diff --git a/packages/gigamon/changelog.yml b/packages/gigamon/changelog.yml index c2e5d099f17..5e335c654e2 100644 --- a/packages/gigamon/changelog.yml +++ b/packages/gigamon/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Mapped Gigamon Metadata attributes to ECS fields + type: enhancement + link: https://github.com/elastic/integrations/pull/14665 - version: "1.7.0" changes: - description: Added child dashboards for ZT. diff --git a/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json b/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json index 48937b9bcba..d6367ac59f5 100644 --- a/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json +++ b/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json @@ -1044,6 +1044,8 @@ "dns_qdcount": "4", "dns_transaction_id": "0", "dns_name": "3.a.2.3.7.1.5.5.e.2.1.6.e.4.7.e.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "dns_message_type": "QUERY", + "dns_tunneling": "1", "dns_host": "pnstrex-83631.local", "dns_host_addr": "10.114.82.162", "dns_host_type": "PTR", @@ -1081,7 +1083,7 @@ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", "dst_mac": "0c:c4:7a:f8:0d:c4", "src_mac": "00:50:56:9f:7f:ff", - "src_ip": "10.115.83.4", + "src_ip": "89.160.20.112", "dst_ip": "10.115.81.118", "protocol": "6", "src_port": "50694", @@ -1099,6 +1101,22 @@ "egress_intf_id": "0", "sys_up_time_first": "1890478091", "sys_up_time_last": "2158913547", + "http_rtt": "2", + "http_server": "g-pixel.invitemedia.com", + "http_referer": "http:\\/\\/pixel.invitemedia.com\\/data_sync?partner_id=419", + "http_uri": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "http_uri_path": "\\/BurstingPipe\\/adServer.bs", + "http_host": "bs.serving-sys.com", + "http_uri_raw": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "http_set_cookie": "S_6283423=1070476434893147863", + "http_server_agent": "Jetty(7.3.1.v20110307)", + "http_code": "200", + "http_content_encoding": "gzip", + "http_content_type": "image\\/gif", + "http_method": "GET", + "http_version": "1.1", + "http_user_agent": "Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit\\/534.57.2 (KHTML, like Gecko) Version\\/5.1.7 Safari\\/534.57.2", + "http_file_type": "GIF (v89a)", "end_reason": "1", "app_name": "https", "id": "679408454713104391", @@ -2081,6 +2099,8 @@ "dst_packets": "3", "start_time": "2023:12:13 15:25:36.669", "end_time": "2023:12:13 15:25:38.253", + "flow_start_sec": "2023:12:13 15:25:21", + "flow_end_sec": "2023:12:13 15:25:40", "intf_name": "0", "egress_intf_id": "0", "sys_up_time_first": "1624860683", @@ -2097,10 +2117,18 @@ "vendor": "Gigamon", "version": "6.5.00", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", - "dns_qdcount": "0", - "dns_ancount": "27", - "dns_transaction_id": "0", - "dns_name": "sys" + "smb_version": "1", + "smb_command_string": "negotiate", + "smb_path": "\\/\\/11.1.0.37:445\\/sharefile", + "smb_host": "user1", + "smb_filename": "testfile", + "app_id": "3855", + "tcp_flags": "0", + "src_bytes": "1036", + "dst_bytes": "0", + "src_packets": "4", + "dst_packets": "0", + "app_name": "mailslot" } }, { @@ -2117,7 +2145,16 @@ "src_port": "41529", "dst_port": "9080", "device_inbound_interface": "0", - "ssl_cipher_suite_id": "49200", + "ssl_common_name": "*.zoom.us", + "ssl_issuer": "Go Daddy Secure Certificate Authority - G2", + "ssl_cipher_suite_id": "49199", + "ssl_protocol_version": "771", + "ssl_certificate_subject_cn": "*.zoom.us", + "ssl_ext_sig_algorithm_scheme": "1537", + "ssl_ext_sig_algorithm_hash": "6", + "ssl_ext_sig_algorithm_sig": "1", + "ssl_validity_not_before": "2025-05-26 04:32:14", + "ssl_validity_not_after": "2026-05-26 04:32:14", "app_id": "4962", "ip_version": "4", "src_bytes": "1533", @@ -2142,12 +2179,14 @@ "vendor": "Gigamon", "version": "6.5.00", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", - "dns_qdcount": "1", - "dns_ancount": "30", - "dns_transaction_id": "0", - "dns_name": "_tms_cluster._tcp.local", - "dns_host": "duo-test-cluster._tms_cluster._tcp.local", - "dns_host_type": "PTR" + "tcp_loss_count": "1380", + "tcp_rtt": "0.000015", + "tcp_rtt_app": "0.000026", + "tcp_retransmission_bytes": "155", + "tcp_flag_reset": "1", + "tcp_wrong_crc": "4296", + "ip_wrong_crc": "5199", + "app_id": "15" } }, { @@ -2156,11 +2195,8 @@ "vendor": "Gigamon", "version": "6.5.00", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", - "dns_qdcount": "2", - "dns_ancount": "40", - "dns_transaction_id": "0", - "dns_name": "_tcn_Suki-Cluster._tcp.local", - "dns_host": "eqaHCT._tms" + "snmp_version": "2c", + "app_id": "190" } }, { diff --git a/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json-expected.json b/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json-expected.json index b62f3f601ad..dc1c1418e48 100644 --- a/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json-expected.json +++ b/packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json-expected.json @@ -2,15 +2,41 @@ "expected": [ { "@timestamp": "2023-12-13T15:25:25.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:11.181Z", + "id": "679408454713072647", + "kind": "event", + "start": "2023-12-13T15:25:11.181Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -56,21 +82,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.101" + ], + "name": "pnstrex-83816.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.101", + "mac": "00-50-56-8D-89-41", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:26.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 4499 + }, + "question": { + "name": "HCT_6011-181e00a30af6._tcn_eqaHCT._tcp.local", + "registered_domain": "_tcn_eqaHCT._tcp.local", + "type": "TXT" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:11.789Z", + "id": "679408454713073671", + "kind": "event", + "start": "2023-12-13T15:25:10.797Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_ancount": 4, @@ -116,21 +186,62 @@ "version": "6.5.00" } }, + "host": { + "name": "HCT_6011-181e00a30af6._tcn_eqaHCT._tcp.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 324, + "ip": "10.115.80.208", + "mac": "00-1D-AC-45-34-00", + "packets": 2, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:27.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "229.85.115.10.in-addr.arpa", + "registered_domain": "b.d.2.6.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:12.781Z", + "id": "679408454713074695", + "kind": "event", + "start": "2023-12-13T15:25:12.781Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -176,17 +287,51 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.229" + ], + "name": "linux-49197.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.229", + "mac": "00-50-56-94-62-DB", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:27.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "systest-virtual-machine-557152.local" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 3.4123791E9, + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -208,17 +353,35 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.167" + ], + "name": "systest-virtual-machine-557152.local", + "type": "A" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:27.000Z", + "dns": { + "question": { + "registered_domain": "_" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -238,11 +401,22 @@ }, { "@timestamp": "2023-12-13T15:25:28.000Z", + "dns": { + "question": { + "registered_domain": "systest-virtual-machine-552999.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -262,11 +436,22 @@ }, { "@timestamp": "2023-12-13T15:25:28.000Z", + "dns": { + "question": { + "registered_domain": "_tcn_ABCD99995._tcp.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -282,21 +467,51 @@ "version": "6.5.00" } }, + "host": { + "name": "gigamon_8b6c6e-3513b246ab72._tcn_ABCD99995._tcp.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:29.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "224.85.115.10.in-addr.arpa", + "registered_domain": "7.2.2.7.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:15.037Z", + "id": "679408454713079815", + "kind": "event", + "start": "2023-12-13T15:25:15.037Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -342,21 +557,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.224" + ], + "name": "linux-69816.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.224", + "mac": "00-50-56-94-72-27", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:30.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.4.f.0.1.0.d.e.7.9.c.d.f.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "0.7.1.8.d.2.7.5.f.d.5.3.8.6.c.6.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:15.901Z", + "id": "679408454713080839", + "kind": "event", + "start": "2023-12-13T15:25:15.901Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -402,21 +661,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.167" + ], + "name": "pnstrex-85507.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.167", + "mac": "00-50-56-8D-D8-F7", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:30.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "2.7.8.c.f.f.6.2.a.5.8.1.2.3.4.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "3.d.9.2.5.4.0.b.9.1.8.8.2.1.0.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:15.917Z", + "id": "679408454713081863", + "kind": "event", + "start": "2023-12-13T15:25:15.917Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -462,21 +765,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.83.205" + ], + "name": "pnstrex-61351.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 335, + "ip": "10.114.83.205", + "mac": "00-50-56-9C-74-4E", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:31.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "219.85.115.10.in-addr.arpa", + "registered_domain": "8.c.4.d.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:17.229Z", + "id": "679408454713082887", + "kind": "event", + "start": "2023-12-13T15:25:17.229Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -522,21 +869,55 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.219" + ], + "name": "linux-52270.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.219", + "mac": "00-50-56-94-D4-C8", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:33.000Z", + "destination": { + "bytes": 0, + "ip": "10.115.83.43", + "mac": "00-50-56-9D-D1-FF", + "packets": 0, + "port": 514 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:31.645Z", + "id": "679408454713083911", + "kind": "event", + "start": "2023-12-13T15:24:33.549Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4979, + "app_id": "4979", "app_name": "Unknown udp", "device_inbound_interface": "0", "dst_bytes": 0, @@ -567,17 +948,44 @@ "version": "6.5.00" } }, + "service": { + "id": "4979", + "type": "Unknown udp" + }, + "source": { + "bytes": 837334, + "ip": "10.115.83.37", + "mac": "00-50-56-B7-E4-A1", + "packets": 629, + "port": 23384 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:35.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "systest-virtual-machine-552428.local" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 3.520447E9, + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -599,21 +1007,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.155" + ], + "name": "systest-virtual-machine-552428.local", + "type": "A" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:35.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:20.509Z", + "id": "679408454713085959", + "kind": "event", + "start": "2023-12-13T15:25:20.509Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -659,17 +1100,49 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.168" + ], + "name": "systest-virtual-machine-560412.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.168", + "mac": "00-50-56-86-1F-D9", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:35.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -691,21 +1164,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.154" + ], + "name": "systest-virtual-machine-627950.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:36.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:21.661Z", + "id": "679408454713088007", + "kind": "event", + "start": "2023-12-13T15:25:21.661Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -751,21 +1257,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.162" + ], + "name": "systest-virtual-machine-561372.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.162", + "mac": "00-50-56-86-24-0A", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:36.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "220.85.115.10.in-addr.arpa", + "registered_domain": "9.7.c.d.