Skip to content

[fortinet.forimanager] - Format {source,destination}.mac per ECS#3401

Merged
andrewkroh merged 1 commit intoelastic:mainfrom
andrewkroh:main
May 20, 2022
Merged

[fortinet.forimanager] - Format {source,destination}.mac per ECS#3401
andrewkroh merged 1 commit intoelastic:mainfrom
andrewkroh:main

Conversation

@andrewkroh
Copy link
Member

@andrewkroh andrewkroh commented May 20, 2022

What does this PR do?

Format the {source,destination}.mac field as per ECS (https://www.elastic.co/guide/en/ecs/current/ecs-observer.html#field-observer-mac).

The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

@andrewkroh andrewkroh added Team:Security-External Integrations Integration:Fortinet (Deprecated) Use one of the specific fortinet_X labels. [Integration not found in source] labels May 20, 2022
@andrewkroh andrewkroh merged commit 6277e6e into elastic:main May 20, 2022
This was referenced May 20, 2022
Merged
Closed
Merged
andrewkroh added a commit that referenced this pull request Jun 28, 2022
@andrewkroh
[security-external-integrations packages] Update to ECS 8.3 (#3353)
1bcd21c 
This updates the ECS version used in all non-deprecated packages owned by elastic/security-external-integrations.

These packages required fixes in order to comply with the `pattern` added to ECS to validate MAC addresses.

- cef - #3566
- crowdstrike - #3302
- cylance.protect - #3368
- fortinet.fortimanager - #3401
- iptables.log - #3358
- microsoft_dhcp - #3300
- pfsense - #3303
- snort - #3301
- sonicwall.firewall - #3360
- sophos.utm - #3370

NOTE: The following packages were not updated for 8.2.0. I didn't catch anything in 8.1 or 8.2 that needed changed.

 - auth0 - 1.12.0
 - carbon_black_cloud - 8.0.0
 - cisco_ise - 8.0.0
 - cisco_meraki - 8.0.0
 - hid_bravura_monitor - 1.12.0
 - modsecurity - 1.12.0
 - mysql_enterprise - 8.0.0
 - netskope - 8.0.0
 - oracle - 8.0.0
 - symantec_endpoint - 1.12.0
 - ti_recordedfuture - 8.0

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@6efa1ecb3871 \
  --ecs-version=8.3.0 \
  -ecs-git-ref=v8.3.0 \
  --pr=3353 \
  --owner=elastic/security-external-integrations \
  packages/*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Integration:Fortinet (Deprecated) Use one of the specific fortinet_X labels. [Integration not found in source]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrewkroh