130.40", "destination.as.number": 14618, - "destination.as.organization.name": "Amazon.com, Inc.", + "destination.as.organization.name": "AMAZON-AES", "destination.geo.city_name": "Ashburn", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", @@ -128,7 +127,6 @@ "url.original": "/ip", "url.port": 80, "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0", diff --git a/x-pack/filebeat/module/zeek/intel/test/intel-json.log-expected.json b/x-pack/filebeat/module/zeek/intel/test/intel-json.log-expected.json index d9de4e04efd5..e39b9b0013a7 100644 --- a/x-pack/filebeat/module/zeek/intel/test/intel-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/intel/test/intel-json.log-expected.json @@ -2,8 +2,8 @@ { "@timestamp": "2019-11-06T09:03:00.989Z", "destination.address": "198.41.0.4", - "destination.as.number": 20172, - "destination.as.organization.name": "VeriSign Global Registry Services", + "destination.as.number": 10515, + "destination.as.organization.name": "CLT-NIC", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json b/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json index 06d833b6a424..8cf05b0301ec 100644 --- a/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/irc/test/irc-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2013-12-20T15:44:10.647Z", "destination.address": "38.229.70.20", "destination.as.number": 23028, - "destination.as.organization.name": "Team Cymru Inc.", + "destination.as.organization.name": "TEAM-CYMRU", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -50,7 +50,7 @@ "@timestamp": "2013-12-20T15:44:10.647Z", "destination.address": "38.229.70.20", "destination.as.number": 23028, - "destination.as.organization.name": "Team Cymru Inc.", + "destination.as.organization.name": "TEAM-CYMRU", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -102,7 +102,7 @@ "@timestamp": "2013-12-20T15:44:10.706Z", "destination.address": "38.229.70.20", "destination.as.number": 23028, - "destination.as.organization.name": "Team Cymru Inc.", + "destination.as.organization.name": "TEAM-CYMRU", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json b/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json index 90bb5e3145ed..f477edb23ea9 100644 --- a/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/notice/test/notice-json.log-expected.json @@ -36,7 +36,7 @@ "@timestamp": "2019-02-28T22:36:28.426Z", "destination.address": "207.154.238.205", "destination.as.number": 14061, - "destination.as.organization.name": "DigitalOcean, LLC", + "destination.as.organization.name": "DIGITALOCEAN-ASN", "destination.geo.city_name": "Frankfurt am Main", "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "DE", @@ -68,13 +68,13 @@ "service.type": "zeek", "source.address": "8.42.77.171", "source.as.number": 393552, - "source.as.organization.name": "Longmont Power & Communications", + "source.as.organization.name": "COL-LPC", "source.geo.city_name": "Longmont", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 40.1559, - "source.geo.location.lon": -105.1624, + "source.geo.location.lat": 40.1452, + "source.geo.location.lon": -105.1667, "source.geo.region_iso_code": "US-CO", "source.geo.region_name": "Colorado", "source.ip": "8.42.77.171", diff --git a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json index 940f548b1b79..8d48ddccf473 100644 --- a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2020-10-08T00:29:07.977Z", "destination.address": "208.79.89.249", "destination.as.number": 25795, - "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.as.organization.name": "ARPNET", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -36,6 +36,8 @@ ], "service.type": "zeek", "source.address": "130.118.205.62", + "source.as.number": 22284, + "source.as.organization.name": "AS22284-DOI-OPS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", @@ -65,7 +67,7 @@ "@timestamp": "2020-10-08T00:29:08.081Z", "destination.address": "208.79.89.249", "destination.as.number": 25795, - "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.as.organization.name": "ARPNET", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -98,6 +100,8 @@ ], "service.type": "zeek", "source.address": "130.118.205.62", + "source.as.number": 22284, + "source.as.organization.name": "AS22284-DOI-OPS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json index d06eb256245b..162b7c007cd2 100644 --- a/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/signature/test/signature-json.log-expected.json @@ -7,8 +7,8 @@ "destination.geo.continent_name": "Europe", "destination.geo.country_iso_code": "CZ", "destination.geo.country_name": "Czechia", - "destination.geo.location.lat": 50.0848, - "destination.geo.location.lon": 14.4112, + "destination.geo.location.lat": 50.0853, + "destination.geo.location.lon": 14.411, "destination.ip": "160.218.27.63", "destination.port": 445, "event.dataset": "zeek.signature", diff --git a/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json b/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json index 71061cd293bc..05280e83a6df 100644 --- a/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/sip/test/sip-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2013-02-26T22:02:39.055Z", "destination.address": "74.63.41.218", "destination.as.number": 29791, - "destination.as.organization.name": "Internap Corporation", + "destination.as.organization.name": "VOXEL-DOT-NET", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -70,14 +70,14 @@ "destination.address": "200.57.7.195", "destination.as.number": 18734, "destination.as.organization.name": "Operbes, S.A. de C.V.", - "destination.geo.city_name": "Mexico City", + "destination.geo.city_name": "Ecatepec", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "MX", "destination.geo.country_name": "Mexico", - "destination.geo.location.lat": 19.4357, - "destination.geo.location.lon": -99.1438, - "destination.geo.region_iso_code": "MX-CMX", - "destination.geo.region_name": "Mexico City", + "destination.geo.location.lat": 19.5732, + "destination.geo.location.lon": -99.0445, + "destination.geo.region_iso_code": "MX-MEX", + "destination.geo.region_name": "M\u00e9xico", "destination.ip": "200.57.7.195", "destination.port": 5060, "event.action": "INVITE", @@ -107,14 +107,14 @@ "source.address": "200.57.7.204", "source.as.number": 18734, "source.as.organization.name": "Operbes, S.A. de C.V.", - "source.geo.city_name": "Mexico City", + "source.geo.city_name": "Ecatepec", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "MX", "source.geo.country_name": "Mexico", - "source.geo.location.lat": 19.4357, - "source.geo.location.lon": -99.1438, - "source.geo.region_iso_code": "MX-CMX", - "source.geo.region_name": "Mexico City", + "source.geo.location.lat": 19.5732, + "source.geo.location.lon": -99.0445, + "source.geo.region_iso_code": "MX-MEX", + "source.geo.region_name": "M\u00e9xico", "source.ip": "200.57.7.204", "source.port": 5061, "tags": [ @@ -151,14 +151,14 @@ "destination.address": "200.57.7.195", "destination.as.number": 18734, "destination.as.organization.name": "Operbes, S.A. de C.V.", - "destination.geo.city_name": "Mexico City", + "destination.geo.city_name": "Ecatepec", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "MX", "destination.geo.country_name": "Mexico", - "destination.geo.location.lat": 19.4357, - "destination.geo.location.lon": -99.1438, - "destination.geo.region_iso_code": "MX-CMX", - "destination.geo.region_name": "Mexico City", + "destination.geo.location.lat": 19.5732, + "destination.geo.location.lon": -99.0445, + "destination.geo.region_iso_code": "MX-MEX", + "destination.geo.region_name": "M\u00e9xico", "destination.ip": "200.57.7.195", "destination.port": 5060, "event.action": "REGISTER", @@ -188,14 +188,14 @@ "source.address": "200.57.7.205", "source.as.number": 18734, "source.as.organization.name": "Operbes, S.A. de C.V.", - "source.geo.city_name": "Mexico City", + "source.geo.city_name": "Ecatepec", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "MX", "source.geo.country_name": "Mexico", - "source.geo.location.lat": 19.4357, - "source.geo.location.lon": -99.1438, - "source.geo.region_iso_code": "MX-CMX", - "source.geo.region_name": "Mexico City", + "source.geo.location.lat": 19.5732, + "source.geo.location.lon": -99.0445, + "source.geo.region_iso_code": "MX-MEX", + "source.geo.region_name": "M\u00e9xico", "source.ip": "200.57.7.205", "source.port": 5061, "tags": [ diff --git a/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json b/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json index 72ac1dc8e22a..e0b17839dbbb 100644 --- a/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/ssl/test/ssl-json.log-expected.json @@ -4,15 +4,15 @@ "client.address": "10.178.98.102", "destination.address": "35.199.178.4", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.city_name": "Mountain View", + "destination.as.organization.name": "GOOGLE", + "destination.geo.city_name": "The Dalles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 45.5999, + "destination.geo.location.lon": -121.1871, + "destination.geo.region_iso_code": "US-OR", + "destination.geo.region_name": "Oregon", "destination.ip": "35.199.178.4", "destination.port": 9243, "event.category": [ @@ -86,15 +86,15 @@ "client.address": "10.178.98.102", "destination.address": "35.199.178.4", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.city_name": "Mountain View", + "destination.as.organization.name": "GOOGLE", + "destination.geo.city_name": "The Dalles", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.4043, - "destination.geo.location.lon": -122.0748, - "destination.geo.region_iso_code": "US-CA", - "destination.geo.region_name": "California", + "destination.geo.location.lat": 45.5999, + "destination.geo.location.lon": -121.1871, + "destination.geo.region_iso_code": "US-OR", + "destination.geo.region_name": "Oregon", "destination.ip": "35.199.178.4", "destination.port": 9243, "event.category": [ diff --git a/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json b/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json index 34d600174ac1..233dd024997d 100644 --- a/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/traceroute/test/traceroute-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2013-02-26T22:02:38.650Z", "destination.address": "8.8.8.8", "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", + "destination.as.organization.name": "GOOGLE", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json b/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json index 3ef709508a3f..5526eee8fc7b 100644 --- a/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/tunnel/test/tunnel-json.log-expected.json @@ -3,7 +3,7 @@ "@timestamp": "2018-12-10T01:34:26.743Z", "destination.address": "132.16.110.133", "destination.as.number": 