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:21.469Z", + "id": "679408454713089031", + "kind": "event", + "start": "2023-12-13T15:25:21.469Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -811,21 +1361,55 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.220" + ], + "name": "linux-76620.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.220", + "mac": "00-50-56-94-DC-79", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:36.000Z", + "destination": { + "bytes": 28400, + "ip": "10.115.83.73", + "mac": "00-50-56-B7-A1-53", + "packets": 197, + "port": 22 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:36.605Z", + "id": "679408454713090055", + "kind": "event", + "start": "2023-12-13T15:24:37.341Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4968, + "app_id": "4968", "app_name": "Unknown tcp", "device_inbound_interface": "0", "dst_bytes": 28400, @@ -856,21 +1440,58 @@ "version": "6.5.00" } }, + "service": { + "id": "4968", + "type": "Unknown tcp" + }, + "source": { + "bytes": 18808, + "ip": "10.70.70.164", + "mac": "5C-31-92-40-19-7F", + "packets": 223, + "port": 50425 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:24:49.629Z", + "id": "679408454713091079", + "kind": "event", + "start": "2023-12-13T15:24:49.629Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -916,21 +1537,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.172" + ], + "name": "systest-virtual-machine-611134.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.172", + "mac": "00-50-56-86-62-5F", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "221.85.115.10.in-addr.arpa", + "registered_domain": "0.c.b.3.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:01.501Z", + "id": "679408454713092103", + "kind": "event", + "start": "2023-12-13T15:24:41.469Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -976,21 +1641,61 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.221" + ], + "name": "linux-68644.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 510, + "ip": "10.115.85.221", + "mac": "00-50-56-94-3B-C0", + "packets": 2, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "question": { + "name": "_ipps._tcp.local", + "type": "PTR" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:18.861Z", + "id": "679408454713093127", + "kind": "event", + "start": "2023-12-13T15:25:18.861Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1029,21 +1734,53 @@ "version": "6.5.00" } }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 87, + "ip": "10.114.83.61", + "mac": "00-50-56-8D-FA-3E", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "destination": { + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "75.83.114.10.in-addr.arpa", + "registered_domain": "2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.1.a.0.2.4.4.3.2.1.3.6.1.2. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "device_inbound_interface": "0", "dns_class": "1", "dns_flags": "0", @@ -1075,17 +1812,47 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.83.75" + ], + "name": "tg-91532.local", + "type": "PTR" + }, + "service": { + "id": "32" + }, + "source": { + "bytes": 753, + "ip": "10.114.83.75", + "mac": "00-50-56-8D-6A-4B", + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -1102,17 +1869,38 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.159" + ], + "name": "systest-virtual-machine-560195.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:37.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "b.2.f.f.8.f.c.5.9.2.d.c.a.4.7.d.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -1133,21 +1921,44 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.151" + ], + "name": "systest-virtual-machine-584015.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "255.255.255.255", + "mac": "FF-FF-FF-FF-FF-FF", + "packets": 0, + "port": 67 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:26.285Z", + "id": "679408454713097223", + "kind": "event", + "start": "2023-12-13T15:24:58.717Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 29, + "app_id": "29", "app_name": "dhcp", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1178,21 +1989,48 @@ "version": "6.5.00" } }, + "service": { + "id": "29", + "type": "dhcp" + }, + "source": { + "bytes": 1400, + "ip": "0.0.0.0", + "mac": "00-50-56-99-05-DF", + "packets": 4, + "port": 68 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 0, + "port": 902 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:07.085Z", + "id": "679408454713098247", + "kind": "event", + "start": "2023-12-13T15:25:07.085Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 3902, + "app_id": "3902", "app_name": "vmware-client", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1223,21 +2061,48 @@ "version": "6.5.00" } }, + "service": { + "id": "3902", + "type": "vmware-client" + }, + "source": { + "bytes": 377, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 1, + "port": 43366 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 0, + "port": 902 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:17.085Z", + "id": "679408454713099271", + "kind": "event", + "start": "2023-12-13T15:25:17.085Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 3902, + "app_id": "3902", "app_name": "vmware-client", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1268,21 +2133,53 @@ "version": "6.5.00" } }, + "service": { + "id": "3902", + "type": "vmware-client" + }, + "source": { + "bytes": 377, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 1, + "port": 30490 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "6.7.e.b.f.9.e.f.c.6.7.b.f.4.5.6.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "d.5.8.e.b.0.0.d.e.d.b.f.f.5.a.8.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "device_inbound_interface": "0", "dns_class": "1", "dns_flags": "0", @@ -1314,21 +2211,53 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.166" + ], + "name": "pnstrex-85535.local", + "type": "PTR" + }, + "service": { + "id": "32" + }, + "source": { + "bytes": 674, + "ip": "10.114.82.166", + "mac": "00-50-56-9C-B2-DF", + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "239.255.255.250", + "mac": "01-00-5E-7F-FF-FA", + "packets": 0, + "port": 1900 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:25.437Z", + "id": "679408454713101319", + "kind": "event", + "start": "2023-12-13T15:25:22.429Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 3414, + "app_id": "3414", "app_name": "upnp", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1359,21 +2288,58 @@ "version": "6.5.00" } }, + "service": { + "id": "3414", + "type": "upnp" + }, + "source": { + "bytes": 868, + "ip": "10.115.83.20", + "mac": "00-50-56-B7-96-08", + "packets": 4, + "port": 49882 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:23.757Z", + "id": "679408454713102343", + "kind": "event", + "start": "2023-12-13T15:25:23.757Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1419,21 +2385,66 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.171" + ], + "name": "systest-virtual-machine-627875.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.171", + "mac": "00-50-56-86-09-CC", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "8.3.5.1.c.a.c.b.d.3.2.5.9.0.f.3.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "3.a.2.3.7.1.5.5.e.2.1.6.e.4.7.e.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + }, + "type": "QUERY" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:24.013Z", + "id": "679408454713103367", + "kind": "event", + "start": "2023-12-13T15:25:24.013Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1443,6 +2454,7 @@ "dns_host_class": "1", "dns_host_raw": "706e73747265782d38333633312e6c6f63616c", "dns_host_type": "PTR", + "dns_message_type": "QUERY", "dns_name": "3.a.2.3.7.1.5.5.e.2.1.6.e.4.7.e.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", "dns_opcode": "0", "dns_qdcount": 4, @@ -1451,6 +2463,7 @@ "dns_query_type_value": "*", "dns_transaction_id": 0, "dns_ttl": 120, + "dns_tunneling": "1", "dst_bytes": 0, "dst_ip": "224.0.0.251", "dst_mac": "01:00:5e:00:00:fb", @@ -1479,21 +2492,59 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.162" + ], + "name": "pnstrex-83631.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.162", + "mac": "00-50-56-8D-32-1A", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 388, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 1, + "port": 443 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 2.0E9, + "end": "2023-12-13T15:25:25.693Z", + "id": "679408454713104391", + "kind": "event", + "start": "2023-12-13T15:25:25.677Z", + "type": [ + "info" + ] + }, + "file": { + "extension": "GIF (v89a)" }, "gigamon": { "ami": { - "app_id": 68, + "app_id": "68", "app_name": "https", "device_inbound_interface": "0", "dst_bytes": 388, @@ -1506,6 +2557,22 @@ "end_reason_value": "Idle Timeout", "end_time": "2023-12-13T15:25:25.693Z", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", + "http_code": 200, + "http_content_encoding": "gzip", + "http_content_type": "image\\/gif", + "http_file_type": "GIF (v89a)", + "http_host": "bs.serving-sys.com", + "http_method": "GET", + "http_referer": "http:\\/\\/pixel.invitemedia.com\\/data_sync?partner_id=419", + "http_rtt": 2.0, + "http_server": "g-pixel.invitemedia.com", + "http_server_agent": "Jetty(7.3.1.v20110307)", + "http_set_cookie": "S_6283423=1070476434893147863", + "http_uri": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "http_uri_path": "\\/BurstingPipe\\/adServer.bs", + "http_uri_raw": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "http_user_agent": "Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit\\/534.57.2 (KHTML, like Gecko) Version\\/5.1.7 Safari\\/534.57.2", + "http_version": "1.1", "id": "679408454713104391", "intf_name": "0", "ip_version": "4", @@ -1524,21 +2591,90 @@ "version": "6.5.00" } }, + "host": { + "name": "bs.serving-sys.com" + }, + "http": { + "request": { + "method": "GET", + "referrer": "http:\\/\\/pixel.invitemedia.com\\/data_sync?partner_id=419" + }, + "response": { + "status_code": 200 + }, + "version": "1.1" + }, + "server": { + "domain": "g-pixel.invitemedia.com" + }, + "service": { + "id": "68", + "type": "https" + }, + "source": { + "as": { + "number": 29518, + "organization": { + "name": "Bredband2 AB" + } + }, + "bytes": 399, + "geo": { + "city_name": "Linköping", + "continent_name": "Europe", + "country_iso_code": "SE", + "country_name": "Sweden", + "location": { + "lat": 58.4167, + "lon": 15.6167 + }, + "region_iso_code": "SE-E", + "region_name": "Östergötland County" + }, + "ip": "89.160.20.112", + "mac": "00-50-56-9F-7F-FF", + "packets": 2, + "port": 50694 + }, "tags": [ "preserve_original_event" - ] + ], + "url": { + "full": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "original": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999", + "path": "\\/BurstingPipe\\/adServer.bs" + }, + "user_agent": { + "original": "Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit\\/534.57.2 (KHTML, like Gecko) Version\\/5.1.7 Safari\\/534.57.2" + } }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 2335, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 8, + "port": 9080 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:25.837Z", + "id": "679408454713105415", + "kind": "event", + "start": "2023-12-13T15:25:25.837Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4962, + "app_id": "4962", "app_name": "Unknown ssl", "device_inbound_interface": "0", "dst_bytes": 2335, @@ -1571,21 +2707,61 @@ "version": "6.5.00" } }, + "service": { + "id": "4962", + "type": "Unknown ssl" + }, + "source": { + "bytes": 1533, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 11, + "port": 60117 + }, "tags": [ "preserve_original_event" - ] + ], + "tls": { + "cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + } }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "17.82.114.10.in-addr.arpa", + "registered_domain": "2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.1.a.0.2.4.4.3.2.1.3.6.1.2. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:25.693Z", + "id": "679408454713106439", + "kind": "event", + "start": "2023-12-13T15:25:25.693Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1631,21 +2807,64 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.17" + ], + "name": "tg-92794.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 251, + "ip": "10.114.82.17", + "mac": "00-50-56-8D-26-CE", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:40.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.0.0.1.a.0.2.4.4.3.2.1.3.6.1.2. ip6.arpa" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:25.693Z", + "id": "679408454713107463", + "kind": "event", + "start": "2023-12-13T15:24:40.637Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_ancount": 6, @@ -1688,21 +2907,52 @@ "version": "6.5.00" } }, + "host": { + "name": "tg-92967.