[cisco_ftd] Ensure observer zone fields are set#14748
Merged
taylor-swanson merged 2 commits intoelastic:mainfrom Jul 31, 2025
Merged
[cisco_ftd] Ensure observer zone fields are set#14748taylor-swanson merged 2 commits intoelastic:mainfrom
taylor-swanson merged 2 commits intoelastic:mainfrom
Conversation
- Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended
taylor-swanson
added
Integration:cisco_ftd
🚀 Benchmarks reportTo see the full report comment with |
💚 Build Succeeded
|
|
andrewkroh
added
the
Team:Security-Deployment and Devices
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
mjwolf
approved these changes
Jul 30, 2025
|
Package cisco_ftd - 3.9.1 containing this change is available at https://epr.elastic.co/package/cisco_ftd/3.9.1/ |
robester0403
pushed a commit
to robester0403/integrations
that referenced
this pull request
Jul 31, 2025
- Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended
robester0403
added a commit
that referenced
this pull request
Jul 31, 2025
* FIX: changed grok processor to be able to handle any number of spaces between 'server =' and ip address * FIX: Added change log pr link * FIX: Added change log pr link * [Azure AI Foundry] Rename billing dashboard (#14615) * rename billing dashboard * [Jamf Protect 3.1.0] New pipelines added and enhancements (#14750) * Added support for the following new and upcoming events * network_connect * tcc_modify * pty_grant * pty_close * Enhanced existing events (only added fields, no breaking changes) * mount * remount * unmount * [cisco_ftd] Ensure observer zone fields are set (#14748) - Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended --------- Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Co-authored-by: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
robester0403
added a commit
to robester0403/integrations
that referenced
this pull request
Aug 14, 2025
…14757) * FIX: changed grok processor to be able to handle any number of spaces between 'server =' and ip address * FIX: Added change log pr link * FIX: Added change log pr link * [Azure AI Foundry] Rename billing dashboard (elastic#14615) * rename billing dashboard * [Jamf Protect 3.1.0] New pipelines added and enhancements (elastic#14750) * Added support for the following new and upcoming events * network_connect * tcc_modify * pty_grant * pty_close * Enhanced existing events (only added fields, no breaking changes) * mount * remount * unmount * [cisco_ftd] Ensure observer zone fields are set (elastic#14748) - Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended --------- Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Co-authored-by: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed commit message
Checklist
changelog.ymlfile.- [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practicesHow to test this PR locally
Note: in order for network.direction to be set properly, the integration needs to be configured with
internal_zonesandexternal_zonesthat match zone names that are seen in the log.Related issues