427, - "destination.as.organization.name": "Air Force Systems Networking", + "destination.as.organization.name": "AFCONC-BLOCK1-AS", "destination.geo.continent_name": "North America", "destination.geo.country_iso_code": "US", "destination.geo.country_name": "United States", @@ -31,7 +31,7 @@ "service.type": "zeek", "source.address": "132.16.146.79", "source.as.number": 427, - "source.as.organization.name": "Air Force Systems Networking", + "source.as.organization.name": "AFCONC-BLOCK1-AS", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", diff --git a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json index 920448da59f4..e3303250baea 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json @@ -41,8 +41,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ntium", "rsa.misc.action": [ - "pisciv", - "Blocked" + "Blocked", + "pisciv" ], "rsa.misc.category": "umq", "rsa.misc.filter": "oremi", @@ -68,7 +68,6 @@ "url.original": "https://api.example.com/ivelitse/ritin.htm?utl=vol#amremap", "user.name": "sumdo", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -101,8 +100,8 @@ "eosquir5191.www.example" ], "related.ip": [ - "10.173.22.152", - "10.26.46.95" + "10.26.46.95", + "10.173.22.152" ], "related.user": [ "eataevi" @@ -143,7 +142,6 @@ "url.original": "https://internal.example.net/isiutal/moenimi.jpg?gnaali=enatus#mquia", "user.name": "eataevi", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -178,8 +176,8 @@ "orsitame3262.domain" ], "related.ip": [ - "10.254.146.57", - "10.204.86.149" + "10.204.86.149", + "10.254.146.57" ], "related.user": [ "tenima" @@ -220,7 +218,6 @@ "url.original": "https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte", "user.name": "tenima", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -255,8 +252,8 @@ "tempor4496.www.localdomain" ], "related.ip": [ - "10.252.125.53", - "10.103.246.190" + "10.103.246.190", + "10.252.125.53" ], "related.user": [ "equun" @@ -270,8 +267,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ima", "rsa.misc.action": [ - "llam", - "Allowed" + "Allowed", + "llam" ], "rsa.misc.category": "aboris", "rsa.misc.filter": "atatnonp", @@ -297,7 +294,6 @@ "url.original": "https://api.example.org/doloreeu/pori.jpg?itati=mfu#uid", "user.name": "equun", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -332,8 +328,8 @@ "ore2933.www.test" ], "related.ip": [ - "10.61.78.108", - "10.136.153.149" + "10.136.153.149", + "10.61.78.108" ], "related.user": [ "ercit" @@ -374,7 +370,6 @@ "url.original": "https://api.example.com/ele/tenbyCic.gif?porainc=amquisno#iinea", "user.name": "ercit", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -451,7 +446,6 @@ "url.original": "https://mail.example.org/sitas/ehenderi.jpg?atquovo=iumto#aboreetd", "user.name": "tessec", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -501,8 +495,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "lupt", "rsa.misc.action": [ - "dun", - "Blocked" + "Blocked", + "dun" ], "rsa.misc.category": "rsitamet", "rsa.misc.filter": "usmod", @@ -528,7 +522,6 @@ "url.original": "https://mail.example.net/aborumSe/luptat.txt?antiumto=strude#ctetura", "user.name": "xercitat", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -563,8 +556,8 @@ "icab4668.local" ], "related.ip": [ - "10.119.185.63", - "10.74.17.5" + "10.74.17.5", + "10.119.185.63" ], "related.user": [ "erc" @@ -605,7 +598,6 @@ "url.original": "https://www5.example.net/ntutla/equa.jpg?civeli=errorsi#des", "user.name": "erc", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -682,7 +674,6 @@ "url.original": "https://api.example.net/atvol/umiur.txt?tati=utaliqu#oriosamn", "user.name": "quip", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -732,8 +723,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ihilm", "rsa.misc.action": [ - "Allowed", - "psaquae" + "psaquae", + "Allowed" ], "rsa.misc.category": "eFinib", "rsa.misc.filter": "inesci", @@ -759,7 +750,6 @@ "url.original": "https://mail.example.net/equep/iavolu.gif?aqu=rpo#uipe", "user.name": "atu", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -809,8 +799,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "sci", "rsa.misc.action": [ - "Allowed", - "emseq" + "emseq", + "Allowed" ], "rsa.misc.category": "exercit", "rsa.misc.filter": "taevit", @@ -836,7 +826,6 @@ "url.original": "https://example.org/bor/occa.htm?dol=leumiu#namali", "user.name": "tNequepo", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -871,8 +860,8 @@ "radipisc7020.home" ], "related.ip": [ - "10.2.53.125", - "10.181.80.139" + "10.181.80.139", + "10.2.53.125" ], "related.user": [ "ihilmo" @@ -886,8 +875,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "dolorem", "rsa.misc.action": [ - "Allowed", - "lorsitam" + "lorsitam", + "Allowed" ], "rsa.misc.category": "proide", "rsa.misc.filter": "pariatu", @@ -913,7 +902,6 @@ "url.original": "https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos", "user.name": "ihilmo", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -990,7 +978,6 @@ "url.original": "https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn", "user.name": "ratvolu", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1040,8 +1027,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iurer", "rsa.misc.action": [ - "ionevo", - "Allowed" + "Allowed", + "ionevo" ], "rsa.misc.category": "tinvolu", "rsa.misc.filter": "idex", @@ -1067,7 +1054,6 @@ "url.original": "https://www.example.org/eporr/xeacomm.html?aturQui=utlabor#rau", "user.name": "volupta", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1144,7 +1130,6 @@ "url.original": "https://internal.example.net/ptatemq/luptatev.html?Nequepo=ipsumd#ntocc", "user.name": "saute", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1221,7 +1206,6 @@ "url.original": "https://www5.example.com/tateve/itinvol.txt?tenatus=cipitlab#ipsumd", "user.name": "inibusB", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1256,8 +1240,8 @@ "upida508.example" ], "related.ip": [ - "10.91.126.231", - "10.201.171.120" + "10.201.171.120", + "10.91.126.231" ], "related.user": [ "exercita" @@ -1298,7 +1282,6 @@ "url.original": "https://api.example.net/tquiin/tse.jpg?ovol=ptasn#taedicta", "user.name": "exercita", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -1333,8 +1316,8 @@ "oditem5255.api.localdomain" ], "related.ip": [ - "10.107.251.87", - "10.135.82.97" + "10.135.82.97", + "10.107.251.87" ], "related.user": [ "str" @@ -1348,8 +1331,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "quid", "rsa.misc.action": [ - "Allowed", - "itecto" + "itecto", + "Allowed" ], "rsa.misc.category": "quam", "rsa.misc.filter": "adeser", @@ -1375,7 +1358,6 @@ "url.original": "https://mail.example.org/olor/ineavo.gif?mquelau=iadolor#amcol", "user.name": "str", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -1410,8 +1392,8 @@ "uamei2389.internal.example" ], "related.ip": [ - "10.215.205.216", - "10.31.198.58" + "10.31.198.58", + "10.215.205.216" ], "related.user": [ "aturve" @@ -1425,8 +1407,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "oNemoeni", "rsa.misc.action": [ - "nre", - "Blocked" + "Blocked", + "nre" ], "rsa.misc.category": "labo", "rsa.misc.filter": "tutlab", @@ -1452,7 +1434,6 @@ "url.original": "https://www.example.com/its/ender.gif?oles=edic#seq", "user.name": "aturve", "user_agent.device.name": "Samsung SM-S337TL", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -1529,7 +1510,6 @@ "url.original": "https://www5.example.org/oeni/tdol.gif?llamco=nea#psum", "user.name": "ulapar", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -1564,8 +1544,8 @@ "tem6984.www5.domain" ], "related.ip": [ - "10.129.192.145", - "10.161.148.64" + "10.161.148.64", + "10.129.192.145" ], "related.user": [ "lor" @@ -1606,7 +1586,6 @@ "url.original": "https://www.example.com/uasiar/utlab.htm?loremqu=dantium#lor", "user.name": "lor", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -1641,8 +1620,8 @@ "lapariat7287.internal.host" ], "related.ip": [ - "10.7.200.140", - "10.203.65.161" + "10.203.65.161", + "10.7.200.140" ], "related.user": [ "snost" @@ -1683,7 +1662,6 @@ "url.original": "https://api.example.org/icabo/gna.html?urerepr=eseru#quamest", "user.name": "snost", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1718,8 +1696,8 @@ "licabo1493.api.corp" ], "related.ip": [ - "10.86.22.67", - "10.218.98.29" + "10.218.98.29", + "10.86.22.67" ], "related.user": [ "olori" @@ -1760,7 +1738,6 @@ "url.original": "https://api.example.org/oremi/elites.html?iosa=boNemoe#onsequ", "user.name": "olori", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1810,8 +1787,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ulpa", "rsa.misc.action": [ - "Allowed", - "gnaal" + "gnaal", + "Allowed" ], "rsa.misc.category": "nte", "rsa.misc.filter": "pid", @@ -1837,7 +1814,6 @@ "url.original": "https://example.com/luptatem/uaeratv.gif?dat=periam#dqu", "user.name": "fugi", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1872,8 +1848,8 @@ "sitam5077.internal.host" ], "related.ip": [ - "10.32.39.220", - "10.179.210.218" + "10.179.210.218", + "10.32.39.220" ], "related.user": [ "boreetdo" @@ -1887,8 +1863,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "riss", "rsa.misc.action": [ - "Blocked", - "risnis" + "risnis", + "Blocked" ], "rsa.misc.category": "emqu", "rsa.misc.filter": "oluptas", @@ -1914,7 +1890,6 @@ "url.original": "https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "user.name": "boreetdo", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -1949,8 +1924,8 @@ "dquia107.www.test" ], "related.ip": [ - "10.88.172.34", - "10.128.173.19" + "10.128.173.19", + "10.88.172.34" ], "related.user": [ "agnaaliq" @@ -1991,7 +1966,6 @@ "url.original": "https://api.example.com/ori/tconsect.html?ercit=eporroq#ulla", "user.name": "agnaaliq", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -2068,7 +2042,6 @@ "url.original": "https://api.example.org/rure/asiarchi.txt?loremeu=aturve#utfug", "user.name": "onse", "user_agent.device.name": "POCOPHONE F1", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2103,8 +2076,8 @@ "tamet6317.www.host" ], "related.ip": [ - "10.2.67.127", - "10.115.53.31" + "10.115.53.31", + "10.2.67.127" ], "related.user": [ "Cic" @@ -2118,8 +2091,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "quatD", "rsa.misc.action": [ - "Allowed", - "tatem" + "tatem", + "Allowed" ], "rsa.misc.category": "aincidun", "rsa.misc.filter": "uela", @@ -2145,7 +2118,6 @@ "url.original": "https://example.com/emUte/molestia.htm?orroqu=elitsed#labore", "user.name": "Cic", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2180,8 +2152,8 @@ "saquaea6344.www.invalid" ], "related.ip": [ - "10.101.38.213", - "10.204.214.251" + "10.204.214.251", + "10.101.38.213" ], "related.user": [ "ueipsa" @@ -2222,7 +2194,6 @@ "url.original": "https://mail.example.net/repreh/plic.jpg?utlabo=tetur#tionula", "user.name": "ueipsa", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2257,8 +2228,8 @@ "utaliqu4248.www.localhost" ], "related.ip": [ - "10.101.85.169", - "10.18.226.72" + "10.18.226.72", + "10.101.85.169" ], "related.user": [ "rroqu" @@ -2299,7 +2270,6 @@ "url.original": "https://api.example.com/tcu/iatqu.jpg?quovo=urExcep#ema", "user.name": "rroqu", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2349,8 +2319,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mag", "rsa.misc.action": [ - "Allowed", - "tali" + "tali", + "Allowed" ], "rsa.misc.category": "oconse", "rsa.misc.filter": "npr", @@ -2376,7 +2346,6 @@ "url.original": "https://www5.example.com/apariatu/lorsita.gif?msequ=uat#lupta", "user.name": "stenatus", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -2453,7 +2422,6 @@ "url.original": "https://internal.example.net/ende/abor.jpg?riameaqu=ame#tesseq", "user.name": "itasp", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -2503,8 +2471,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uteir", "rsa.misc.action": [ - "Section", - "Allowed" + "Allowed", + "Section" ], "rsa.misc.category": "cididu", "rsa.misc.filter": "Utenima", @@ -2530,7 +2498,6 @@ "url.original": "https://example.com/ame/amvolu.txt?equaturv=lamc#mvolupta", "user.name": "iusmodt", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2580,8 +2547,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tec", "rsa.misc.action": [ - "tatema", - "Allowed" + "Allowed", + "tatema" ], "rsa.misc.category": "emullamc", "rsa.misc.filter": "emveleum", @@ -2607,7 +2574,6 @@ "url.original": "https://mail.example.org/uisnostr/reetdol.txt?ugi=niamquis#nisi", "user.name": "mUteni", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -2657,8 +2623,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tvolup", "rsa.misc.action": [ - "Allowed", - "utemvel" + "utemvel", + "Allowed" ], "rsa.misc.category": "untutlab", "rsa.misc.filter": "dol", @@ -2684,7 +2650,6 @@ "url.original": "https://api.example.com/radipis/cive.gif?orumSec=nisiuta#stiaecon", "user.name": "umdolo", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2719,8 +2684,8 @@ "iamea478.www5.host" ], "related.ip": [ - "10.166.10.42", - "10.142.120.198" + "10.142.120.198", + "10.166.10.42" ], "related.user": [ "olori" @@ -2734,8 +2699,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ende", "rsa.misc.action": [ - "doconse", - "Blocked" + "Blocked", + "doconse" ], "rsa.misc.category": "uovolupt", "rsa.misc.filter": "litesse", @@ -2761,7 +2726,6 @@ "url.original": "https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto", "user.name": "olori", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2811,8 +2775,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "issu", "rsa.misc.action": [ - "Allowed", - "sed" + "sed", + "Allowed" ], "rsa.misc.category": "atur", "rsa.misc.filter": "iciadese", @@ -2838,7 +2802,6 @@ "url.original": "https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS", "user.name": "etur", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -2873,8 +2836,8 @@ "eufug1756.mail.corp" ], "related.ip": [ - "10.213.57.165", - "10.53.101.131" + "10.53.101.131", + "10.213.57.165" ], "related.user": [ "isau" @@ -2915,7 +2878,6 @@ "url.original": "https://example.net/snulap/enimadm.html?writte=sitvo#ine", "user.name": "isau", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2950,8 +2912,8 @@ "orp5697.www.invalid" ], "related.ip": [ - "10.243.6.41", - "10.55.81.14" + "10.55.81.14", + "10.243.6.41" ], "related.user": [ "eiusmo" @@ -2992,7 +2954,6 @@ "url.original": "https://internal.example.org/etcon/onsequu.gif?Bonoru=madminim#ents", "user.name": "eiusmo", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3027,8 +2988,8 @@ "pariatur7238.www5.invalid" ], "related.ip": [ - "10.33.144.10", - "10.202.224.79" + "10.202.224.79", + "10.33.144.10" ], "related.user": [ "rios" @@ -3042,8 +3003,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "lit", "rsa.misc.action": [ - "quu", - "Blocked" + "Blocked", + "quu" ], "rsa.misc.category": "oluptate", "rsa.misc.filter": "exercita", @@ -3069,7 +3030,6 @@ "url.original": "https://www.example.org/rur/itse.gif?pisciv=fugiatqu#seos", "user.name": "rios", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3104,8 +3064,8 @@ "fficia2304.www5.home" ], "related.ip": [ - "10.158.18.51", - "10.20.124.138" + "10.20.124.138", + "10.158.18.51" ], "related.user": [ "CSe" @@ -3146,7 +3106,6 @@ "url.original": "https://mail.example.com/qui/equeporr.jpg?itsedd=texpli#liquipex", "user.name": "CSe", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3181,8 +3140,8 @@ "mquisnos7453.home" ], "related.ip": [ - "10.118.177.136", - "10.134.128.27" + "10.134.128.27", + "10.118.177.136" ], "related.user": [ "Utenima" @@ -3196,8 +3155,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "voluptas", "rsa.misc.action": [ - "Allowed", - "olor" + "olor", + "Allowed" ], "rsa.misc.category": "ataevita", "rsa.misc.filter": "nderi", @@ -3223,7 +3182,6 @@ "url.original": "https://api.example.net/lup/iumtotam.html?ipitlabo=userror#eacommo", "user.name": "Utenima", "user_agent.device.name": "Meizu M6", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -3300,7 +3258,6 @@ "url.original": "https://example.org/onproide/uamnih.htm?tatisetq=uidolo#umdolore", "user.name": "reet", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3335,8 +3292,8 @@ "remagnam796.mail.corp" ], "related.ip": [ - "10.137.164.122", - "10.143.0.78" + "10.143.0.78", + "10.137.164.122" ], "related.user": [ "orissus" @@ -3377,7 +3334,6 @@ "url.original": "https://www5.example.org/obeataev/umf.htm?moll=quaeabil#emip", "user.name": "orissus", "user_agent.device.name": "Meizu M6", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -3427,8 +3383,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tatno", "rsa.misc.action": [ - "Blocked", - "ptatev" + "ptatev", + "Blocked" ], "rsa.misc.category": "udexerc", "rsa.misc.filter": "ptatemse", @@ -3454,7 +3410,6 @@ "url.original": "https://mail.example.org/consequa/eaqueip.gif?aevitaed=byCic#leumiur", "user.name": "psaquaea", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3489,8 +3444,8 @@ "rors1935.api.domain" ], "related.ip": [ - "10.111.249.184", - "10.83.138.34" + "10.83.138.34", + "10.111.249.184" ], "related.user": [ "dentsunt" @@ -3531,7 +3486,6 @@ "url.original": "https://example.org/tmo/onofdeF.txt?oremip=its#uptasnul", "user.name": "dentsunt", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -3566,8 +3520,8 @@ "idexeac1655.internal.test" ], "related.ip": [ - "10.180.150.47", - "10.141.195.13" + "10.141.195.13", + "10.180.150.47" ], "related.user": [ "taliq" @@ -3581,8 +3535,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "itesse", "rsa.misc.action": [ - "Allowed", - "uip" + "uip", + "Allowed" ], "rsa.misc.category": "teturad", "rsa.misc.filter": "roquisqu", @@ -3608,7 +3562,6 @@ "url.original": "https://mail.example.com/orsitvol/ntor.htm?itqu=minimav#smodtem", "user.name": "taliq", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3658,8 +3611,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mipsumq", "rsa.misc.action": [ - "citation", - "Allowed" + "Allowed", + "citation" ], "rsa.misc.category": "usant", "rsa.misc.filter": "Nem", @@ -3685,7 +3638,6 @@ "url.original": "https://internal.example.org/rumexe/xerci.gif?olor=quiav#gna", "user.name": "lamcolab", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3718,8 +3670,8 @@ "tecto708.www5.example" ], "related.ip": [ - "10.100.143.226", - "10.22.122.43" + "10.22.122.43", + "10.100.143.226" ], "related.user": [ "ute" @@ -3760,7 +3712,6 @@ "url.original": "https://example.org/tvolu/dutper.html?nbyCicer=scipit#equuntu", "user.name": "ute", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3810,8 +3761,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "dexea", "rsa.misc.action": [ - "tinvolup", - "Blocked" + "Blocked", + "tinvolup" ], "rsa.misc.category": "ende", "rsa.misc.filter": "onse", @@ -3837,7 +3788,6 @@ "url.original": "https://www.example.com/uiavo/uisaut.htm?paq=uianon#nul", "user.name": "ssec", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -3887,8 +3837,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "eritqui", "rsa.misc.action": [ - "dolor", - "Blocked" + "Blocked", + "dolor" ], "rsa.misc.category": "taspe", "rsa.misc.filter": "oremipsu", @@ -3914,7 +3864,6 @@ "url.original": "https://mail.example.com/uasiarch/Malor.jpg?iinea=snos#upt", "user.name": "sci", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3947,8 +3896,8 @@ "pitl6126.www.localdomain" ], "related.ip": [ - "10.229.102.140", - "10.243.182.229" + "10.243.182.229", + "10.229.102.140" ], "related.user": [ "duntut" @@ -3989,7 +3938,6 @@ "url.original": "https://api.example.org/ntiumt/sumquia.jpg?lam=asnu#com", "user.name": "duntut", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -4020,8 +3968,8 @@ "remaper3297.internal.test" ], "related.ip": [ - "10.39.46.155", - "10.120.138.109" + "10.120.138.109", + "10.39.46.155" ], "related.user": [ "picia" @@ -4035,8 +3983,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "adipisc", "rsa.misc.action": [ - "exer", - "Blocked" + "Blocked", + "exer" ], "rsa.misc.category": "remagna", "rsa.misc.filter": "emvel", @@ -4062,7 +4010,6 @@ "url.original": "https://example.com/itsedqu/paq.jpg?hilmol=oluptate#todi", "user.name": "picia", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4097,8 +4044,8 @@ "tamr1693.api.home" ], "related.ip": [ - "10.53.191.49", - "10.133.102.57" + "10.133.102.57", + "10.53.191.49" ], "related.user": [ "onsec" @@ -4139,7 +4086,6 @@ "url.original": "https://api.example.org/remeum/etur.html?Quisa=quiav#ctionofd", "user.name": "onsec", "user_agent.device.name": "Asus X01BDA", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -4216,7 +4162,6 @@ "url.original": "https://internal.example.org/ree/itten.gif?rsp=imipsa#nostrum", "user.name": "tem", "user_agent.device.name": "Samsung SM-A260G", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -4251,8 +4196,8 @@ "riatu2467.lan" ], "related.ip": [ - "10.221.20.165", - "10.7.18.226" + "10.7.18.226", + "10.221.20.165" ], "related.user": [ "uasiarch" @@ -4266,8 +4211,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iadeseru", "rsa.misc.action": [ - "Allowed", - "epreh" + "epreh", + "Allowed" ], "rsa.misc.category": "ruredol", "rsa.misc.filter": "atquo", @@ -4293,7 +4238,6 @@ "url.original": "https://www.example.net/ritquiin/reseo.jpg?ari=umtot#onemulla", "user.name": "uasiarch", "user_agent.device.name": "Meizu M6", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -4370,7 +4314,6 @@ "url.original": "https://mail.example.com/dexe/nemul.jpg?yCicero=inimave#eavolupt", "user.name": "inrepreh", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -4420,8 +4363,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uamquaer", "rsa.misc.action": [ - "Blocked", - "aerat" + "aerat", + "Blocked" ], "rsa.misc.category": "quela", "rsa.misc.filter": "qui", @@ -4447,7 +4390,6 @@ "url.original": "https://mail.example.org/caecat/uel.html?enim=umq#sistena", "user.name": "olup", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4480,8 +4422,8 @@ "imveni193.www5.host" ], "related.ip": [ - "10.112.190.154", - "10.55.38.153" + "10.55.38.153", + "10.112.190.154" ], "related.user": [ "oremeu" @@ -4522,7 +4464,6 @@ "url.original": "https://mail.example.com/runtmoll/busBon.txt?ionev=vitaedi#rna", "user.name": "oremeu", "user_agent.device.name": "XiaoMi Redmi 4X", - "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -4557,8 +4498,8 @@ "ionu3320.api.localhost" ], "related.ip": [ - "10.250.48.82", - "10.195.153.42" + "10.195.153.42", + "10.250.48.82" ], "related.user": [ "tsedquia" @@ -4572,8 +4513,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tDuisaut", "rsa.misc.action": [ - "upidatat", - "Allowed" + "Allowed", + "upidatat" ], "rsa.misc.category": "aliquide", "rsa.misc.filter": "deriti", @@ -4599,7 +4540,6 @@ "url.original": "https://api.example.com/lits/tvolu.jpg?squir=gnaaliq#quam", "user.name": "tsedquia", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4634,8 +4574,8 @@ "remips1499.www.local" ], "related.ip": [ - "10.252.164.230", - "10.60.52.219" + "10.60.52.219", + "10.252.164.230" ], "related.user": [ "gnamali" @@ -4649,8 +4589,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rroq", "rsa.misc.action": [ - "fdeFin", - "Blocked" + "Blocked", + "fdeFin" ], "rsa.misc.category": "diduntut", "rsa.misc.filter": "ano", @@ -4676,7 +4616,6 @@ "url.original": "https://mail.example.net/loremi/queporro.jpg?ade=nihilmol#nder", "user.name": "gnamali", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -4707,8 +4646,8 @@ "mdoloree96.domain" ], "related.ip": [ - "10.122.102.156", - "10.187.16.73" + "10.187.16.73", + "10.122.102.156" ], "related.user": [ "emoen" @@ -4722,8 +4661,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "dipisc", "rsa.misc.action": [ - "Allowed", - "turad" + "turad", + "Allowed" ], "rsa.misc.category": "ulpaquio", "rsa.misc.filter": "ngelits", @@ -4749,7 +4688,6 @@ "url.original": "https://api.example.com/nge/psum.gif?exerci=isnostru#iad", "user.name": "emoen", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4826,7 +4764,6 @@ "url.original": "https://internal.example.org/ddoeiusm/apa.txt?uptatemU=rem#onorumet", "user.name": "prehend", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4859,8 +4796,8 @@ "sBonoru1929.example" ], "related.ip": [ - "10.51.161.245", - "10.15.254.181" + "10.15.254.181", + "10.51.161.245" ], "related.user": [ "abo" @@ -4874,8 +4811,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "modit", "rsa.misc.action": [ - "Allowed", - "uteiru" + "uteiru", + "Allowed" ], "rsa.misc.category": "qua", "rsa.misc.filter": "saute", @@ -4901,7 +4838,6 @@ "url.original": "https://www5.example.net/yCice/uinesci.htm?taevitae=dminimv#quam", "user.name": "abo", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4936,8 +4872,8 @@ "onorumet4871.lan" ], "related.ip": [ - "10.7.152.238", - "10.129.66.196" + "10.129.66.196", + "10.7.152.238" ], "related.user": [ "equamn" @@ -4978,7 +4914,6 @@ "url.original": "https://api.example.com/itinvolu/adeserun.txt?tinv=Utenima#nse", "user.name": "equamn", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -5013,8 +4948,8 @@ "onproi4354.www5.invalid" ], "related.ip": [ - "10.185.107.27", - "10.29.162.157" + "10.29.162.157", + "10.185.107.27" ], "related.user": [ "evelite" @@ -5055,7 +4990,6 @@ "url.original": "https://www.example.org/sci/isquames.gif?tlabor=itecto#loreeuf", "user.name": "evelite", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5132,7 +5066,6 @@ "url.original": "https://mail.example.org/umdolo/nimv.htm?equunt=tutla#usmod", "user.name": "eavolupt", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -5209,7 +5142,6 @@ "url.original": "https://mail.example.net/tvol/ostru.htm?oei=iquipex#byCice", "user.name": "Nequepo", "user_agent.device.name": "STK-L21", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -5244,8 +5176,8 @@ "quia7214.example" ], "related.ip": [ - "10.91.20.27", - "10.193.152.42" + "10.193.152.42", + "10.91.20.27" ], "related.user": [ "edict" @@ -5286,7 +5218,6 @@ "url.original": "https://mail.example.org/pariatur/cita.html?equuntur=rve#atemacc", "user.name": "edict", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -5321,8 +5252,8 @@ "aturExc7343.invalid" ], "related.ip": [ - "10.55.192.102", - "10.146.69.38" + "10.146.69.38", + "10.55.192.102" ], "related.user": [ "quia" @@ -5336,8 +5267,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "omnisi", "rsa.misc.action": [ - "userro", - "Allowed" + "Allowed", + "userro" ], "rsa.misc.category": "etd", "rsa.misc.filter": "loremeum", @@ -5363,7 +5294,6 @@ "url.original": "https://example.org/aturE/aaliqu.gif?nvol=doloreeu#elillumq", "user.name": "quia", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5398,8 +5328,8 @@ "olo7317.www5.localhost" ], "related.ip": [ - "10.249.1.143", - "10.124.177.226" + "10.124.177.226", + "10.249.1.143" ], "related.user": [ "isciveli" @@ -5440,7 +5370,6 @@ "url.original": "https://internal.example.org/olorin/orisnisi.gif?eritquii=atevelit#dese", "user.name": "isciveli", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -5517,7 +5446,6 @@ "url.original": "https://example.org/vel/preh.html?sequamni=edutpers#deo", "user.name": "estla", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5552,8 +5480,8 @@ "agna5654.www.corp" ], "related.ip": [ - "10.203.47.23", - "10.200.74.101" + "10.200.74.101", + "10.203.47.23" ], "related.user": [ "litesse" @@ -5567,8 +5495,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "nde", "rsa.misc.action": [ - "Allowed", - "iqu" + "iqu", + "Allowed" ], "rsa.misc.category": "ametco", "rsa.misc.filter": "ntincul", @@ -5594,7 +5522,6 @@ "url.original": "https://example.com/nonproi/dolor.jpg?molli=oeiusm#aUtenim", "user.name": "litesse", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5671,7 +5598,6 @@ "url.original": "https://example.com/sedqui/iuntNe.gif?epteu=nvent#uepor", "user.name": "ntore", "user_agent.device.name": "U307AS", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5706,8 +5632,8 @@ "oluptat2848.api.home" ], "related.ip": [ - "10.55.151.53", - "10.211.66.68" + "10.211.66.68", + "10.55.151.53" ], "related.user": [ "squir" @@ -5721,8 +5647,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "diconseq", "rsa.misc.action": [ - "umet", - "Allowed" + "Allowed", + "umet" ], "rsa.misc.category": "ciad", "rsa.misc.filter": "oeiusmod", @@ -5748,7 +5674,6 @@ "url.original": "https://www5.example.net/lits/Nemoen.txt?elillu=seruntmo#imidest", "user.name": "squir", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5783,8 +5708,8 @@ "ngelitse7535.internal.lan" ], "related.ip": [ - "10.110.16.169", - "10.209.203.156" + "10.209.203.156", + "10.110.16.169" ], "related.user": [ "mes" @@ -5825,7 +5750,6 @@ "url.original": "https://example.org/eius/evo.jpg?iarchit=volupt#ipis", "user.name": "mes", "user_agent.device.name": "G8142", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5860,8 +5784,8 @@ "tiumtot3611.internal.localdomain" ], "related.ip": [ - "10.84.9.150", - "10.107.68.114" + "10.107.68.114", + "10.84.9.150" ], "related.user": [ "sequatDu" @@ -5902,7 +5826,6 @@ "url.original": "https://www5.example.net/equun/veli.gif?tem=iadeseru#uiineavo", "user.name": "sequatDu", "user_agent.device.name": "LG-$2", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5937,8 +5860,8 @@ "gnaa4656.api.example" ], "related.ip": [ - "10.124.119.48", - "10.26.222.144" + "10.26.222.144", + "10.124.119.48" ], "related.user": [ "nre" @@ -5979,7 +5902,6 @@ "url.original": "https://internal.example.com/ecatcu/tMalo.txt?nse=rauto#rese", "user.name": "nre", "user_agent.device.name": "Samsung SM-A305FN", - "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -6029,8 +5951,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "officiad", "rsa.misc.action": [ - "antium", - "Allowed" + "Allowed", + "antium" ], "rsa.misc.category": "emoeni", "rsa.misc.filter": "itvo", @@ -6056,7 +5978,6 @@ "url.original": "https://mail.example.org/ntutlabo/leumiure.htm?eacommo=amqua#tionevol", "user.name": "ten", "user_agent.device.name": "LM-V350", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6091,8 +6012,8 @@ "iavol5202.api.example" ], "related.ip": [ - "10.14.37.8", - "10.121.181.243" + "10.121.181.243", + "10.14.37.8" ], "related.user": [ "umwr" @@ -6133,7 +6054,6 @@ "url.original": "https://www.example.org/ugitsed/ritatis.jpg?xplic=stenat#mquis", "user.name": "umwr", "user_agent.device.name": "Lenovo A2016a40 ", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -6183,8 +6103,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tat", "rsa.misc.action": [ - "Blocked", - "nia" + "nia", + "Blocked" ], "rsa.misc.category": "turQuis", "rsa.misc.filter": "nonp", @@ -6210,7 +6130,6 @@ "url.original": "https://mail.example.com/aute/dictasu.gif?ptas=iadolo#cidu", "user.name": "evita", "user_agent.device.name": "ZTE Blade V1000RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -6260,8 +6179,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Exce", "rsa.misc.action": [ - "ulapa", - "Allowed" + "Allowed", + "ulapa" ], "rsa.misc.category": "reprehen", "rsa.misc.filter": "itsedqui", @@ -6287,7 +6206,6 @@ "url.original": "https://mail.example.net/enbyCic/aturau.gif?orroqui=sci#psamvolu", "user.name": "tectobe", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -6322,8 +6240,8 @@ "elit912.www5.test" ], "related.ip": [ - "10.176.233.249", - "10.75.144.118" + "10.75.144.118", + "10.176.233.249" ], "related.user": [ "isnos" @@ -6337,8 +6255,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "essequa", "rsa.misc.action": [ - "Blocked", - "odic" + "odic", + "Blocked" ], "rsa.misc.category": "cto", "rsa.misc.filter": "odite", @@ -6364,7 +6282,6 @@ "url.original": "https://example.org/olu/mqua.txt?mdolore=ita#aeratvol", "user.name": "isnos", "user_agent.device.name": "VS996", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -6399,8 +6316,8 @@ "tat6671.www.local" ], "related.ip": [ - "10.149.6.107", - "10.236.55.236" + "10.236.55.236", + "10.149.6.107" ], "related.user": [ "redolo" @@ -6414,8 +6331,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uis", "rsa.misc.action": [ - "Allowed", - "mvele" + "mvele", + "Allowed" ], "rsa.misc.category": "vitaedi", "rsa.misc.filter": "ndeomni", @@ -6441,7 +6358,6 @@ "url.original": "https://api.example.net/mnisiut/eabil.jpg?psumqui=trude#ccusa", "user.name": "redolo", "user_agent.device.name": "LM-V350", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6476,8 +6392,8 @@ "uis5050.www.local" ], "related.ip": [ - "10.13.125.101", - "10.97.202.149" + "10.97.202.149", + "10.13.125.101" ], "related.user": [ "colab" @@ -6518,7 +6434,6 @@ "url.original": "https://api.example.net/uamestq/eetdol.html?ctionofd=uianonnu#ntNeque", "user.name": "colab", "user_agent.device.name": "Micromax P410i", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -6568,8 +6483,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "itautf", "rsa.misc.action": [ - "mini", - "Blocked" + "Blocked", + "mini" ], "rsa.misc.category": "gna", "rsa.misc.filter": "usmo", @@ -6595,7 +6510,6 @@ "url.original": "https://mail.example.net/ius/msequ.jpg?ptat=tionula#gnido", "user.name": "umdolo", "user_agent.device.name": "ZTE BLADE V7", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6630,8 +6544,8 @@ "itaspe921.mail.invalid" ], "related.ip": [ - "10.224.249.228", - "10.10.25.145" + "10.10.25.145", + "10.224.249.228" ], "related.user": [ "mnisiuta" @@ -6645,8 +6559,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "issuscip", "rsa.misc.action": [ - "Blocked", - "remap" + "remap", + "Blocked" ], "rsa.misc.category": "eetdolo", "rsa.misc.filter": "rsitam", @@ -6672,7 +6586,6 @@ "url.original": "https://www.example.org/iat/acom.html?umdolo=oluptass#umqu", "user.name": "mnisiuta", "user_agent.device.name": "LM-V350", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6707,8 +6620,8 @@ "archite4407.mail.invalid" ], "related.ip": [ - "10.234.34.40", - "10.247.255.107" + "10.247.255.107", + "10.234.34.40" ], "related.user": [ "aeabillo" @@ -6722,8 +6635,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "neavolu", "rsa.misc.action": [ - "Blocked", - "nofdeF" + "nofdeF", + "Blocked" ], "rsa.misc.category": "remagnam", "rsa.misc.filter": "maveniam", @@ -6749,7 +6662,6 @@ "url.original": "https://www.example.com/onorum/umiure.gif?lites=admini#trumexer", "user.name": "aeabillo", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6826,7 +6738,6 @@ "url.original": "https://mail.example.org/veni/rspi.htm?ntium=imadmi#dquiac", "user.name": "tNequ", "user_agent.device.name": "Pixel 3", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6861,8 +6772,8 @@ "Bonoru7444.www5.example" ], "related.ip": [ - "10.154.188.132", - "10.166.205.159" + "10.166.205.159", + "10.154.188.132" ], "related.user": [ "uptat" @@ -6903,7 +6814,6 @@ "url.original": "https://www.example.com/tem/litsedq.htm?ium=utfugit#beat", "user.name": "uptat", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -6934,8 +6844,8 @@ "icero1297.internal.domain" ], "related.ip": [ - "10.46.71.46", - "10.138.193.38" + "10.138.193.38", + "10.46.71.46" ], "related.user": [ "sintocca" @@ -6949,8 +6859,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "upta", "rsa.misc.action": [ - "uovolup", - "Allowed" + "Allowed", + "uovolup" ], "rsa.misc.category": "todit", "rsa.misc.filter": "atisetq", @@ -6976,7 +6886,6 @@ "url.original": "https://www.example.com/amcola/eumiurer.gif?stiaeco=equu#laborisn", "user.name": "sintocca", "user_agent.device.name": "Spider", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -7022,8 +6931,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "imadmi", "rsa.misc.action": [ - "Blocked", - "tatemacc" + "tatemacc", + "Blocked" ], "rsa.misc.category": "tutlabor", "rsa.misc.filter": "eturad", @@ -7049,7 +6958,6 @@ "url.original": "https://api.example.net/sedquian/lamcorpo.html?sequatD=Nequepo#veleum", "user.name": "usm", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -7099,8 +7007,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "isnost", "rsa.misc.action": [ - "Allowed", - "oriosa" + "oriosa", + "Allowed" ], "rsa.misc.category": "uis", "rsa.misc.filter": "nemul", @@ -7126,7 +7034,6 @@ "url.original": "https://www5.example.com/ictasun/iumto.txt?erro=admin#uisnostr", "user.name": "ptassit", "user_agent.device.name": "Samsung SM-A715F", - "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -7161,8 +7068,8 @@ "nderit1171.www5.domain" ], "related.ip": [ - "10.144.93.186", - "10.84.140.5" + "10.84.140.5", + "10.144.93.186" ], "related.user": [ "eroi" @@ -7203,7 +7110,6 @@ "url.original": "https://www5.example.org/oriosa/ssusc.htm?atemacc=rsitvolu#isi", "user.name": "eroi", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -7280,7 +7186,6 @@ "url.original": "https://mail.example.net/tseddoei/byCi.gif?assitas=nul#ame", "user.name": "unt", "user_agent.device.name": "Android", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -7330,8 +7235,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rrorsi", "rsa.misc.action": [ - "Allowed", - "exe" + "exe", + "Allowed" ], "rsa.misc.category": "mnihi", "rsa.misc.filter": "consequa", @@ -7357,7 +7262,6 @@ "url.original": "https://www5.example.org/liquipe/rehe.gif?niamqu=uioffi#suntin", "user.name": "hende", "user_agent.device.name": "Samsung GT-P3100 ", - "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -7392,8 +7296,8 @@ "ueip6097.api.host" ], "related.ip": [ - "10.152.217.174", - "10.128.43.71" + "10.128.43.71", + "10.152.217.174" ], "related.user": [ "mquiado" @@ -7434,7 +7338,6 @@ "url.original": "https://www.example.org/erit/asiarch.gif?tdolor=oremagna#siuta", "user.name": "mquiado", "user_agent.device.name": "Notepad_K10", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -7469,8 +7372,8 @@ "fugiatqu7793.www.localdomain" ], "related.ip": [ - "10.217.193.148", - "10.26.149.221" + "10.26.149.221", + "10.217.193.148" ], "related.user": [ "uisa" @@ -7511,7 +7414,6 @@ "url.original": "https://mail.example.org/maven/tectob.jpg?litsedd=mnis#ainci", "user.name": "uisa", "user_agent.device.name": "QMobile X700 PRO II", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -7546,8 +7448,8 @@ "onsequ3168.www.corp" ], "related.ip": [ - "10.109.192.53", - "10.172.17.6" + "10.172.17.6", + "10.109.192.53" ], "related.user": [ "eprehen" @@ -7588,7 +7490,6 @@ "url.original": "https://www.example.com/siarch/oloremi.htm?one=iduntutl#tNe", "user.name": "eprehen", "user_agent.device.name": "U20", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -7638,8 +7539,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "exeacomm", "rsa.misc.action": [ - "Blocked", - "volup" + "volup", + "Blocked" ], "rsa.misc.category": "ten", "rsa.misc.filter": "ssecil", @@ -7665,7 +7566,6 @@ "url.original": "https://mail.example.com/ostr/liqu.txt?niam=mullamc#umtota", "user.name": "ore", "user_agent.device.name": "5024D_RU", - "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", diff --git a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json index f651e843b075..d2e89ea6140a 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json @@ -31,8 +31,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "", "rsa.misc.action": [ - "", - "" + "", + "" ], "rsa.misc.category": "", "rsa.misc.filter": "", @@ -54,7 +54,6 @@ "url.original": "", "user.name": "", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" } From b09415eca308de72fd3865481764c7b7ccd04794 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Mon, 19 Apr 2021 16:53:05 +0200 Subject: [PATCH 2/3] Update golden files on filebeat --- .../test/darwin-2.4.23.log-expected.json | 30 +- .../access/test/ssl-request.log-expected.json | 2 + .../access/test/test-vhost.log-expected.json | 1 - .../apache/access/test/test.log-expected.json | 4 - .../test/ubuntu-2.2.22.log-expected.json | 9 - .../apache/error/test/test.log-expected.json | 12 +- .../log/test/audit-rhel6.log-expected.json | 16 +- .../auditd/log/test/test.log-expected.json | 8 +- .../log/test/default.log-expected.json | 13 +- .../log/test/haproxy.log-expected.json | 13 +- .../test/test-iis-7.2.log-expected.json | 5 - .../test/test-iis-7.5.log-expected.json | 1 - .../test/test-ipv6zone.log-expected.json | 1 - ...t-x-forward-for-extended.log-expected.json | 6 - .../test/test-x-forward-for.log-expected.json | 9 - .../iis/access/test/test.log-expected.json | 19 +- .../iis/error/test/test.log-expected.json | 21 +- .../access/test/access.log-expected.json | 92 ++--- .../test/test-with-host.log-expected.json | 37 +- .../nginx/access/test/test.log-expected.json | 37 +- .../test/test.log-expected.json | 21 -- .../auth/test/secure-rhel7.log-expected.json | 355 +++++++++--------- .../system/auth/test/test.log-expected.json | 13 +- .../access/test/test.log-expected.json | 35 +- 24 files changed, 326 insertions(+), 434 deletions(-) diff --git a/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json b/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json index 1f3600f2e09c..5e55e3bb1c54 100644 --- a/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json +++ b/filebeat/module/apache/access/test/darwin-2.4.23.log-expected.json @@ -73,14 +73,14 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/", "user.name": "-" @@ -103,14 +103,14 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/notfound", "user.name": "-" @@ -133,14 +133,14 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/hmm", "user.name": "-" diff --git a/filebeat/module/apache/access/test/ssl-request.log-expected.json b/filebeat/module/apache/access/test/ssl-request.log-expected.json index 3eb3e283b198..b227944bcd10 100644 --- a/filebeat/module/apache/access/test/ssl-request.log-expected.json +++ b/filebeat/module/apache/access/test/ssl-request.log-expected.json @@ -36,6 +36,8 @@ "log.offset": 276, "service.type": "apache", "source.address": "11.19.0.217", + "source.as.number": 8003, + "source.as.organization.name": "GRS-DOD", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", diff --git a/filebeat/module/apache/access/test/test-vhost.log-expected.json b/filebeat/module/apache/access/test/test-vhost.log-expected.json index 2b0bb3cd06c1..b332788ad2b0 100644 --- a/filebeat/module/apache/access/test/test-vhost.log-expected.json +++ b/filebeat/module/apache/access/test/test-vhost.log-expected.json @@ -20,7 +20,6 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/apache/access/test/test.log-expected.json b/filebeat/module/apache/access/test/test.log-expected.json index 6d49efee8662..ebe888475861 100644 --- a/filebeat/module/apache/access/test/test.log-expected.json +++ b/filebeat/module/apache/access/test/test.log-expected.json @@ -40,7 +40,6 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -85,7 +84,6 @@ "url.original": "/stringpatch", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -114,7 +112,6 @@ "url.original": "/status", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -140,7 +137,6 @@ "source.ip": "127.0.0.1", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "-" } diff --git a/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json b/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json index 9bdfab368180..e9680e5b7fbc 