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 924, + "ip": "10.114.83.110", + "mac": "00-50-56-99-D1-39", + "packets": 6, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:23:59.000Z", + "destination": { + "bytes": 0, + "ip": "255.255.255.255", + "mac": "FF-FF-FF-FF-FF-FF", + "packets": 0, + "port": 67 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:23:44.910Z", + "id": "113836049853586439", + "kind": "event", + "start": "2023-12-13T15:23:17.354Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 29, + "app_id": "29", "app_name": "dhcp", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1733,21 +2983,48 @@ "version": "6.5.00" } }, + "service": { + "id": "29", + "type": "dhcp" + }, + "source": { + "bytes": 1400, + "ip": "0.0.0.0", + "mac": "00-50-56-99-05-DF", + "packets": 4, + "port": 68 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:41.000Z", + "destination": { + "bytes": 0, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 0, + "port": 902 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:27.101Z", + "id": "679408454713108487", + "kind": "event", + "start": "2023-12-13T15:25:27.101Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 3902, + "app_id": "3902", "app_name": "vmware-client", "device_inbound_interface": "0", "dst_bytes": 0, @@ -1778,17 +3055,39 @@ "version": "6.5.00" } }, + "service": { + "id": "3902", + "type": "vmware-client" + }, + "source": { + "bytes": 377, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 1, + "port": 15536 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:41.000Z", + "dns": { + "question": { + "registered_domain": "systest-virtual" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -1808,11 +3107,27 @@ }, { "@timestamp": "2023-12-13T15:25:41.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "systest-virtual-machine-110438.local" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 3.289977E9, + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -1834,17 +3149,38 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.157" + ], + "name": "systest-virtual-machine-110438.local", + "type": "AAAA" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:43.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -1861,21 +3197,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.173" + ], + "name": "systest-virtual-machine-616359.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:44.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "227.85.115.10.in-addr.arpa", + "registered_domain": "0.a.d.2.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:29.565Z", + "id": "679408454713112583", + "kind": "event", + "start": "2023-12-13T15:25:29.565Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1921,21 +3290,65 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.227" + ], + "name": "linux-59500.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.227", + "mac": "00-50-56-94-2D-A0", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:44.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:29.725Z", + "id": "679408454713113607", + "kind": "event", + "start": "2023-12-13T15:25:29.725Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -1981,21 +3394,55 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.163" + ], + "name": "systest-virtual-machine-559605.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.163", + "mac": "00-50-56-86-3D-DA", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:44.000Z", + "destination": { + "bytes": 2985, + "ip": "10.115.83.36", + "mac": "00-50-56-B7-4D-72", + "packets": 9, + "port": 8889 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:24:55.053Z", + "id": "679408454713114631", + "kind": "event", + "start": "2023-12-13T15:24:45.037Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4962, + "app_id": "4962", "app_name": "Unknown ssl", "device_inbound_interface": "0", "dst_bytes": 2985, @@ -2028,21 +3475,61 @@ "version": "6.5.00" } }, + "service": { + "id": "4962", + "type": "Unknown ssl" + }, + "source": { + "bytes": 2019, + "ip": "10.115.83.15", + "mac": "00-50-56-9F-ED-DC", + "packets": 12, + "port": 39252 + }, "tags": [ "preserve_original_event" - ] + ], + "tls": { + "cipher": "TLS_AES_256_GCM_SHA384" + } }, { "@timestamp": "2023-12-13T15:25:45.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:31.149Z", + "id": "679408454713115655", + "kind": "event", + "start": "2023-12-13T15:25:31.149Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2088,21 +3575,67 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.101" + ], + "name": "pnstrex-83817.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.101", + "mac": "00-50-56-8D-89-41", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:45.000Z", + "destination": { + "bytes": 85, + "ip": "10.115.83.36", + "mac": "5C-31-92-40-19-7F", + "packets": 1, + "port": 59004 + }, + "dns": { + "answers": { + "ttl": 3600 + }, + "question": { + "name": "43.83.115.10.in-addr.arpa", + "registered_domain": "115.10.in-addr.arpa", + "type": "PTR" + }, + "response_code": "Non-Existent Domain" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 1563000.0, + "end": "2023-12-13T15:25:30.653Z", + "id": "679408454713116679", + "kind": "event", + "start": "2023-12-13T15:25:30.637Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2151,21 +3684,57 @@ "version": "6.5.00" } }, + "host": { + "name": "hq1dc1.gigamon.com", + "type": "SOA" + }, + "related": { + "ip": [ + "10.115.83.43" + ] + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 169, + "ip": "10.10.1.20", + "mac": "00-50-56-B7-4D-72", + "packets": 1, + "port": 53 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:46.000Z", + "destination": { + "bytes": 59982, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 47, + "port": 443 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:31.837Z", + "id": "679408454713117703", + "kind": "event", + "start": "2023-12-13T15:24:47.085Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 68, + "app_id": "68", "app_name": "https", "device_inbound_interface": "0", "dst_bytes": 59982, @@ -2196,17 +3765,42 @@ "version": "6.5.00" } }, + "service": { + "id": "68", + "type": "https" + }, + "source": { + "bytes": 10482, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 52, + "port": 54892 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:46.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "f.1.2.3.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2227,17 +3821,35 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.228" + ], + "name": "linux-57522.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:47.000Z", + "dns": { + "question": { + "registered_domain": "systest-virtual-machine-549088.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2252,17 +3864,34 @@ "version": "6.5.00" } }, + "host": { + "name": "systest-vir" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:47.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "7.1.7.e.b.a.5.d.3.3.b.b.d.3.f.4.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2284,21 +3913,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.169" + ], + "name": "pnstrex-81458.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:47.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "229.85.115.10.in-addr.arpa", + "registered_domain": "b.d.2.6.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:32.669Z", + "id": "679408454713121799", + "kind": "event", + "start": "2023-12-13T15:25:32.669Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2344,17 +4006,46 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.229" + ], + "name": "linux-49198.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.229", + "mac": "00-50-56-94-62-DB", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:47.000Z", + "dns": { + "question": { + "registered_domain": "sys" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2374,11 +4065,27 @@ }, { "@timestamp": "2023-12-13T15:25:47.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "systest-virtual-machine-557153.local" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 3.5493742E9, + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2400,17 +4107,40 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.167" + ], + "name": "systest-virtual-machine-557153.local", + "type": "A" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:48.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "systest-virtual-machine-553001.local" + }, + "response_code": "No Error" + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "duration": 3.440722E9, + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2431,21 +4161,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.166" + ], + "name": "systest-virtual-machine-553001.local", + "type": "A" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:49.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "224.85.115.10.in-addr.arpa", + "registered_domain": "7.2.2.7.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:34.941Z", + "id": "679408454713125895", + "kind": "event", + "start": "2023-12-13T15:25:34.941Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2491,17 +4254,46 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.224" + ], + "name": "linux-69817.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.224", + "mac": "00-50-56-94-72-27", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:49.000Z", + "dns": { + "question": { + "registered_domain": "_tcn_eqaHCT._tcp.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2517,17 +4309,31 @@ "version": "6.5.00" } }, + "host": { + "name": "MyClust23._t" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:49.000Z", + "dns": { + "question": { + "registered_domain": "systest-virtual-machine-551405.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2547,15 +4353,31 @@ }, { "@timestamp": "2023-12-13T15:25:50.000Z", + "destination": { + "bytes": 2335, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 8, + "port": 9080 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:35.821Z", + "id": "679408454713128967", + "kind": "event", + "start": "2023-12-13T15:25:35.821Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4962, + "app_id": "4962", "app_name": "Unknown ssl", "device_inbound_interface": "0", "dst_bytes": 2335, @@ -2588,21 +4410,61 @@ "version": "6.5.00" } }, + "service": { + "id": "4962", + "type": "Unknown ssl" + }, + "source": { + "bytes": 1533, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 11, + "port": 60895 + }, "tags": [ "preserve_original_event" - ] + ], + "tls": { + "cipher": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" + } }, { "@timestamp": "2023-12-13T15:25:50.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.f.2.5.b.4.f.6.1.a.2.0.1.1.d.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:36.429Z", + "id": "679408454713129991", + "kind": "event", + "start": "2023-12-13T15:25:36.429Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2648,17 +4510,49 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.152" + ], + "name": "systest-virtual-machine-634804.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 434, + "ip": "10.115.84.152", + "mac": "00-50-56-86-47-92", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:50.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "d.6.6.9.b.6.2.9.a.8.3.1.8.4.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2675,21 +4569,54 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.84.170" + ], + "name": "systest-virtual-machine-560119.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:50.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "7.7.4.f.0.1.0.d.e.7.9.c.d.f.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "0.7.1.8.d.2.7.5.f.d.5.3.8.6.c.6.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:35.805Z", + "id": "679408454713132039", + "kind": "event", + "start": "2023-12-13T15:25:35.805Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2735,21 +4662,55 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.167" + ], + "name": "pnstrex-85508.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.167", + "mac": "00-50-56-8D-D8-F7", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:51.000Z", + "destination": { + "bytes": 0, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 0, + "port": 902 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:37.101Z", + "id": "679408454713133063", + "kind": "event", + "start": "2023-12-13T15:25:37.101Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 3902, + "app_id": "3902", "app_name": "vmware-client", "device_inbound_interface": "0", "dst_bytes": 0, @@ -2780,21 +4741,58 @@ "version": "6.5.00" } }, + "service": { + "id": "3902", + "type": "vmware-client" + }, + "source": { + "bytes": 377, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 1, + "port": 43599 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:51.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "219.85.115.10.in-addr.arpa", + "registered_domain": "8.c.4.d.4.9.e.f.f.f.6.5.0.5.2.0.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:37.149Z", + "id": "679408454713134087", + "kind": "event", + "start": "2023-12-13T15:25:37.149Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -2840,17 +4838,49 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.115.85.219" + ], + "name": "linux-52271.local", + "type": "PTR" + }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 255, + "ip": "10.115.85.219", + "mac": "00-50-56-94-D4-C8", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:51.000Z", + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "registered_domain": "3.d.9.2.5.4.0.b.9.1.8.8.2.1.0.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2872,17 +4902,35 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.83.205" + ], + "name": "pnstrex-61352.local", + "type": "PTR" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:52.000Z", + "dns": { + "question": { + "registered_domain": "systest-virtual-machine-613736.local" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { @@ -2897,21 +4945,40 @@ "version": "6.5.00" } }, + "host": { + "name": "systest-virtual-machine-613736.local" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:52.000Z", + "destination": { + "bytes": 286, + "ip": "10.115.83.73", + "mac": "00-50-56-B7-A1-53", + "packets": 3, + "port": 22 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:38.253Z", + "id": "679408454713137159", + "kind": "event", + "start": "2023-12-13T15:25:36.669Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4968, + "app_id": "4968", "app_name": "Unknown tcp", "device_inbound_interface": "0", "dst_bytes": 286, @@ -2923,6 +4990,8 @@ "end_reason": "1", "end_reason_value": "Idle Timeout", "end_time": "2023-12-13T15:25:38.253Z", + "flow_end_sec": "2023-12-13T15:25:40.000Z", + "flow_start_sec": "2023-12-13T15:25:21.000Z", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", "id": "679408454713137159", "intf_name": "0", @@ -2942,45 +5011,100 @@ "version": "6.5.00" } }, + "service": { + "id": "4968", + "type": "Unknown tcp" + }, + "source": { + "bytes": 518, + "ip": "10.70.70.164", + "mac": "5C-31-92-40-19-7F", + "packets": 7, + "port": 50425 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:52.000Z", + "destination": { + "bytes": 0, + "packets": 0 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "dns_ancount": 27, - "dns_name": "sys", - "dns_qdcount": 0, - "dns_transaction_id": 0, + "app_id": "3855", + "app_name": "mailslot", + "dst_bytes": 0, + "dst_packets": 0, "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", + "smb_command_string": "negotiate", + "smb_filename": "testfile", + "smb_host": "user1", + "smb_path": "\\/\\/11.1.0.37:445\\/sharefile", + "smb_version": "1", + "smb_version_value": "SMB-V1", + "src_bytes": 1036, + "src_packets": 4, + "tcp_flags": "0", "ts": "2023-12-13T15:25:52.000Z", "vendor": "Gigamon", "version": "6.5.00" } }, + "service": { + "id": "3855", + "type": "mailslot", + "version": "SMB-V1" + }, + "source": { + "bytes": 1036, + "packets": 4 + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:52.000Z", + "destination": { + "bytes": 2335, + "ip": "10.115.81.118", + "mac": "0C-C4-7A-F8-0D-C4", + "packets": 8, + "port": 9080 + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:15.821Z", + "id": "679408454713139207", + "kind": "event", + "start": "2023-12-13T15:25:15.821Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 4962, + "app_id": "4962", "app_name": "Unknown ssl", "device_inbound_interface": "0", "dst_bytes": 2335, @@ -3003,8 +5127,20 @@ "src_mac": "00:50:56:9f:7f:ff", "src_packets": 11, "src_port": 41529, - "ssl_cipher_suite_id": "49200", - "ssl_cipher_suite_id_value": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "ssl_certificate_subject_cn": "*.zoom.us", + "ssl_cipher_suite_id": "49199", + "ssl_cipher_suite_id_value": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "ssl_common_name": "*.zoom.us", + "ssl_ext_sig_algorithm_hash": "6", + "ssl_ext_sig_algorithm_hash_value": "SHA512", + "ssl_ext_sig_algorithm_scheme": "1537", + "ssl_ext_sig_algorithm_scheme_value": "rsa_pkcs1_sha512", + "ssl_ext_sig_algorithm_sig": "1", + "ssl_issuer": "Go Daddy Secure Certificate Authority - G2", + "ssl_protocol_version": "771", + "ssl_protocol_version_value": "TLS_1_2", + "ssl_validity_not_after": "2026-05-26T04:32:14.000Z", + "ssl_validity_not_before": "2025-05-26T04:32:14.000Z", "start_time": "2023-12-13T15:25:15.821Z", "sys_up_time_first": 4035405835, "sys_up_time_last": 4035405835, @@ -3013,9 +5149,31 @@ "version": "6.5.00" } }, + "service": { + "id": "4962", + "type": "Unknown ssl" + }, + "source": { + "bytes": 1533, + "ip": "10.115.83.4", + "mac": "00-50-56-9F-7F-FF", + "packets": 11, + "port": 41529 + }, "tags": [ "preserve_original_event" - ] + ], + "tls": { + "cipher": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "client": { + "issuer": "Go Daddy Secure Certificate Authority - G2", + "not_after": "2026-05-26T04:32:14.000Z", + "not_before": "2025-05-26T04:32:14.000Z", + "server_name": "*.zoom.us", + "subject": "*.zoom.us" + }, + "version_protocol": "TLS_1_2" + } }, { "@timestamp": "2023-12-13T15:25:52.000Z", @@ -3023,22 +5181,33 @@ "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "dns_ancount": 30, - "dns_host": "duo-test-cluster._tms_cluster._tcp.local", - "dns_host_type": "PTR", - "dns_name": "_tms_cluster._tcp.local", - "dns_qdcount": 1, - "dns_transaction_id": 0, + "app_id": "15", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", + "ip_wrong_crc": "5199", + "tcp_flag_reset": "1", + "tcp_loss_count": "1380", + "tcp_retransmission_bytes": 155, + "tcp_rtt": 1.5E-5, + "tcp_rtt_app": 2.6E-5, + "tcp_wrong_crc": "4296", "ts": "2023-12-13T15:25:52.000Z", "vendor": "Gigamon", "version": "6.5.00" } }, + "service": { + "id": "15" + }, "tags": [ "preserve_original_event" ] @@ -3049,36 +5218,65 @@ "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "kind": "event", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "dns_ancount": 40, - "dns_host": "eqaHCT._tms", - "dns_name": "_tcn_Suki-Cluster._tcp.local", - "dns_qdcount": 2, - "dns_transaction_id": 0, + "app_id": "190", "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6", + "snmp_version": "2c", "ts": "2023-12-13T15:25:52.000Z", "vendor": "Gigamon", "version": "6.5.00" } }, + "service": { + "id": "190", + "version": "2c" + }, "tags": [ "preserve_original_event" ] }, { "@timestamp": "2023-12-13T15:25:54.000Z", + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "question": { + "name": "_webdav._tcp.local", + "type": "PTR" + } + }, "ecs": { "version": "8.11.0" }, "event": { - "kind": "event" + "category": [ + "network" + ], + "end": "2023-12-13T15:25:40.285Z", + "id": "679408454713142279", + "kind": "event", + "start": "2023-12-13T15:25:39.533Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -3117,6 +5315,17 @@ "version": "6.5.00" } }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 247, + "ip": "10.115.82.8", + "mac": "00-50-56-A0-50-0D", + "packets": 2, + "port": 5353 + }, "tags": [ "preserve_original_event" ] diff --git a/packages/gigamon/data_stream/ami/elasticsearch/ingest_pipeline/default.yml b/packages/gigamon/data_stream/ami/elasticsearch/ingest_pipeline/default.yml index ec0c11ff103..d0c0b1ba262 100644 --- a/packages/gigamon/data_stream/ami/elasticsearch/ingest_pipeline/default.yml +++ b/packages/gigamon/data_stream/ami/elasticsearch/ingest_pipeline/default.yml @@ -12,6 +12,16 @@ processors: - set: field: event.kind value: event + - append: + field: event.category + tag: append_network_into_event_category + value: network + allow_duplicates: false + - append: + field: event.type + tag: append_info_into_event_type + value: info + allow_duplicates: false # process dates on base fields - date: field: gigamon.ami.ts @@ -63,6 +73,34 @@ processors: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + field: gigamon.ami.flow_start_sec + target_field: gigamon.ami.flow_start_sec + tag: date_gigamon_ami_flow_start_sec + formats: + - 'yyyy:MM:dd HH:mm:ss' + - ISO8601 + if: ctx.gigamon?.ami?.flow_start_sec != null + on_failure: + - remove: + field: gigamon.ami.flow_start_sec + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - date: + field: gigamon.ami.flow_end_sec + target_field: gigamon.ami.flow_end_sec + tag: date_gigamon_ami_flow_end_sec + formats: + - 'yyyy:MM:dd HH:mm:ss' + - ISO8601 + if: ctx.gigamon?.ami?.flow_end_sec != null + on_failure: + - remove: + field: gigamon.ami.flow_end_sec + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - date: field: gigamon.ami.ssl_validity_not_before target_field: gigamon.ami.ssl_validity_not_before @@ -111,18 +149,6 @@ processors: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - - convert: - field: gigamon.ami.app_id - if: ctx.gigamon?.ami?.app_id != null - tag: convert_app_id - type: long - on_failure: - - remove: - field: gigamon.ami.app_id - ignore_missing: true - - append: - field: error.message - value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - convert: field: gigamon.ami.sys_up_time_first if: ctx.gigamon?.ami?.sys_up_time_first != null @@ -404,6 +430,42 @@ processors: - append: field: error.message value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + field: gigamon.ami.tcp_rtt + if: ctx.gigamon?.ami?.tcp_rtt != null + tag: convert_tcp_rtt + type: float + on_failure: + - remove: + field: gigamon.ami.tcp_rtt + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + field: gigamon.ami.tcp_rtt_app + if: ctx.gigamon?.ami?.tcp_rtt_app != null + tag: convert_tcp_rtt_app + type: float + on_failure: + - remove: + field: gigamon.ami.tcp_rtt_app + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - convert: + field: gigamon.ami.tcp_retransmission_bytes + if: ctx.gigamon?.ami?.tcp_retransmission_bytes != null + tag: convert_tcp_retransmission_bytes + type: long + on_failure: + - remove: + field: gigamon.ami.tcp_retransmission_bytes + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' - script: lang: painless description: Gigamon AMI lookup mappings @@ -827,6 +889,346 @@ processors: if (ctx.gigamon.ami.dns_reply_code != null) { ctx.gigamon.ami.dns_reply_code_value = params['dns_reply_code'][ctx.gigamon.ami.dns_reply_code]; } + + - convert: + field: gigamon.ami.dns_response_time + if: ctx.gigamon?.ami?.dns_response_time != null + tag: convert_dns_response_time + type: float + on_failure: + - remove: + field: gigamon.ami.dns_response_time + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - script: + lang: painless + description: Convert dns_response_time in seconds to nanoseconds for populating event.duration + source: >- + ctx.event.duration = ctx.gigamon.ami.dns_response_time * 1000000000L; + if: ctx.gigamon?.ami?.dns_response_time != null + - set: + field: dns.question.name + tag: set_dns_question_name + copy_from: gigamon.ami.dns_query + if: ctx.gigamon?.ami?.dns_query != null + - set: + field: dns.question.registered_domain + tag: set_dns_question_registered_domain + copy_from: gigamon.ami.dns_name + if: ctx.gigamon?.ami?.dns_name != null + - append: + field: host.ip + tag: set_host_ip + value: "{{gigamon.ami.dns_host_addr}}" + if: ctx.gigamon?.ami?.dns_host_addr != null + allow_duplicates: false + - convert: + field: gigamon.ami.dns_ttl + if: ctx.gigamon?.ami?.dns_ttl != null + tag: convert_dns_ttl + type: long + on_failure: + - remove: + field: gigamon.ami.dns_ttl + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + field: dns.answers.ttl + tag: set_dns_answers.ttl + copy_from: gigamon.ami.dns_ttl + if: ctx.gigamon?.ami?.dns_ttl != null + - set: + field: dns.question.type + tag: set_dns_question_type + copy_from: gigamon.ami.dns_query_type_value + if: ctx.gigamon?.ami?.dns_query_type_value != null + - set: + field: dns.response_code + tag: set_dns_response_code + copy_from: gigamon.ami.dns_reply_code_value + if: ctx.gigamon?.ami?.dns_reply_code_value != null + - set: + field: host.name + tag: set_host_name + copy_from: gigamon.ami.dns_host + if: ctx.gigamon?.ami?.dns_host != null + - set: + field: host.type + tag: set_host_type + copy_from: gigamon.ami.dns_host_type + if: ctx.gigamon?.ami?.dns_host_type!= null + - append: + field: related.ip + tag: set_related_ip + value: "{{gigamon.ami.dns_reverse_addr}}" + if: ctx.gigamon?.ami?.dns_reverse_addr != null + allow_duplicates: false + - set: + field: dns.type + tag: set_dns_type + copy_from: gigamon.ami.dns_message_type + if: ctx.gigamon?.ami?.dns_message_type != null + - convert: + field: gigamon.ami.http_rtt + if: ctx.gigamon?.ami?.http_rtt != null + tag: convert_http_rtt + type: float + on_failure: + - remove: + field: gigamon.ami.http_rtt + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - script: + lang: painless + description: Convert http_rtt in seconds to nanoseconds for populating event.duration + source: >- + ctx.event.duration = ctx.gigamon.ami.http_rtt * 1000000000L; + if: ctx.gigamon?.ami?.http_rtt != null + - set: + field: user_agent.original + tag: set_user_agent_original + copy_from: gigamon.ami.http_user_agent + if: ctx.gigamon?.ami?.http_user_agent != null + - set: + field: http.request.method + tag: set_http_request_method + copy_from: gigamon.ami.http_method + if: ctx.gigamon?.ami?.http_method != null + - set: + field: http.version + tag: set_http_version + copy_from: gigamon.ami.http_version + if: ctx.gigamon?.ami?.http_version != null + - convert: + field: gigamon.ami.http_code + if: ctx.gigamon?.ami?.http_code != null + tag: convert_http_code + type: long + on_failure: + - remove: + field: gigamon.ami.http_code + ignore_missing: true + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + field: http.response.status_code + tag: set_http_response_status_code + copy_from: gigamon.ami.http_code + if: ctx.gigamon?.ami?.http_code != null + - set: + field: file.extension + tag: set_http_file_extension + copy_from: gigamon.ami.http_file_type + if: ctx.gigamon?.ami?.http_file_type != null + - set: + field: http.request.referrer + tag: set_http_request_referer + copy_from: gigamon.ami.http_referer + if: ctx.gigamon?.ami?.http_referer != null + - set: + field: server.domain + tag: set_server_domain + copy_from: gigamon.ami.http_server + if: ctx.gigamon?.ami?.http_server != null + - set: + field: url.path + tag: set_url_path + copy_from: gigamon.ami.http_uri_path + if: ctx.gigamon?.ami?.http_uri_path != null + - set: + field: url.full + tag: set_url_full + copy_from: gigamon.ami.http_uri + if: ctx.gigamon?.ami?.http_uri != null + - set: + field: host.name + tag: set_host_name + copy_from: gigamon.ami.http_host + if: ctx.gigamon?.ami?.http_host != null + - set: + field: url.original + tag: set_url_original + copy_from: gigamon.ami.http_uri_raw + if: ctx.gigamon?.ami?.http_uri_raw != null + - set: + field: tls.cipher + tag: set_tls_cipher + copy_from: gigamon.ami.ssl_cipher_suite_id_value + if: ctx.gigamon?.ami?.ssl_cipher_suite_id_value != null + - set: + field: tls.client.not_after + tag: set_tls_client_not_after + copy_from: gigamon.ami.ssl_validity_not_after + if: ctx.gigamon?.ami?.ssl_validity_not_after != null + - set: + field: tls.client.not_before + tag: set_tls_client_not_before + copy_from: gigamon.ami.ssl_validity_not_before + if: ctx.gigamon?.ami?.ssl_validity_not_before != null + - set: + field: tls.version_protocol + tag: set_tls_version_protocol + copy_from: gigamon.ami.ssl_protocol_version_value + if: ctx.gigamon?.ami?.ssl_protocol_version_value != null + - set: + field: tls.client.server_name + tag: set_tls_client_server_name + copy_from: gigamon.ami.ssl_common_name + if: ctx.gigamon?.ami?.ssl_common_name != null + - set: + field: tls.client.issuer + tag: set_tls_client_issuer + copy_from: gigamon.ami.ssl_issuer + if: ctx.gigamon?.ami?.ssl_issuer != null + - set: + field: tls.client.subject + tag: set_tls_client_subject + copy_from: gigamon.ami.ssl_certificate_subject_cn + if: ctx.gigamon?.ami?.ssl_certificate_subject_cn != null + - set: + field: source.ip + tag: set_source_ip + copy_from: gigamon.ami.src_ip + if: ctx.gigamon?.ami?.src_ip != null + - set: + field: destination.ip + tag: set_destination_ip + copy_from: gigamon.ami.dst_ip + if: ctx.gigamon?.ami?.dst_ip != null + - set: + field: source.port + tag: set_source_port + copy_from: gigamon.ami.src_port + if: ctx.gigamon?.ami?.src_port != null + - set: + field: destination.port + tag: set_destination_port + copy_from: gigamon.ami.dst_port + if: ctx.gigamon?.ami?.dst_port != null + - set: + field: service.type + tag: set_service_type + copy_from: gigamon.ami.app_name + if: ctx.gigamon?.ami?.app_name != null + - set: + field: event.start + tag: set_event_start + copy_from: gigamon.ami.start_time + if: ctx.gigamon?.ami?.start_time != null + - set: + field: event.end + tag: set_event_end + copy_from: gigamon.ami.end_time + if: ctx.gigamon?.ami?.end_time != null + - set: + field: source.ip + tag: set_source_ip + copy_from: gigamon.ami.src_ipv6 + if: ctx.gigamon?.ami?.src_ipv6 != null + - set: + field: destination.ip + tag: set_destination_ip + copy_from: gigamon.ami.dst_ipv6 + if: ctx.gigamon?.ami?.dst_ipv6 != null + - geoip: + field: source.ip + target_field: source.geo + ignore_missing: true + - geoip: + ignore_missing: true + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - geoip: + field: destination.ip + target_field: destination.geo + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - set: + field: source.bytes + tag: set_source_bytes + copy_from: gigamon.ami.src_bytes + if: ctx.gigamon?.ami?.src_bytes != null + - set: + field: destination.bytes + tag: set_destination_bytes + copy_from: gigamon.ami.dst_bytes + if: ctx.gigamon?.ami?.dst_bytes != null + - set: + field: source.packets + tag: set_source_packets + copy_from: gigamon.ami.src_packets + if: ctx.gigamon?.ami?.src_packets != null + - set: + field: destination.packets + tag: set_destination_packets + copy_from: gigamon.ami.dst_packets + if: ctx.gigamon?.ami?.dst_packets != null + - set: + field: service.version + tag: set_smb_version + copy_from: gigamon.ami.smb_version_value + if: ctx.gigamon?.ami?.smb_version_value != null + - set: + field: service.version + tag: set_snmp_version + copy_from: gigamon.ami.snmp_version + if: ctx.gigamon?.ami?.snmp_version != null + - set: + field: event.id + tag: set_event_id + copy_from: gigamon.ami.id + if: ctx.gigamon?.ami?.id != null + - set: + field: service.id + tag: set_service.id + copy_from: gigamon.ami.app_id + if: ctx.gigamon?.ami?.app_id != null + - script: + lang: painless + description: Replace ":" in source mac with "-" + source: >- + ctx.source.mac = ctx.gigamon.ami.src_mac.replace(":", "-").toUpperCase(); + if: ctx.gigamon?.ami?.src_mac != null + - script: + lang: painless + description: Replace ":" in destination mac with "-" + source: >- + ctx.destination.mac = ctx.gigamon.ami.dst_mac.replace(":", "-").toUpperCase(); + if: ctx.gigamon?.ami?.dst_mac != null - remove: field: - ts diff --git a/packages/gigamon/data_stream/ami/fields/fields.yml b/packages/gigamon/data_stream/ami/fields/fields.yml index 2f7fb4293b7..cff843a2351 100644 --- a/packages/gigamon/data_stream/ami/fields/fields.yml +++ b/packages/gigamon/data_stream/ami/fields/fields.yml @@ -7,7 +7,7 @@ - name: seq_num type: long - name: app_id - type: long + type: keyword - name: app_name type: keyword - name: ts @@ -28,6 +28,10 @@ type: date - name: end_time type: date + - name: flow_start_sec + type: date + - name: flow_end_sec + type: date - name: intf_name type: keyword - name: egress_intf_id @@ -92,6 +96,10 @@ type: keyword - name: dns_host_raw type: keyword + - name: dns_message_type + type: keyword + - name: dns_tunneling + type: keyword - name: dns_query type: keyword - name: dns_query_type @@ -107,7 +115,7 @@ - name: dns_reply_code_value type: keyword - name: dns_response_time - type: double + type: float - name: dns_reverse_addr type: ip # http_ fields @@ -122,7 +130,7 @@ - name: http_server_agent type: keyword - name: http_rtt - type: keyword + type: float - name: http_code type: long - name: http_content_len @@ -133,6 +141,8 @@ type: keyword - name: http_request_size type: long + - name: http_set_cookie + type: keyword - name: http_host type: keyword - name: http_uri_decoded @@ -143,6 +153,12 @@ type: keyword - name: http_content_type type: keyword + - name: http_content_encoding + type: keyword + - name: http_file_type + type: keyword + - name: http_referer + type: keyword - name: http_method type: keyword - name: http_version @@ -152,6 +168,22 @@ # tcp_ fields - name: tcp_flags type: keyword + - name: tcp_rtt + type: float + - name: tcp_rtt_app + type: float + - name: ip_wrong_crc + type: keyword + - name: snmp_version + type: keyword + - name: tcp_flag_reset + type: keyword + - name: tcp_loss_count + type: keyword + - name: tcp_wrong_crc + type: keyword + - name: tcp_retransmission_bytes + type: long # ssl_ fields - name: ssl_certif_md5 type: keyword @@ -261,3 +293,12 @@ type: keyword - name: ssl_signalization_override type: keyword + # smb fields + - name: smb_command_string + type: keyword + - name: smb_filename + type: keyword + - name: smb_host + type: keyword + - name: smb_path + type: keyword diff --git a/packages/gigamon/data_stream/ami/sample_event.json b/packages/gigamon/data_stream/ami/sample_event.json index d46cb4d50e6..da94cca93c2 100644 --- a/packages/gigamon/data_stream/ami/sample_event.json +++ b/packages/gigamon/data_stream/ami/sample_event.json @@ -1,35 +1,61 @@ { "@timestamp": "2023-05-16T15:25:25.000Z", "agent": { - "ephemeral_id": "7733f9fd-539a-4020-a4de-15f1ceb8c4bf", - "id": "47bbeb84-a39b-4490-9208-eada12c773a0", - "name": "elastic-agent-93813", + "ephemeral_id": "c3c3933d-0266-4dfc-8338-d19b7f8fa8c7", + "id": "efec3a10-2a58-4887-8c7e-8af219943e3b", + "name": "elastic-agent-90319", "type": "filebeat", - "version": "8.17.0" + "version": "8.18.2" }, "data_stream": { "dataset": "gigamon.ami", - "namespace": "46839", + "namespace": "25072", "type": "logs" }, + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "47bbeb84-a39b-4490-9208-eada12c773a0", + "id": "efec3a10-2a58-4887-8c7e-8af219943e3b", "snapshot": false, - "version": "8.17.0" + "version": "8.18.2" }, "event": { "agent_id_status": "verified", + "category": [ + "network" + ], "dataset": "gigamon.ami", - "ingested": "2025-06-03T09:26:56Z", + "end": "2023-12-13T15:25:11.181Z", + "id": "679408454713072647", + "ingested": "2025-07-25T06:36:55Z", "kind": "event", - "original": "{\"app_id\":\"32\",\"app_name\":\"dns\",\"device_inbound_interface\":\"0\",\"dns_class\":\"1\",\"dns_flags\":\"0\",\"dns_host\":\"pnstrex-83816.local\",\"dns_host_addr\":\"10.114.82.101\",\"dns_host_class\":\"1\",\"dns_host_raw\":\"706e73747265782d38333831362e6c6f63616c\",\"dns_host_type\":\"PTR\",\"dns_name\":\"a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa\",\"dns_opcode\":\"0\",\"dns_qdcount\":\"4\",\"dns_query\":\"f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa\",\"dns_query_type\":\"255\",\"dns_transaction_id\":\"0\",\"dns_ttl\":\"120\",\"dst_bytes\":\"0\",\"dst_ip\":\"224.0.0.251\",\"dst_mac\":\"01:00:5e:00:00:fb\",\"dst_packets\":\"0\",\"dst_port\":\"5353\",\"egress_intf_id\":\"0\",\"end_reason\":\"1\",\"end_time\":\"2023:12:13 15:25:11.181\",\"generator\":\"gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6\",\"id\":\"679408454713072647\",\"intf_name\":\"0\",\"ip_version\":\"4\",\"protocol\":\"17\",\"seq_num\":\"656\",\"src_bytes\":\"337\",\"src_ip\":\"10.114.82.101\",\"src_mac\":\"00:50:56:8d:89:41\",\"src_packets\":\"1\",\"src_port\":\"5353\",\"start_time\":\"2023:12:13 15:25:11.181\",\"sys_up_time_first\":\"3497355275\",\"sys_up_time_last\":\"3497355275\",\"ts\":\"Thu May 16 15:25:25 2023\",\"vendor\":\"Gigamon\",\"version\":\"6.5.00\"}" + "original": "{\"app_id\":\"32\",\"app_name\":\"dns\",\"device_inbound_interface\":\"0\",\"dns_class\":\"1\",\"dns_flags\":\"0\",\"dns_host\":\"pnstrex-83816.local\",\"dns_host_addr\":\"10.114.82.101\",\"dns_host_class\":\"1\",\"dns_host_raw\":\"706e73747265782d38333831362e6c6f63616c\",\"dns_host_type\":\"PTR\",\"dns_name\":\"a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa\",\"dns_opcode\":\"0\",\"dns_qdcount\":\"4\",\"dns_query\":\"f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa\",\"dns_query_type\":\"255\",\"dns_transaction_id\":\"0\",\"dns_ttl\":\"120\",\"dst_bytes\":\"0\",\"dst_ip\":\"224.0.0.251\",\"dst_mac\":\"01:00:5e:00:00:fb\",\"dst_packets\":\"0\",\"dst_port\":\"5353\",\"egress_intf_id\":\"0\",\"end_reason\":\"1\",\"end_time\":\"2023:12:13 15:25:11.181\",\"generator\":\"gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6\",\"id\":\"679408454713072647\",\"intf_name\":\"0\",\"ip_version\":\"4\",\"protocol\":\"17\",\"seq_num\":\"656\",\"src_bytes\":\"337\",\"src_ip\":\"10.114.82.101\",\"src_mac\":\"00:50:56:8d:89:41\",\"src_packets\":\"1\",\"src_port\":\"5353\",\"start_time\":\"2023:12:13 