100644 --- a/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json +++ b/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json @@ -20,7 +20,6 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Wget", "user_agent.original": "Wget/1.13.4 (linux-gnu)", "user_agent.os.name": "Linux", @@ -47,7 +46,6 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -76,7 +74,6 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -105,7 +102,6 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -134,7 +130,6 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -163,7 +158,6 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -192,7 +186,6 @@ "url.original": "/test", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -221,7 +214,6 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -250,7 +242,6 @@ "url.original": "/crap", "user.name": "-", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/apache/error/test/test.log-expected.json b/filebeat/module/apache/error/test/test.log-expected.json index d9f470db46a4..c17aac2259d8 100644 --- a/filebeat/module/apache/error/test/test.log-expected.json +++ b/filebeat/module/apache/error/test/test.log-expected.json @@ -52,13 +52,13 @@ "service.type": "apache", "source.address": "72.15.99.187", "source.as.number": 11693, - "source.as.organization.name": "WideOpenWest Finance LLC", - "source.geo.city_name": "Newnan", + "source.as.organization.name": "NULINK", + "source.geo.city_name": "Tyrone", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 33.3708, - "source.geo.location.lon": -84.8154, + "source.geo.location.lat": 33.4715, + "source.geo.location.lon": -84.5929, "source.geo.region_iso_code": "US-GA", "source.geo.region_name": "Georgia", "source.ip": "72.15.99.187" @@ -86,8 +86,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 39.9288, - "source.geo.location.lon": 116.3889, + "source.geo.location.lat": 39.9285, + "source.geo.location.lon": 116.385, "source.geo.region_iso_code": "CN-BJ", "source.geo.region_name": "Beijing", "source.ip": "123.123.123.123", diff --git a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json index 215c0bf11f91..18f230066389 100644 --- a/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json +++ b/filebeat/module/auditd/log/test/audit-rhel6.log-expected.json @@ -291,13 +291,13 @@ "service.type": "auditd", "source.address": "96.241.146.97", "source.as.number": 701, - "source.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", - "source.geo.city_name": "Aldie", + "source.as.organization.name": "UUNET", + "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 38.9637, - "source.geo.location.lon": -77.6099, + "source.geo.location.lat": 39.0127, + "source.geo.location.lon": -77.5342, "source.geo.region_iso_code": "US-VA", "source.geo.region_name": "Virginia", "source.ip": "96.241.146.97", @@ -334,13 +334,13 @@ "service.type": "auditd", "source.address": "96.241.146.97", "source.as.number": 701, - "source.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", - "source.geo.city_name": "Aldie", + "source.as.organization.name": "UUNET", + "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 38.9637, - "source.geo.location.lon": -77.6099, + "source.geo.location.lat": 39.0127, + "source.geo.location.lon": -77.5342, "source.geo.region_iso_code": "US-VA", "source.geo.region_name": "Virginia", "source.ip": "96.241.146.97", diff --git a/filebeat/module/auditd/log/test/test.log-expected.json b/filebeat/module/auditd/log/test/test.log-expected.json index 48caa4ae6c5b..b209fbe7e295 100644 --- a/filebeat/module/auditd/log/test/test.log-expected.json +++ b/filebeat/module/auditd/log/test/test.log-expected.json @@ -136,13 +136,13 @@ "service.type": "auditd", "source.address": "96.241.146.97", "source.as.number": 701, - "source.as.organization.name": "MCI Communications Services, Inc. d/b/a Verizon Business", - "source.geo.city_name": "Aldie", + "source.as.organization.name": "UUNET", + "source.geo.city_name": "Ashburn", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 38.9637, - "source.geo.location.lon": -77.6099, + "source.geo.location.lat": 39.0127, + "source.geo.location.lon": -77.5342, "source.geo.region_iso_code": "US-VA", "source.geo.region_name": "Virginia", "source.ip": "96.241.146.97", diff --git a/filebeat/module/haproxy/log/test/default.log-expected.json b/filebeat/module/haproxy/log/test/default.log-expected.json index 4da9bc98f174..cfe1465024ed 100644 --- a/filebeat/module/haproxy/log/test/default.log-expected.json +++ b/filebeat/module/haproxy/log/test/default.log-expected.json @@ -27,14 +27,11 @@ ], "service.type": "haproxy", "source.address": "1.2.3.4", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "source.port": 40780 } diff --git a/filebeat/module/haproxy/log/test/haproxy.log-expected.json b/filebeat/module/haproxy/log/test/haproxy.log-expected.json index b33e80ab0731..cbb4b0dfc43c 100644 --- a/filebeat/module/haproxy/log/test/haproxy.log-expected.json +++ b/filebeat/module/haproxy/log/test/haproxy.log-expected.json @@ -44,14 +44,11 @@ ], "service.type": "haproxy", "source.address": "1.2.3.4", - "source.geo.city_name": "Moscow", - "source.geo.continent_name": "Europe", - "source.geo.country_iso_code": "RU", - "source.geo.country_name": "Russia", - "source.geo.location.lat": 55.7527, - "source.geo.location.lon": 37.6172, - "source.geo.region_iso_code": "RU-MOW", - "source.geo.region_name": "Moscow", + "source.geo.continent_name": "Oceania", + "source.geo.country_iso_code": "AU", + "source.geo.country_name": "Australia", + "source.geo.location.lat": -33.494, + "source.geo.location.lon": 143.2104, "source.ip": "1.2.3.4", "source.port": 38862 } diff --git a/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json index 7b21735e4d4b..64ad587bb8bc 100644 --- a/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json +++ b/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json @@ -33,7 +33,6 @@ "url.path": "/pbserver/..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -75,7 +74,6 @@ "url.path": "/pbserver/..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -116,7 +114,6 @@ "source.ip": "10.50.6.188", "url.path": "/Director", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -157,7 +154,6 @@ "source.ip": "10.50.6.188", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -199,7 +195,6 @@ "url.path": "/pbserver/..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", diff --git a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json index c8e10677d3dc..952105369253 100644 --- a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json +++ b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json @@ -32,7 +32,6 @@ "source.ip": "10.100.118.31", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR[ 2.0.50727](tel: 2050727); .NET CLR 3.0.30729)", "user_agent.os.full": "Windows 8.1", diff --git a/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json b/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json index c3c1a14a05e4..c3f4a4932dac 100644 --- a/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json +++ b/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json @@ -38,7 +38,6 @@ "source.ip": "::1", "url.path": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", diff --git a/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json b/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json index fa825003cd4e..565bdfca17d6 100644 --- a/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json +++ b/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json @@ -40,7 +40,6 @@ "source.ip": "10.24.136.240", "url.path": "/favicon.ico", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0", "user_agent.os.full": "Windows 10", @@ -88,7 +87,6 @@ "source.ip": "10.24.136.240", "url.path": "/robots.txt", "user_agent.device.name": "Spider", - "user_agent.device.type": "Robot", "user_agent.name": "Twitterbot", "user_agent.original": "Twitterbot/1.0", "user_agent.version": "1.0" @@ -136,7 +134,6 @@ "url.path": "/app_data/cache/9/e/1/c/3/7/9e1c37a203a2a306e8f5d4df1bddb1109dd42e57.jpg", "url.query": "width=35&height=38&mode=crop", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Edge", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362", "user_agent.os.full": "Windows 10", @@ -187,7 +184,6 @@ "url.path": "/app_data/cache/f/b/7/1/2/7/fb71277260ae26a108c3608ce1a62474a55b2556.jpg", "url.query": "width=75&height=40&mode=crop", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Edge", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362", "user_agent.os.full": "Windows 10", @@ -238,7 +234,6 @@ "url.path": "/Blob/a9e2fe596ac14a4ab07beb6b6e2c6545/15a3917cacf44de59af9cc899e90a9d4.png", "url.query": "width=60&height=20&mode=crop", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1", "user_agent.os.full": "iOS 13.7", @@ -289,7 +284,6 @@ "url.path": "/Blob/ff64cd9efcf4424dbf06b3b8133eeea2/f2e0b2998b1f43cb98e5b31c7faa91f4.jpg", "url.query": "width=60&height=20&mode=crop", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1", "user_agent.os.full": "iOS 13.7", diff --git a/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json b/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json index 7acf700509ed..4d8ace5a7fb5 100644 --- a/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json +++ b/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json @@ -34,7 +34,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadBatchTotals", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -77,7 +76,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadBatchTotals", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -120,7 +118,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadJETotals", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -164,7 +161,6 @@ "url.path": "/Production-UI/data/finance/legacy/GLAPAprvMaster", "url.query": "$filter=BatchId%20eq%20%27FY21HSNG0820%27&$orderby=Subsys,Ref&$skip=0&$top=20", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -208,7 +204,6 @@ "url.path": "/Production-UI/data/finance/legacy/GLATrnsDetail", "url.query": "$filter=Subsys%20eq%20%27JE%27%20and%20Ref%20eq%20%27HSNG08-MR%27%20and%20BatchId%20eq%20%27FY21HSNG0820%27&$orderby=RecNo&$skip=0&$top=20", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -251,7 +246,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/PendingAttachments/GLJEUB", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -294,7 +288,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/GLATrnsDetail/attachments/", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -337,7 +330,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/GLAPAprvMaster/attachments/", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -380,7 +372,6 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/attachDoc", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index 59a6d13d4bc2..a3a3adb10953 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -31,19 +31,15 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.path": "/", "url.query": "q=100", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0", "user_agent.os.full": "Windows 7", @@ -81,7 +77,6 @@ "source.ip": "127.0.0.1", "url.path": "/", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0", "user_agent.os.full": "Windows 7", @@ -127,18 +122,14 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.path": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -180,7 +171,6 @@ "url.path": "/", "url.query": "redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23webroot%3d%23req.getSession().getServletContext().getRealPath('/'),%23resp.println(%23webroot),%23resp.flush(),%23resp.close()}", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -221,7 +211,6 @@ "source.ip": "10.50.6.188", "url.path": "/${#context['xwork.MethodAccessor.denyMethodExecution']=!(#_memberAccess['allowStaticMethodAccess']=true),(@java.lang.Runtime@getRuntime()).exec('ipconfig').waitFor()}.action", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", diff --git a/filebeat/module/iis/error/test/test.log-expected.json b/filebeat/module/iis/error/test/test.log-expected.json index 506ee6ba2edd..0819d12bb182 100644 --- a/filebeat/module/iis/error/test/test.log-expected.json +++ b/filebeat/module/iis/error/test/test.log-expected.json @@ -63,14 +63,11 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "source.port": 2780, "url.original": "/ThisIsMyUrl.htm" @@ -106,14 +103,11 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "source.port": 2894, "url.original": "/" @@ -145,14 +139,11 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "source.port": 64388 } diff --git a/filebeat/module/nginx/access/test/access.log-expected.json b/filebeat/module/nginx/access/test/access.log-expected.json index a54a5d52ebf5..404915e6b63b 100644 --- a/filebeat/module/nginx/access/test/access.log-expected.json +++ b/filebeat/module/nginx/access/test/access.log-expected.json @@ -29,18 +29,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -79,18 +78,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -128,18 +126,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/adsasd", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -177,18 +174,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -227,18 +223,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -276,18 +271,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/test", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -325,18 +319,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/test", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -374,18 +367,17 @@ "source.address": "77.179.66.156", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Germersheim", + "source.geo.city_name": "Frankfurt am Main", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 49.2231, - "source.geo.location.lon": 8.3639, - "source.geo.region_iso_code": "DE-RP", - "source.geo.region_name": "Rheinland-Pfalz", + "source.geo.location.lat": 50.1234, + "source.geo.location.lon": 8.6119, + "source.geo.region_iso_code": "DE-HE", + "source.geo.region_name": "Hesse", "source.ip": "77.179.66.156", "url.original": "/test1", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -424,7 +416,6 @@ "source.ip": "127.0.0.1", "url.original": "/test1", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -463,7 +454,6 @@ "source.ip": "127.0.0.1", "url.original": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -502,7 +492,6 @@ "source.ip": "127.0.0.1", "url.original": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -541,7 +530,6 @@ "source.ip": "127.0.0.1", "url.original": "/taga", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/nginx/access/test/test-with-host.log-expected.json b/filebeat/module/nginx/access/test/test-with-host.log-expected.json index 3681593b21f5..21c88bfd6b2e 100644 --- a/filebeat/module/nginx/access/test/test-with-host.log-expected.json +++ b/filebeat/module/nginx/access/test/test-with-host.log-expected.json @@ -33,7 +33,6 @@ "source.ip": "10.0.0.2", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -73,7 +72,6 @@ "source.ip": "172.17.0.1", "url.original": "/stringpatch", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -114,18 +112,14 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -165,18 +159,14 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -218,19 +208,18 @@ "service.type": "nginx", "source.address": "199.96.1.1", "source.as.number": 19065, - "source.as.organization.name": "Levi, Ray & Shoup, Inc.", + "source.as.organization.name": "LRS", "source.geo.city_name": "Springfield", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 39.7647, - "source.geo.location.lon": -89.7379, + "source.geo.location.lat": 39.7542, + "source.geo.location.lon": -89.5731, "source.geo.region_iso_code": "US-IL", "source.geo.region_name": "Illinois", "source.ip": "199.96.1.1", "url.original": "/assets/xxxx?q=100", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Amazon CloudFront" }, @@ -266,15 +255,19 @@ ], "service.type": "nginx", "source.address": "2a03:0000:10ff:f00f:0000:0000:0:8000", + "source.as.number": 204094, + "source.as.organization.name": "Web Solutions, Lda", + "source.geo.city_name": "Lisbon", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PT", "source.geo.country_name": "Portugal", - "source.geo.location.lat": 39.5, - "source.geo.location.lon": -8.0, + "source.geo.location.lat": 38.731, + "source.geo.location.lon": -9.1373, + "source.geo.region_iso_code": "PT-11", + "source.geo.region_name": "Lisbon", "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "url.original": "/test.html", "user_agent.device.name": "Spider", - "user_agent.device.type": "Robot", "user_agent.name": "Facebot", "user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", "user_agent.version": "1.0" @@ -364,7 +357,6 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -401,7 +393,6 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index 2f5e1a7f9cc3..e564a5c67adc 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -32,7 +32,6 @@ "source.ip": "10.0.0.2", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -71,7 +70,6 @@ "source.ip": "172.17.0.1", "url.original": "/stringpatch", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -111,18 +109,14 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -160,18 +154,14 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -211,19 +201,18 @@ "service.type": "nginx", "source.address": "199.96.1.1", "source.as.number": 19065, - "source.as.organization.name": "Levi, Ray & Shoup, Inc.", + "source.as.organization.name": "LRS", "source.geo.city_name": "Springfield", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", "source.geo.country_name": "United States", - "source.geo.location.lat": 39.7647, - "source.geo.location.lon": -89.7379, + "source.geo.location.lat": 39.7542, + "source.geo.location.lon": -89.5731, "source.geo.region_iso_code": "US-IL", "source.geo.region_name": "Illinois", "source.ip": "199.96.1.1", "url.original": "/assets/xxxx?q=100", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Amazon CloudFront" }, @@ -257,15 +246,19 @@ ], "service.type": "nginx", "source.address": "2a03:0000:10ff:f00f:0000:0000:0:8000", + "source.as.number": 204094, + "source.as.organization.name": "Web Solutions, Lda", + "source.geo.city_name": "Lisbon", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PT", "source.geo.country_name": "Portugal", - "source.geo.location.lat": 39.5, - "source.geo.location.lon": -8.0, + "source.geo.location.lat": 38.731, + "source.geo.location.lon": -9.1373, + "source.geo.region_iso_code": "PT-11", + "source.geo.region_name": "Lisbon", "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "url.original": "/test.html", "user_agent.device.name": "Spider", - "user_agent.device.type": "Robot", "user_agent.name": "Facebot", "user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", "user_agent.version": "1.0" @@ -346,7 +339,6 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -382,7 +374,6 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", diff --git a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json index 02e205d81c39..c9cbfb36b7fd 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json +++ b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json @@ -53,7 +53,6 @@ "source.ip": "192.168.64.1", "url.original": "/products", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -112,7 +111,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -171,7 +169,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -230,7 +227,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -363,7 +359,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Wget", "user_agent.original": "Wget/1.20.3 (darwin18.6.0)", "user_agent.version": "1.20.3" @@ -422,7 +417,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -485,7 +479,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -547,7 +540,6 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -610,7 +602,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -672,7 +663,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -735,7 +725,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -797,7 +786,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -859,7 +847,6 @@ "source.ip": "192.168.64.1", "url.original": "/", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -922,7 +909,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -984,7 +970,6 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -1047,7 +1032,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -1109,7 +1093,6 @@ "source.ip": "192.168.64.1", "url.original": "/products/42?address=delhi+technological+university", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "Python Requests", "user_agent.original": "python-requests/2.22.0", "user_agent.version": "2.22" @@ -1168,7 +1151,6 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1230,7 +1212,6 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1292,7 +1273,6 @@ "source.ip": "192.168.64.1", "url.original": "/v2/some", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1358,7 +1338,6 @@ "source.ip": "192.168.64.14", "url.original": "/v2/some", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json index d6319b0e82a1..385a50c40fee 100644 --- a/filebeat/module/system/auth/test/secure-rhel7.log-expected.json +++ b/filebeat/module/system/auth/test/secure-rhel7.log-expected.json @@ -30,14 +30,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1786, "system.auth.ssh.event": "Failed", @@ -96,14 +97,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1786, "system.auth.ssh.event": "Failed", @@ -162,14 +164,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1786, "system.auth.ssh.event": "Failed", @@ -296,14 +299,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3576, "system.auth.ssh.event": "Failed", @@ -362,14 +366,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3576, "system.auth.ssh.event": "Failed", @@ -428,14 +433,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3576, "system.auth.ssh.event": "Failed", @@ -494,14 +500,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3576, "system.auth.ssh.event": "Failed", @@ -560,14 +567,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3576, "system.auth.ssh.event": "Failed", @@ -732,14 +740,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1996, "system.auth.ssh.event": "Failed", @@ -802,10 +811,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 26714, "system.auth.ssh.event": "Failed", @@ -864,14 +871,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1996, "system.auth.ssh.event": "Failed", @@ -934,10 +942,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 26714, "system.auth.ssh.event": "Failed", @@ -996,14 +1002,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1996, "system.auth.ssh.event": "Failed", @@ -1066,10 +1073,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 26714, "system.auth.ssh.event": "Failed", @@ -1141,14 +1146,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1996, "system.auth.ssh.event": "Failed", @@ -1207,14 +1213,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1996, "system.auth.ssh.event": "Failed", @@ -1341,14 +1348,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1605, "system.auth.ssh.event": "Failed", @@ -1407,14 +1415,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1605, "system.auth.ssh.event": "Failed", @@ -1473,14 +1482,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1605, "system.auth.ssh.event": "Failed", @@ -1539,14 +1549,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1605, "system.auth.ssh.event": "Failed", @@ -1605,14 +1616,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1605, "system.auth.ssh.event": "Failed", @@ -1739,14 +1751,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1166, "system.auth.ssh.event": "Failed", @@ -1805,14 +1818,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1166, "system.auth.ssh.event": "Failed", @@ -1871,14 +1885,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1166, "system.auth.ssh.event": "Failed", @@ -1937,14 +1952,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1166, "system.auth.ssh.event": "Failed", @@ -2003,14 +2019,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1166, "system.auth.ssh.event": "Failed", @@ -2141,10 +2158,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 13996, "system.auth.ssh.event": "Failed", @@ -2207,10 +2222,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 13996, "system.auth.ssh.event": "Failed", @@ -2273,10 +2286,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.27", "source.port": 13996, "system.auth.ssh.event": "Failed", @@ -2386,14 +2397,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3300, "system.auth.ssh.event": "Failed", @@ -2452,14 +2464,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3300, "system.auth.ssh.event": "Failed", @@ -2518,14 +2531,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3300, "system.auth.ssh.event": "Failed", @@ -2584,14 +2598,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3300, "system.auth.ssh.event": "Failed", @@ -2650,14 +2665,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 3300, "system.auth.ssh.event": "Failed", @@ -2784,14 +2800,15 @@ ], "service.type": "system", "source.as.number": 4134, - "source.as.organization.name": "No.31,Jin-rong Street", + "source.as.organization.name": "Chinanet", + "source.geo.city_name": "Zhangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 28.55, - "source.geo.location.lon": 115.9333, - "source.geo.region_iso_code": "CN-JX", - "source.geo.region_name": "Jiangxi", + "source.geo.location.lat": 24.5133, + "source.geo.location.lon": 117.6556, + "source.geo.region_iso_code": "CN-FJ", + "source.geo.region_name": "Fujian", "source.ip": "202.109.143.106", "source.port": 1347, "system.auth.ssh.event": "Failed", diff --git a/filebeat/module/system/auth/test/test.log-expected.json b/filebeat/module/system/auth/test/test.log-expected.json index 25f2b8608b5b..c0feb2e51a1a 100644 --- a/filebeat/module/system/auth/test/test.log-expected.json +++ b/filebeat/module/system/auth/test/test.log-expected.json @@ -143,10 +143,8 @@ "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 23.1167, - "source.geo.location.lon": 113.25, - "source.geo.region_iso_code": "CN-GD", - "source.geo.region_name": "Guangdong", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "116.31.116.24", "source.port": 29160, "system.auth.ssh.event": "Failed", @@ -198,14 +196,11 @@ "service.type": "system", "source.as.number": 37963, "source.as.organization.name": "Hangzhou Alibaba Advertising Co.,Ltd.", - "source.geo.city_name": "Hangzhou", "source.geo.continent_name": "Asia", "source.geo.country_iso_code": "CN", "source.geo.country_name": "China", - "source.geo.location.lat": 30.294, - "source.geo.location.lon": 120.1619, - "source.geo.region_iso_code": "CN-ZJ", - "source.geo.region_name": "Zhejiang", + "source.geo.location.lat": 34.7732, + "source.geo.location.lon": 113.722, "source.ip": "123.57.245.163", "system.auth.ssh.dropped_ip": "123.57.245.163" }, diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 38a386e65030..6db6f1c5d6d2 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -33,7 +33,6 @@ "url.original": "/ui/favicons/favicon-16x16.png", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "user_agent.os.name": "Linux", @@ -67,14 +66,11 @@ "source.address": "85.181.35.98", "source.as.number": 6805, "source.as.organization.name": "Telefonica Germany", - "source.geo.city_name": "Berlin", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "DE", "source.geo.country_name": "Germany", - "source.geo.location.lat": 52.4473, - "source.geo.location.lon": 13.4531, - "source.geo.region_iso_code": "DE-BE", - "source.geo.region_name": "Land Berlin", + "source.geo.location.lat": 51.2993, + "source.geo.location.lon": 9.491, "source.ip": "85.181.35.98", "traefik.access.backend_url": "http://172.19.0.3:5601", "traefik.access.frontend_name": "Host-host1", @@ -83,7 +79,6 @@ "url.original": "/ui/favicons/favicon.ico", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "user_agent.os.name": "Linux", @@ -115,13 +110,13 @@ "service.type": "traefik", "source.address": "70.29.80.15", "source.as.number": 577, - "source.as.organization.name": "Bell Canada", - "source.geo.city_name": "Ottawa", + "source.as.organization.name": "BACOM", + "source.geo.city_name": "Stoney Creek", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "CA", "source.geo.country_name": "Canada", - "source.geo.location.lat": 45.2691, - "source.geo.location.lon": -75.7518, + "source.geo.location.lat": 43.1854, + "source.geo.location.lon": -79.7139, "source.geo.region_iso_code": "CA-ON", "source.geo.region_name": "Ontario", "source.ip": "70.29.80.15", @@ -132,7 +127,6 @@ "url.original": "/en/", "user.name": "-", "user_agent.device.name": "iPhone", - "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D60 Safari/604.1", "user_agent.os.full": "iOS 11.2.5", @@ -174,7 +168,6 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Other", - "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.62.0", "user_agent.version": "7.62.0" @@ -210,8 +203,8 @@ "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 52.25, - "source.geo.location.lon": 21.0, + "source.geo.location.lat": 52.2484, + "source.geo.location.lon": 21.0026, "source.geo.region_iso_code": "PL-14", "source.geo.region_name": "Mazovia", "source.ip": "94.254.131.115", @@ -222,7 +215,6 @@ "url.original": "/assets/52f8f2e711d235d76044799e/owners?oauth_token=ya29.GltABOXd_gtG-XVvYX2YhxXJiXVvbHRMXn9fbzc_mDfl2rDhqK0CrAlwuwwRWnNnEaMDwkmyI7-QGbRSB0Hzje2cc__FjTQ1iuiYTSIBaIPfxSWip5jx6zqvsVVo", "user.name": "-", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Phone", "user_agent.name": "Other", "user_agent.original": "Android", "user_agent.os.name": "Android" @@ -254,14 +246,14 @@ "source.address": "89.64.35.193", "source.as.number": 6830, "source.as.organization.name": "Liberty Global B.V.", - "source.geo.city_name": "Gda\u0144sk", + "source.geo.city_name": "Ruda \u015al\u0105ska", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "PL", "source.geo.country_name": "Poland", - "source.geo.location.lat": 54.3605, - "source.geo.location.lon": 18.649, - "source.geo.region_iso_code": "PL-22", - "source.geo.region_name": "Pomerania", + "source.geo.location.lat": 50.2699, + "source.geo.location.lon": 18.8925, + "source.geo.region_iso_code": "PL-24", + "source.geo.region_name": "Silesia", "source.ip": "89.64.35.193", "traefik.access.backend_url": "http://172.25.0.6:4140", "traefik.access.frontend_name": "Host-api-wearerealitygames-com-2", @@ -270,7 +262,6 @@ "url.original": "/marketplace/tax?oauth_token=ya29.Gl0fBWnrJ7DcEU-tN-O3Vxn2XZVaz2I-hFTjP1JQzhYFVT-SKtlmo9hSzrx3n82LUwUxJ1s5lmU8U3Mc9gA_aCxBk49ShYEwvmYOWxJJyldDIJ7hY4us4LoiSY1OqAM", "user.name": "-", "user_agent.device.name": "Generic Smartphone", - "user_agent.device.type": "Phone", "user_agent.name": "Other", "user_agent.original": "Android", "user_agent.os.name": "Android" From 73f20bb3d33ced762cde8c083f1ea8b6c75ee416 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Mon, 19 Apr 2021 18:59:10 +0200 Subject: [PATCH 3/3] Regenerate okta --- .../system/test/okta-system-test.json.log-expected.json | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json index 794b2385a37e..1a4b7dc80fcd 100644 --- a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json +++ b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -57,7 +57,7 @@ ], "service.type": "okta", "source.as.number": 7018, - "source.as.organization.name": "AT&T Services, Inc.", + "source.as.organization.name": "ATT-INTERNET4", "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -74,7 +74,6 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15", @@ -141,7 +140,7 @@ ], "service.type": "okta", "source.as.number": 7018, - "source.as.organization.name": "AT&T Services, Inc.", + "source.as.organization.name": "ATT-INTERNET4", "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -158,7 +157,6 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15", @@ -238,7 +236,7 @@ ], "service.type": "okta", "source.as.number": 7018, - "source.as.organization.name": "AT&T Services, Inc.", + "source.as.organization.name": "ATT-INTERNET4", "source.geo.city_name": "Dublin", "source.geo.continent_name": "North America", "source.geo.country_iso_code": "US", @@ -255,7 +253,6 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", - "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15",