15:25:11.181\",\"sys_up_time_first\":\"3497355275\",\"sys_up_time_last\":\"3497355275\",\"ts\":\"Thu May 16 15:25:25 2023\",\"vendor\":\"Gigamon\",\"version\":\"6.5.00\"}", + "start": "2023-12-13T15:25:11.181Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -75,9 +101,27 @@ "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.101" + ], + "name": "pnstrex-83816.local", + "type": "PTR" + }, "input": { "type": "http_endpoint" }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.101", + "mac": "00-50-56-8D-89-41", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event", "forwarded", diff --git a/packages/gigamon/docs/README.md b/packages/gigamon/docs/README.md index 6dc37cbdff2..14b9a09baba 100644 --- a/packages/gigamon/docs/README.md +++ b/packages/gigamon/docs/README.md @@ -67,35 +67,61 @@ An example event for `ami` looks as following: { "@timestamp": "2023-05-16T15:25:25.000Z", "agent": { - "ephemeral_id": "7733f9fd-539a-4020-a4de-15f1ceb8c4bf", - "id": "47bbeb84-a39b-4490-9208-eada12c773a0", - "name": "elastic-agent-93813", + "ephemeral_id": "e4420835-f6ac-4965-a02e-6652bddd447c", + "id": "fe8ff87c-86f3-48ae-b73e-b2d057322f88", + "name": "elastic-agent-27172", "type": "filebeat", - "version": "8.17.0" + "version": "8.18.2" }, "data_stream": { "dataset": "gigamon.ami", - "namespace": "46839", + "namespace": "15890", "type": "logs" }, + "destination": { + "bytes": 0, + "ip": "224.0.0.251", + "mac": "01-00-5E-00-00-FB", + "packets": 0, + "port": 5353 + }, + "dns": { + "answers": { + "ttl": 120 + }, + "question": { + "name": "f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa", + "registered_domain": "a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa", + "type": "*" + } + }, "ecs": { "version": "8.11.0" }, "elastic_agent": { - "id": "47bbeb84-a39b-4490-9208-eada12c773a0", + "id": "fe8ff87c-86f3-48ae-b73e-b2d057322f88", "snapshot": false, - "version": "8.17.0" + "version": "8.18.2" }, "event": { "agent_id_status": "verified", + "category": [ + "network" + ], "dataset": "gigamon.ami", - "ingested": "2025-06-03T09:26:56Z", + "end": "2023-12-13T15:25:11.181Z", + "id": "679408454713072647", + "ingested": "2025-07-25T08:12:45Z", "kind": "event", - "original": "{\"app_id\":\"32\",\"app_name\":\"dns\",\"device_inbound_interface\":\"0\",\"dns_class\":\"1\",\"dns_flags\":\"0\",\"dns_host\":\"pnstrex-83816.local\",\"dns_host_addr\":\"10.114.82.101\",\"dns_host_class\":\"1\",\"dns_host_raw\":\"706e73747265782d38333831362e6c6f63616c\",\"dns_host_type\":\"PTR\",\"dns_name\":\"a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa\",\"dns_opcode\":\"0\",\"dns_qdcount\":\"4\",\"dns_query\":\"f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa\",\"dns_query_type\":\"255\",\"dns_transaction_id\":\"0\",\"dns_ttl\":\"120\",\"dst_bytes\":\"0\",\"dst_ip\":\"224.0.0.251\",\"dst_mac\":\"01:00:5e:00:00:fb\",\"dst_packets\":\"0\",\"dst_port\":\"5353\",\"egress_intf_id\":\"0\",\"end_reason\":\"1\",\"end_time\":\"2023:12:13 15:25:11.181\",\"generator\":\"gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6\",\"id\":\"679408454713072647\",\"intf_name\":\"0\",\"ip_version\":\"4\",\"protocol\":\"17\",\"seq_num\":\"656\",\"src_bytes\":\"337\",\"src_ip\":\"10.114.82.101\",\"src_mac\":\"00:50:56:8d:89:41\",\"src_packets\":\"1\",\"src_port\":\"5353\",\"start_time\":\"2023:12:13 15:25:11.181\",\"sys_up_time_first\":\"3497355275\",\"sys_up_time_last\":\"3497355275\",\"ts\":\"Thu May 16 15:25:25 2023\",\"vendor\":\"Gigamon\",\"version\":\"6.5.00\"}" + "original": "{\"app_id\":\"32\",\"app_name\":\"dns\",\"device_inbound_interface\":\"0\",\"dns_class\":\"1\",\"dns_flags\":\"0\",\"dns_host\":\"pnstrex-83816.local\",\"dns_host_addr\":\"10.114.82.101\",\"dns_host_class\":\"1\",\"dns_host_raw\":\"706e73747265782d38333831362e6c6f63616c\",\"dns_host_type\":\"PTR\",\"dns_name\":\"a.b.2.b.9.6.c.2.3.9.3.d.6.2.6.a.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. i:p6.arpa\",\"dns_opcode\":\"0\",\"dns_qdcount\":\"4\",\"dns_query\":\"f.7.5.2.e.7.6.2.4.c.1.c.4.c.6.1.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa\",\"dns_query_type\":\"255\",\"dns_transaction_id\":\"0\",\"dns_ttl\":\"120\",\"dst_bytes\":\"0\",\"dst_ip\":\"224.0.0.251\",\"dst_mac\":\"01:00:5e:00:00:fb\",\"dst_packets\":\"0\",\"dst_port\":\"5353\",\"egress_intf_id\":\"0\",\"end_reason\":\"1\",\"end_time\":\"2023:12:13 15:25:11.181\",\"generator\":\"gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6\",\"id\":\"679408454713072647\",\"intf_name\":\"0\",\"ip_version\":\"4\",\"protocol\":\"17\",\"seq_num\":\"656\",\"src_bytes\":\"337\",\"src_ip\":\"10.114.82.101\",\"src_mac\":\"00:50:56:8d:89:41\",\"src_packets\":\"1\",\"src_port\":\"5353\",\"start_time\":\"2023:12:13 15:25:11.181\",\"sys_up_time_first\":\"3497355275\",\"sys_up_time_last\":\"3497355275\",\"ts\":\"Thu May 16 15:25:25 2023\",\"vendor\":\"Gigamon\",\"version\":\"6.5.00\"}", + "start": "2023-12-13T15:25:11.181Z", + "type": [ + "info" + ] }, "gigamon": { "ami": { - "app_id": 32, + "app_id": "32", "app_name": "dns", "device_inbound_interface": "0", "dns_class": "1", @@ -141,9 +167,27 @@ An example event for `ami` looks as following: "version": "6.5.00" } }, + "host": { + "ip": [ + "10.114.82.101" + ], + "name": "pnstrex-83816.local", + "type": "PTR" + }, "input": { "type": "http_endpoint" }, + "service": { + "id": "32", + "type": "dns" + }, + "source": { + "bytes": 337, + "ip": "10.114.82.101", + "mac": "00-50-56-8D-89-41", + "packets": 1, + "port": 5353 + }, "tags": [ "preserve_original_event", "forwarded", @@ -162,7 +206,7 @@ An example event for `ami` looks as following: | data_stream.type | Data stream type. | constant_keyword | | event.dataset | Event dataset | constant_keyword | | event.module | Event module | constant_keyword | -| gigamon.ami.app_id | | long | +| gigamon.ami.app_id | | keyword | | gigamon.ami.app_name | | keyword | | gigamon.ami.device_inbound_interface | | keyword | | gigamon.ami.dns_ancount | | long | @@ -174,6 +218,7 @@ An example event for `ami` looks as following: | gigamon.ami.dns_host_class | | keyword | | gigamon.ami.dns_host_raw | | keyword | | gigamon.ami.dns_host_type | | keyword | +| gigamon.ami.dns_message_type | | keyword | | gigamon.ami.dns_name | | keyword | | gigamon.ami.dns_opcode | | keyword | | gigamon.ami.dns_qdcount | | long | @@ -182,10 +227,11 @@ An example event for `ami` looks as following: | gigamon.ami.dns_query_type_value | | keyword | | gigamon.ami.dns_reply_code | | keyword | | gigamon.ami.dns_reply_code_value | | keyword | -| gigamon.ami.dns_response_time | | double | +| gigamon.ami.dns_response_time | | float | | gigamon.ami.dns_reverse_addr | | ip | | gigamon.ami.dns_transaction_id | | long | | gigamon.ami.dns_ttl | | long | +| gigamon.ami.dns_tunneling | | keyword | | gigamon.ami.dst_bytes | | long | | gigamon.ami.dst_ip | | ip | | gigamon.ami.dst_mac | | keyword | @@ -196,17 +242,23 @@ An example event for `ami` looks as following: | gigamon.ami.end_reason_value | | keyword | | gigamon.ami.end_time | | date | | gigamon.ami.eventType | | keyword | +| gigamon.ami.flow_end_sec | | date | +| gigamon.ami.flow_start_sec | | date | | gigamon.ami.generator | | keyword | | gigamon.ami.http_code | | long | +| gigamon.ami.http_content_encoding | | keyword | | gigamon.ami.http_content_len | | long | | gigamon.ami.http_content_type | | keyword | +| gigamon.ami.http_file_type | | keyword | | gigamon.ami.http_host | | keyword | | gigamon.ami.http_method | | keyword | | gigamon.ami.http_mime_type | | keyword | +| gigamon.ami.http_referer | | keyword | | gigamon.ami.http_request_size | | long | -| gigamon.ami.http_rtt | | keyword | +| gigamon.ami.http_rtt | | float | | gigamon.ami.http_server | | keyword | | gigamon.ami.http_server_agent | | keyword | +| gigamon.ami.http_set_cookie | | keyword | | gigamon.ami.http_uri | | keyword | | gigamon.ami.http_uri_decoded | | keyword | | gigamon.ami.http_uri_full | | keyword | @@ -219,10 +271,16 @@ An example event for `ami` looks as following: | gigamon.ami.id | | keyword | | gigamon.ami.intf_name | | keyword | | gigamon.ami.ip_version | | keyword | +| gigamon.ami.ip_wrong_crc | | keyword | | gigamon.ami.protocol | | keyword | | gigamon.ami.seq_num | | long | +| gigamon.ami.smb_command_string | | keyword | +| gigamon.ami.smb_filename | | keyword | +| gigamon.ami.smb_host | | keyword | +| gigamon.ami.smb_path | | keyword | | gigamon.ami.smb_version | | keyword | | gigamon.ami.smb_version_value | | keyword | +| gigamon.ami.snmp_version | | keyword | | gigamon.ami.src_bytes | | long | | gigamon.ami.src_ip | | ip | | gigamon.ami.src_mac | | keyword | @@ -285,7 +343,13 @@ An example event for `ami` looks as following: | gigamon.ami.start_time | | date | | gigamon.ami.sys_up_time_first | | long | | gigamon.ami.sys_up_time_last | | long | +| gigamon.ami.tcp_flag_reset | | keyword | | gigamon.ami.tcp_flags | | keyword | +| gigamon.ami.tcp_loss_count | | keyword | +| gigamon.ami.tcp_retransmission_bytes | | long | +| gigamon.ami.tcp_rtt | | float | +| gigamon.ami.tcp_rtt_app | | float | +| gigamon.ami.tcp_wrong_crc | | keyword | | gigamon.ami.ts | | date | | gigamon.ami.vendor | | keyword | | gigamon.ami.version | | keyword | diff --git a/packages/gigamon/manifest.yml b/packages/gigamon/manifest.yml index 5cd63c7beab..59d5133d8d1 100644 --- a/packages/gigamon/manifest.yml +++ b/packages/gigamon/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.1.3 name: gigamon title: Gigamon -version: "1.7.0" +version: "1.8.0" description: Collect logs from Gigamon with Elastic Agent. type: integration categories: diff --git a/packages/system/changelog.yml b/packages/system/changelog.yml index 47a96be28f0..3b03dd192b5 100644 --- a/packages/system/changelog.yml +++ b/packages/system/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Use Links panel in Dashboards + type: enhancement + link: https://github.com/elastic/integrations/pull/14383 - version: "2.3.3" changes: - description: Fix CPU Usage on [Metrics System] Overview "hosts" tab. diff --git a/packages/system/kibana/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json b/packages/system/kibana/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json index 4280e6bf5ef..12ee5a44221 100644 --- a/packages/system/kibana/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json +++ b/packages/system/kibana/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab.json @@ -55,20 +55,39 @@ { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" - }, - "title": "Dashboards [Logs System]", - "type": "markdown", - "uiState": {} + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Syslog", + "type": "dashboardLink", + "id": "system-Logs-syslog-dashboard", + "order": 0, + "destinationRefName": "link_system-Logs-syslog-dashboard_dashboard" + }, + { + "label": "Sudo commands", + "type": "dashboardLink", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "order": 1, + "destinationRefName": "link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard" + }, + { + "label": "SSH logins", + "type": "dashboardLink", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a", + "order": 2, + "destinationRefName": "link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard" + }, + { + "label": "New users and groups", + "type": "dashboardLink", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "order": 3, + "destinationRefName": "link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard" + } + ] } }, "gridData": { @@ -80,8 +99,7 @@ }, "panelIndex": "7", "title": "Dashboards", - "type": "visualization", - "version": "8.10.2" + "type": "links" }, { "embeddableConfig": { @@ -1225,6 +1243,26 @@ "id": "logs-*", "name": "edc0a4ad-a2f9-4ae8-93ca-cfd7d0ed40fe:indexpattern-datasource-layer-c85d2e3b-2a8a-4312-a206-a0aea0b03d03", "type": "index-pattern" + }, + { + "name": "7:link_system-Logs-syslog-dashboard_dashboard", + "type": "dashboard", + "id": "system-Logs-syslog-dashboard" + }, + { + "name": "7:link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard", + "type": "dashboard", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a" + }, + { + "name": "7:link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard", + "type": "dashboard", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a" + }, + { + "name": "7:link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard", + "type": "dashboard", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab" } ], "managed": false, diff --git a/packages/system/kibana/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a.json b/packages/system/kibana/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a.json index fa237a08011..37f98b7a18b 100644 --- a/packages/system/kibana/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a.json +++ b/packages/system/kibana/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a.json @@ -55,20 +55,39 @@ { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" - }, - "title": "Dashboards [Logs System]", - "type": "markdown", - "uiState": {} + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Syslog", + "type": "dashboardLink", + "id": "system-Logs-syslog-dashboard", + "order": 0, + "destinationRefName": "link_system-Logs-syslog-dashboard_dashboard" + }, + { + "label": "Sudo commands", + "type": "dashboardLink", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "order": 1, + "destinationRefName": "link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard" + }, + { + "label": "SSH logins", + "type": "dashboardLink", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a", + "order": 2, + "destinationRefName": "link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard" + }, + { + "label": "New users and groups", + "type": "dashboardLink", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "order": 3, + "destinationRefName": "link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard" + } + ] } }, "gridData": { @@ -80,8 +99,7 @@ }, "panelIndex": "4", "title": "Dashboards", - "type": "visualization", - "version": "8.10.2" + "type": "links" }, { "embeddableConfig": { @@ -682,6 +700,26 @@ "id": "logs-*", "name": "fd4d0b9e-760d-4d7a-90e9-62aca0609b9e:5f8ad652-efdd-4a71-a6c7-b14538243381", "type": "index-pattern" + }, + { + "name": "4:link_system-Logs-syslog-dashboard_dashboard", + "type": "dashboard", + "id": "system-Logs-syslog-dashboard" + }, + { + "name": "4:link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard", + "type": "dashboard", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a" + }, + { + "name": "4:link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard", + "type": "dashboard", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a" + }, + { + "name": "4:link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard", + "type": "dashboard", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab" } ], "managed": false, diff --git a/packages/system/kibana/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a.json b/packages/system/kibana/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a.json index 01288c4ace0..dda91da9612 100644 --- a/packages/system/kibana/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a.json +++ b/packages/system/kibana/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a.json @@ -55,20 +55,39 @@ { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)" - }, - "title": "Dashboards [Logs System]", - "type": "markdown", - "uiState": {} + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Syslog", + "type": "dashboardLink", + "id": "system-Logs-syslog-dashboard", + "order": 0, + "destinationRefName": "link_system-Logs-syslog-dashboard_dashboard" + }, + { + "label": "Sudo commands", + "type": "dashboardLink", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "order": 1, + "destinationRefName": "link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard" + }, + { + "label": "SSH logins", + "type": "dashboardLink", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a", + "order": 2, + "destinationRefName": "link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard" + }, + { + "label": "New users and groups", + "type": "dashboardLink", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "order": 3, + "destinationRefName": "link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard" + } + ] } }, "gridData": { @@ -80,8 +99,7 @@ }, "panelIndex": "6", "title": "Dashboards", - "type": "visualization", - "version": "8.10.2" + "type": "links" }, { "embeddableConfig": { @@ -783,6 +801,26 @@ "id": "logs-*", "name": "f33947eb-0ae3-436c-889a-bb8450143b57:kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" + }, + { + "name": "6:link_system-Logs-syslog-dashboard_dashboard", + "type": "dashboard", + "id": "system-Logs-syslog-dashboard" + }, + { + "name": "6:link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard", + "type": "dashboard", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a" + }, + { + "name": "6:link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard", + "type": "dashboard", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a" + }, + { + "name": "6:link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard", + "type": "dashboard", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab" } ], "managed": false, diff --git a/packages/system/kibana/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268.json b/packages/system/kibana/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268.json index ebf5b380044..993c71a2f4c 100644 --- a/packages/system/kibana/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268.json +++ b/packages/system/kibana/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268.json @@ -2079,26 +2079,46 @@ { "embeddableConfig": { "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Windows Overview", + "type": "dashboardLink", + "id": "system-Windows-Dashboard", + "order": 0, + "destinationRefName": "link_system-Windows-Dashboard_dashboard" + }, + { + "label": "User Logon Information", + "type": "dashboardLink", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891", + "order": 1, + "destinationRefName": "link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard" + }, + { + "label": "Logon Failed and Account Lockout", + "type": "dashboardLink", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da", + "order": 2, + "destinationRefName": "link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard" + }, + { + "label": "User Management Events", + "type": "dashboardLink", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268", + "order": 3, + "destinationRefName": "link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard" + }, + { + "label": "Group Management Events", + "type": "dashboardLink", + "id": "system-bb858830-f412-11e9-8405-516218e3d268", + "order": 4, + "destinationRefName": "link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard" } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | **User Management Events** | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)", - "openLinksInNewTab": false - }, - "title": "Dashboard links [Windows System Security]", - "type": "markdown", - "uiState": {} + ] } }, "gridData": { @@ -2110,7 +2130,7 @@ }, "panelIndex": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c", "title": "", - "type": "visualization" + "type": "links" }, { "embeddableConfig": { @@ -4582,6 +4602,31 @@ "id": "logs-*", "name": "1ec8b993-9ac1-4c7f-b7f7-5136f2e310aa:d44e7ad4-f711-4e53-a4ae-b9cb03867c5f", "type": "index-pattern" + }, + { + "name": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c:link_system-Windows-Dashboard_dashboard", + "type": "dashboard", + "id": "system-Windows-Dashboard" + }, + { + "name": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c:link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard", + "type": "dashboard", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891" + }, + { + "name": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c:link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard", + "type": "dashboard", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da" + }, + { + "name": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c:link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268" + }, + { + "name": "cf0adfac-7cf2-479d-8ddb-1edeee62d37c:link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-bb858830-f412-11e9-8405-516218e3d268" } ], "type": "dashboard", diff --git a/packages/system/kibana/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8.json b/packages/system/kibana/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8.json index b877b1d1bdf..370989c3d7e 100644 --- a/packages/system/kibana/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8.json +++ b/packages/system/kibana/dashboard/system-79ffd6e0-faa0-11e6-947f-177f697178b8.json @@ -124,7 +124,7 @@ "y": 0 }, "panelIndex": "fcb53f5b-0e6b-41c8-ae1c-e2aafdeaff5a", - "title": "System Navigation [Metrics System]", + "title": "System Navigation", "type": "visualization" }, { diff --git a/packages/system/kibana/dashboard/system-Logs-syslog-dashboard.json b/packages/system/kibana/dashboard/system-Logs-syslog-dashboard.json index 9bd52c99669..aa66cdc2919 100644 --- a/packages/system/kibana/dashboard/system-Logs-syslog-dashboard.json +++ b/packages/system/kibana/dashboard/system-Logs-syslog-dashboard.json @@ -44,21 +44,39 @@ { "embeddableConfig": { "enhancements": {}, - "hidePanelTitles": false, - "savedVis": { - "data": { - "aggs": [], - "searchSource": {} - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Syslog](#/dashboard/system-Logs-syslog-dashboard) | [Sudo commands](#/dashboard/system-277876d0-fa2c-11e6-bbd3-29c986c96e5a) | [SSH logins](#/dashboard/system-5517a150-f9ce-11e6-8115-a7c18106d86a) | [New users and groups](#/dashboard/system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab)", - "openLinksInNewTab": false - }, - "title": "Dashboards [Logs System]", - "type": "markdown", - "uiState": {} + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Syslog", + "type": "dashboardLink", + "id": "system-Logs-syslog-dashboard", + "order": 0, + "destinationRefName": "link_system-Logs-syslog-dashboard_dashboard" + }, + { + "label": "Sudo commands", + "type": "dashboardLink", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a", + "order": 1, + "destinationRefName": "link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard" + }, + { + "label": "SSH logins", + "type": "dashboardLink", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a", + "order": 2, + "destinationRefName": "link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard" + }, + { + "label": "New users and groups", + "type": "dashboardLink", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab", + "order": 3, + "destinationRefName": "link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard" + } + ] } }, "gridData": { @@ -70,7 +88,7 @@ }, "panelIndex": "4", "title": "Dashboards", - "type": "visualization" + "type": "links" }, { "embeddableConfig": { @@ -486,6 +504,26 @@ "id": "logs-*", "name": "f08ec141-4b46-4e87-9b1c-3bb1bb502d3e:kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern" + }, + { + "name": "4:link_system-Logs-syslog-dashboard_dashboard", + "type": "dashboard", + "id": "system-Logs-syslog-dashboard" + }, + { + "name": "4:link_system-277876d0-fa2c-11e6-bbd3-29c986c96e5a_dashboard", + "type": "dashboard", + "id": "system-277876d0-fa2c-11e6-bbd3-29c986c96e5a" + }, + { + "name": "4:link_system-5517a150-f9ce-11e6-8115-a7c18106d86a_dashboard", + "type": "dashboard", + "id": "system-5517a150-f9ce-11e6-8115-a7c18106d86a" + }, + { + "name": "4:link_system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab_dashboard", + "type": "dashboard", + "id": "system-0d3f2380-fa78-11e6-ae9b-81e5311e8cab" } ], "type": "dashboard", diff --git a/packages/system/kibana/dashboard/system-Metrics-system-overview.json b/packages/system/kibana/dashboard/system-Metrics-system-overview.json index ac600e8f329..7560895dd6e 100644 --- a/packages/system/kibana/dashboard/system-Metrics-system-overview.json +++ b/packages/system/kibana/dashboard/system-Metrics-system-overview.json @@ -106,7 +106,7 @@ "y": 0 }, "panelIndex": "471f7546-e704-4a38-a041-d8b11869d7cc", - "title": "System Navigation [Metrics System]", + "title": "System Navigation", "type": "visualization" }, { diff --git a/packages/system/kibana/dashboard/system-Windows-Dashboard.json b/packages/system/kibana/dashboard/system-Windows-Dashboard.json index 7a900127d04..67cf42c0943 100644 --- a/packages/system/kibana/dashboard/system-Windows-Dashboard.json +++ b/packages/system/kibana/dashboard/system-Windows-Dashboard.json @@ -115,7 +115,7 @@ "syncColors": false, "syncCursor": true, "syncTooltips": false, - "useMargins": true + "useMargins": false }, "panelsJSON": [ { @@ -230,8 +230,50 @@ "title": "Number of Events [Windows Overview]" }, { - "version": "8.9.0", - "type": "visualization", + "embeddableConfig": { + "enhancements": {}, + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Windows Overview", + "type": "dashboardLink", + "id": "system-Windows-Dashboard", + "order": 0, + "destinationRefName": "link_system-Windows-Dashboard_dashboard" + }, + { + "label": "User Logon Information", + "type": "dashboardLink", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891", + "order": 1, + "destinationRefName": "link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard" + }, + { + "label": "Logon Failed and Account Lockout", + "type": "dashboardLink", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da", + "order": 2, + "destinationRefName": "link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard" + }, + { + "label": "User Management Events", + "type": "dashboardLink", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268", + "order": 3, + "destinationRefName": "link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard" + }, + { + "label": "Group Management Events", + "type": "dashboardLink", + "id": "system-bb858830-f412-11e9-8405-516218e3d268", + "order": 4, + "destinationRefName": "link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard" + } + ] + } + }, "gridData": { "h": 5, "i": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b", @@ -240,32 +282,8 @@ "y": 0 }, "panelIndex": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "**Windows Overview** | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)", - "openLinksInNewTab": false - }, - "title": "Dashboard links [Windows System Security]", - "type": "markdown", - "uiState": {} - }, - "type": "visualization" - }, - "title": "" + "title": "", + "type": "links" }, { "version": "8.9.0", @@ -821,6 +839,31 @@ "id": "logs-*", "name": "8f939618-5923-43d4-9b23-57f7d21b4908:indexpattern-datasource-layer-948e4465-d614-4c5c-845c-e2cc11f14b14", "type": "index-pattern" + }, + { + "name": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b:link_system-Windows-Dashboard_dashboard", + "type": "dashboard", + "id": "system-Windows-Dashboard" + }, + { + "name": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b:link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard", + "type": "dashboard", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891" + }, + { + "name": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b:link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard", + "type": "dashboard", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da" + }, + { + "name": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b:link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268" + }, + { + "name": "dadfa90b-35df-4cdb-8b7f-80b75ef8cb9b:link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-bb858830-f412-11e9-8405-516218e3d268" } ], "managed": false, diff --git a/packages/system/kibana/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891.json b/packages/system/kibana/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891.json index be38346065b..aa8df27f89a 100644 --- a/packages/system/kibana/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891.json +++ b/packages/system/kibana/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891.json @@ -544,26 +544,46 @@ { "embeddableConfig": { "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Windows Overview", + "type": "dashboardLink", + "id": "system-Windows-Dashboard", + "order": 0, + "destinationRefName": "link_system-Windows-Dashboard_dashboard" + }, + { + "label": "User Logon Information", + "type": "dashboardLink", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891", + "order": 1, + "destinationRefName": "link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard" + }, + { + "label": "Logon Failed and Account Lockout", + "type": "dashboardLink", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da", + "order": 2, + "destinationRefName": "link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard" + }, + { + "label": "User Management Events", + "type": "dashboardLink", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268", + "order": 3, + "destinationRefName": "link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard" + }, + { + "label": "Group Management Events", + "type": "dashboardLink", + "id": "system-bb858830-f412-11e9-8405-516218e3d268", + "order": 4, + "destinationRefName": "link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard" } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Windows Overview](#/dashboard/system-Windows-Dashboard) | **User Logon Information** | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)", - "openLinksInNewTab": false - }, - "title": "Dashboard links [Windows System Security]", - "type": "markdown", - "uiState": {} + ] } }, "gridData": { @@ -575,7 +595,7 @@ }, "panelIndex": "34fc9633-8a7c-444d-8d19-06095b55fb43", "title": "", - "type": "visualization" + "type": "links" }, { "embeddableConfig": { @@ -1646,6 +1666,31 @@ "id": "logs-*", "name": "28115147-8399-4fcd-95ce-ed0a4f4239e3:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern" + }, + { + "name": "34fc9633-8a7c-444d-8d19-06095b55fb43:link_system-Windows-Dashboard_dashboard", + "type": "dashboard", + "id": "system-Windows-Dashboard" + }, + { + "name": "34fc9633-8a7c-444d-8d19-06095b55fb43:link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard", + "type": "dashboard", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891" + }, + { + "name": "34fc9633-8a7c-444d-8d19-06095b55fb43:link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard", + "type": "dashboard", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da" + }, + { + "name": "34fc9633-8a7c-444d-8d19-06095b55fb43:link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268" + }, + { + "name": "34fc9633-8a7c-444d-8d19-06095b55fb43:link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-bb858830-f412-11e9-8405-516218e3d268" } ], "type": "dashboard", diff --git a/packages/system/kibana/dashboard/system-bb858830-f412-11e9-8405-516218e3d268.json b/packages/system/kibana/dashboard/system-bb858830-f412-11e9-8405-516218e3d268.json index ecd7c6cbf00..5d0368477f3 100644 --- a/packages/system/kibana/dashboard/system-bb858830-f412-11e9-8405-516218e3d268.json +++ b/packages/system/kibana/dashboard/system-bb858830-f412-11e9-8405-516218e3d268.json @@ -1942,26 +1942,46 @@ { "embeddableConfig": { "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Windows Overview", + "type": "dashboardLink", + "id": "system-Windows-Dashboard", + "order": 0, + "destinationRefName": "link_system-Windows-Dashboard_dashboard" + }, + { + "label": "User Logon Information", + "type": "dashboardLink", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891", + "order": 1, + "destinationRefName": "link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard" + }, + { + "label": "Logon Failed and Account Lockout", + "type": "dashboardLink", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da", + "order": 2, + "destinationRefName": "link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard" + }, + { + "label": "User Management Events", + "type": "dashboardLink", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268", + "order": 3, + "destinationRefName": "link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard" + }, + { + "label": "Group Management Events", + "type": "dashboardLink", + "id": "system-bb858830-f412-11e9-8405-516218e3d268", + "order": 4, + "destinationRefName": "link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard" } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | [Logon Failed and Account Lockout](#/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da) | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | **Group Management Events**", - "openLinksInNewTab": false - }, - "title": "Dashboard links [Windows System Security]", - "type": "markdown", - "uiState": {} + ] } }, "gridData": { @@ -1973,7 +1993,7 @@ }, "panelIndex": "663e0493-2070-407b-9d00-079915cce7e7", "title": "", - "type": "visualization" + "type": "links" }, { "embeddableConfig": { @@ -4607,6 +4627,31 @@ "id": "logs-*", "name": "e0d495aa-f897-403f-815b-6116fae330b7:a678bf1a-5f5e-4c1a-9999-1952ba858f43", "type": "index-pattern" + }, + { + "name": "663e0493-2070-407b-9d00-079915cce7e7:link_system-Windows-Dashboard_dashboard", + "type": "dashboard", + "id": "system-Windows-Dashboard" + }, + { + "name": "663e0493-2070-407b-9d00-079915cce7e7:link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard", + "type": "dashboard", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891" + }, + { + "name": "663e0493-2070-407b-9d00-079915cce7e7:link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard", + "type": "dashboard", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da" + }, + { + "name": "663e0493-2070-407b-9d00-079915cce7e7:link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268" + }, + { + "name": "663e0493-2070-407b-9d00-079915cce7e7:link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-bb858830-f412-11e9-8405-516218e3d268" } ], "type": "dashboard", diff --git a/packages/system/kibana/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da.json b/packages/system/kibana/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da.json index 05a5d3a8e11..11aa39c1828 100644 --- a/packages/system/kibana/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da.json +++ b/packages/system/kibana/dashboard/system-d401ef40-a7d5-11e9-a422-d144027429da.json @@ -1351,26 +1351,46 @@ { "embeddableConfig": { "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } + "attributes": { + "title": "links", + "layout": "horizontal", + "links": [ + { + "label": "Windows Overview", + "type": "dashboardLink", + "id": "system-Windows-Dashboard", + "order": 0, + "destinationRefName": "link_system-Windows-Dashboard_dashboard" + }, + { + "label": "User Logon Information", + "type": "dashboardLink", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891", + "order": 1, + "destinationRefName": "link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard" + }, + { + "label": "Logon Failed and Account Lockout", + "type": "dashboardLink", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da", + "order": 2, + "destinationRefName": "link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard" + }, + { + "label": "User Management Events", + "type": "dashboardLink", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268", + "order": 3, + "destinationRefName": "link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard" + }, + { + "label": "Group Management Events", + "type": "dashboardLink", + "id": "system-bb858830-f412-11e9-8405-516218e3d268", + "order": 4, + "destinationRefName": "link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard" } - }, - "description": "", - "params": { - "fontSize": 12, - "markdown": "[Windows Overview](#/dashboard/system-Windows-Dashboard) | [User Logon Information](#/dashboard/system-bae11b00-9bfc-11ea-87e4-49f31ec44891) | **Logon Failed and Account Lockout** | [User Management Events](#/dashboard/system-71f720f0-ff18-11e9-8405-516218e3d268) | [Group Management Events](#/dashboard/system-bb858830-f412-11e9-8405-516218e3d268)", - "openLinksInNewTab": false - }, - "title": "Dashboard links [Windows System Security]", - "type": "markdown", - "uiState": {} + ] } }, "gridData": { @@ -1382,7 +1402,7 @@ }, "panelIndex": "628de26f-7b7b-457c-b811-e06161e4e7b4", "title": "", - "type": "visualization" + "type": "links" }, { "embeddableConfig": { @@ -1919,6 +1939,31 @@ "id": "logs-*", "name": "116833ef-08fd-4c0e-9246-16544157d6ab:kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern" + }, + { + "name": "628de26f-7b7b-457c-b811-e06161e4e7b4:link_system-Windows-Dashboard_dashboard", + "type": "dashboard", + "id": "system-Windows-Dashboard" + }, + { + "name": "628de26f-7b7b-457c-b811-e06161e4e7b4:link_system-bae11b00-9bfc-11ea-87e4-49f31ec44891_dashboard", + "type": "dashboard", + "id": "system-bae11b00-9bfc-11ea-87e4-49f31ec44891" + }, + { + "name": "628de26f-7b7b-457c-b811-e06161e4e7b4:link_system-d401ef40-a7d5-11e9-a422-d144027429da_dashboard", + "type": "dashboard", + "id": "system-d401ef40-a7d5-11e9-a422-d144027429da" + }, + { + "name": "628de26f-7b7b-457c-b811-e06161e4e7b4:link_system-71f720f0-ff18-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-71f720f0-ff18-11e9-8405-516218e3d268" + }, + { + "name": "628de26f-7b7b-457c-b811-e06161e4e7b4:link_system-bb858830-f412-11e9-8405-516218e3d268_dashboard", + "type": "dashboard", + "id": "system-bb858830-f412-11e9-8405-516218e3d268" } ], "type": "dashboard", diff --git a/packages/system/manifest.yml b/packages/system/manifest.yml index 17a871733f6..11f936d09ba 100644 --- a/packages/system/manifest.yml +++ b/packages/system/manifest.yml @@ -1,7 +1,7 @@ format_version: 3.0.2 name: system title: System -version: "2.3.3" +version: "2.4.0" description: Collect system logs and metrics from your servers with Elastic Agent. type: integration categories: