diff --git a/packages/cisco_meraki/_dev/build/build.yml b/packages/cisco_meraki/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_meraki/_dev/build/build.yml +++ b/packages/cisco_meraki/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index 281d3fe73b4..ff227db9070 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3924 - version: "1.0.1" changes: - description: Fix client.geo.location mapping diff --git a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json index 16e63383aae..524a2d91ea0 100644 --- a/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json +++ b/packages/cisco_meraki/data_stream/events/_dev/test/pipeline/test-mx-events.json-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cellular came up", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Insight Alert", @@ -133,7 +133,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Failover event detected", diff --git a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml index b6c06fda46b..ace8dc48cbc 100644 --- a/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/events/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Cisco Meraki events processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: observer.serial_number copy_from: json.deviceSerial diff --git a/packages/cisco_meraki/data_stream/events/sample_event.json b/packages/cisco_meraki/data_stream/events/sample_event.json index 638dba4eb6e..83633463a4d 100644 --- a/packages/cisco_meraki/data_stream/events/sample_event.json +++ b/packages/cisco_meraki/data_stream/events/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2018-02-11T00:00:00.123Z", "agent": { - "ephemeral_id": "4dfea986-5bfd-4b6a-a1b0-00b3043870bd", - "hostname": "docker-fleet-agent", - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "ephemeral_id": "4e898a47-a469-4602-9ba2-0a46f55a3998", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.3.2" }, "cisco_meraki": { "event": { @@ -38,12 +37,12 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "snapshot": false, - "version": "7.17.0" + "version": "8.3.2" }, "event": { "action": "Cellular came up", @@ -52,7 +51,7 @@ "network" ], "dataset": "cisco_meraki.events", - "ingested": "2022-04-26T04:00:40Z", + "ingested": "2022-08-08T18:48:35Z", "original": "{\"alertData\":{\"connection\":\"LTE\",\"local\":\"192.168.1.2\",\"model\":\"UML290VW\",\"provider\":\"Purview Wireless\",\"remote\":\"1.2.3.5\"},\"alertId\":\"0000000000000000\",\"alertLevel\":\"informational\",\"alertType\":\"Cellular came up\",\"alertTypeId\":\"cellular_up\",\"deviceMac\":\"00:11:22:33:44:55\",\"deviceModel\":\"MX\",\"deviceName\":\"My appliance\",\"deviceSerial\":\"Q234-ABCD-5678\",\"deviceTags\":[\"tag1\",\"tag2\"],\"deviceUrl\":\"https://n1.meraki.com//n//manage/nodes/new_list/000000000000\",\"networkId\":\"N_24329156\",\"networkName\":\"Main Office\",\"networkTags\":[],\"networkUrl\":\"https://n1.meraki.com//n//manage/nodes/list\",\"occurredAt\":\"2018-02-11T00:00:00.123450Z\",\"organizationId\":\"2930418\",\"organizationName\":\"My organization\",\"organizationUrl\":\"https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview\",\"sentAt\":\"2021-10-07T08:42:00.926325Z\",\"sharedSecret\":\"secret\",\"version\":\"0.1\"}", "type": [ "info", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json index 7ef4f81be55..896bb0e34ce 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-airmarshal-events.log-expected.json @@ -14,7 +14,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -59,7 +59,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -104,7 +104,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -150,7 +150,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -192,7 +192,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -237,7 +237,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -283,7 +283,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -328,7 +328,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -373,7 +373,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -419,7 +419,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -461,7 +461,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -506,7 +506,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -551,7 +551,7 @@ "mac": "6A-3A-3E-85-D9-F6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -597,7 +597,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -642,7 +642,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -687,7 +687,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -732,7 +732,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -777,7 +777,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -822,7 +822,7 @@ "mac": "78-55-CD-18-8F-76" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -869,7 +869,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -911,7 +911,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -956,7 +956,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1002,7 +1002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1048,7 +1048,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1094,7 +1094,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1139,7 +1139,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1185,7 +1185,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1230,7 +1230,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1276,7 +1276,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1322,7 +1322,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1364,7 +1364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1409,7 +1409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1454,7 +1454,7 @@ "mac": "0E-8D-FB-70-0F-A8" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1499,7 +1499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1545,7 +1545,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1591,7 +1591,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -1633,7 +1633,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1678,7 +1678,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1723,7 +1723,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1768,7 +1768,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1813,7 +1813,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1858,7 +1858,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1903,7 +1903,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1949,7 +1949,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -1994,7 +1994,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2040,7 +2040,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2083,7 +2083,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2125,7 +2125,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2170,7 +2170,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2215,7 +2215,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2260,7 +2260,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2305,7 +2305,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2350,7 +2350,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2396,7 +2396,7 @@ "mac": "90-AC-3F-02-31-59" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2438,7 +2438,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2483,7 +2483,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2529,7 +2529,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2574,7 +2574,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2619,7 +2619,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2665,7 +2665,7 @@ "mac": "08-A7-C0-3B-5A-95" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -2707,7 +2707,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2753,7 +2753,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2799,7 +2799,7 @@ "mac": "AE-17-E8-C7-E2-9D" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2845,7 +2845,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2890,7 +2890,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2935,7 +2935,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -2980,7 +2980,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3026,7 +3026,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3071,7 +3071,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3116,7 +3116,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3162,7 +3162,7 @@ "mac": "6E-DA-36-A2-39-71" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3204,7 +3204,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3249,7 +3249,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3294,7 +3294,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3340,7 +3340,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3386,7 +3386,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3433,7 +3433,7 @@ "mac": "78-28-CA-AA-6A-4A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -3475,7 +3475,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3520,7 +3520,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3565,7 +3565,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3610,7 +3610,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3655,7 +3655,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3700,7 +3700,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3745,7 +3745,7 @@ "mac": "5C-AA-FD-5D-76-0E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3791,7 +3791,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3836,7 +3836,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3881,7 +3881,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3927,7 +3927,7 @@ "mac": "E2-CB-9C-B5-DA-7A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -3973,7 +3973,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4019,7 +4019,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4065,7 +4065,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4110,7 +4110,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4155,7 +4155,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4200,7 +4200,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4246,7 +4246,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4288,7 +4288,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4333,7 +4333,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4379,7 +4379,7 @@ "mac": "78-28-CA-AA-6A-0A" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4421,7 +4421,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4466,7 +4466,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4512,7 +4512,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4558,7 +4558,7 @@ "mac": "EE-CE-D5-6A-B6-22" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4600,7 +4600,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4645,7 +4645,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4690,7 +4690,7 @@ "mac": "6A-3A-3E-85-D7-D4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4737,7 +4737,7 @@ "mac": "AE-17-E8-C7-E1-41" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4779,7 +4779,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4825,7 +4825,7 @@ "mac": "78-28-CA-AA-69-96" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -4867,7 +4867,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4912,7 +4912,7 @@ "mac": "E2-CB-9C-B5-D7-80" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -4957,7 +4957,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5002,7 +5002,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5047,7 +5047,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5092,7 +5092,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5137,7 +5137,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5182,7 +5182,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5228,7 +5228,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5273,7 +5273,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5319,7 +5319,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5364,7 +5364,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5409,7 +5409,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5454,7 +5454,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5499,7 +5499,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5544,7 +5544,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5589,7 +5589,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5634,7 +5634,7 @@ "mac": "E2-CB-9C-B5-C5-68" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5679,7 +5679,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5724,7 +5724,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5770,7 +5770,7 @@ "mac": "34-8F-27-25-CC-48" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ssid-spoofing-detected", @@ -5812,7 +5812,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5857,7 +5857,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5902,7 +5902,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5947,7 +5947,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -5992,7 +5992,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6037,7 +6037,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6082,7 +6082,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6128,7 +6128,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6173,7 +6173,7 @@ "mac": "E2-CB-9C-B5-DD-BE" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6218,7 +6218,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6263,7 +6263,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6308,7 +6308,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6353,7 +6353,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6399,7 +6399,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6444,7 +6444,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6489,7 +6489,7 @@ "mac": "6A-3A-3E-85-CA-4E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6534,7 +6534,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6579,7 +6579,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6624,7 +6624,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6669,7 +6669,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6714,7 +6714,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6759,7 +6759,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6804,7 +6804,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6850,7 +6850,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6896,7 +6896,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6942,7 +6942,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -6988,7 +6988,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7033,7 +7033,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7078,7 +7078,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7123,7 +7123,7 @@ "mac": "AE-17-E8-C7-D8-51" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7168,7 +7168,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7213,7 +7213,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7258,7 +7258,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7304,7 +7304,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7350,7 +7350,7 @@ "mac": "E2-CB-9C-B5-D4-1E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7395,7 +7395,7 @@ "mac": "AE-17-E8-C7-DF-FD" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7440,7 +7440,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7485,7 +7485,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7530,7 +7530,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7576,7 +7576,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7622,7 +7622,7 @@ "mac": "38-BA-F8-CC-82-2E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7668,7 +7668,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7714,7 +7714,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7759,7 +7759,7 @@ "mac": "E2-CB-9C-B5-D8-54" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7805,7 +7805,7 @@ "mac": "FF-FF-FF-FF-FF-FF" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", @@ -7850,7 +7850,7 @@ "mac": "E2-CB-9C-B5-DC-6E" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-ssid-detected", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json index 0a3670a8bf4..a964908efe3 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json @@ -12,7 +12,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dynamic-frequency-selection-detected", @@ -53,7 +53,7 @@ "mac": "E5:A4:98:71:9A:FE" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-wpa-failed-auth-or-deauth", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-wpa-authentication", @@ -151,7 +151,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-disassociation-request", @@ -195,7 +195,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-association-request", @@ -232,7 +232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "site-to-site-vpn", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "site-to-site-vpn", @@ -310,7 +310,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "vpn-connectivity-change", @@ -348,7 +348,7 @@ "mac": "E0-CB-BC-02-4F-80" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-offer", @@ -386,7 +386,7 @@ "mac": "A4-83-E7-02-A2-F1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-no-offer", @@ -433,7 +433,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "site-to-site-vpn", @@ -497,7 +497,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-disassociation-request", @@ -539,7 +539,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "association-rejected-for-load-balancing", @@ -581,7 +581,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-association-request", @@ -623,7 +623,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-wpa-authentication", @@ -664,7 +664,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -715,7 +715,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -770,7 +770,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-association-request", @@ -813,7 +813,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-8021x-auth", @@ -856,7 +856,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "8021x_auth", @@ -916,7 +916,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-disassociation-request", @@ -979,7 +979,7 @@ "event_type": "events" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-disassociation-request", @@ -1021,7 +1021,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "wifi-wpa-authentication", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json index 9a40fabc8fa..ec8c3cc6bf1 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-flows.log-expected.json @@ -14,7 +14,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "layer3-firewall-allowed-flow", @@ -70,7 +70,7 @@ "port": 44210 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ip-session-initiated", @@ -128,7 +128,7 @@ "port": 15500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "layer3-firewall-allowed-flow", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json index be696616608..4516eeeaf54 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-ip-flow.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -76,7 +76,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -130,7 +130,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -190,7 +190,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -307,7 +307,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -376,7 +376,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -424,7 +424,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json index e64aa3186bd..da9f957aef7 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-security-events.log-expected.json @@ -17,7 +17,7 @@ "port": 56391 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ids-signature-matched", @@ -68,6 +68,7 @@ { "@timestamp": "2021-11-23T18:14:58.984Z", "cisco_meraki": { + "disposition": "malicious", "event_subtype": "security_filtering_file_scanned", "event_type": "security_event", "security": { @@ -92,7 +93,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malicious-file-actioned", @@ -128,15 +129,13 @@ "name": "EICAR:EICAR_Test_file_not_a_virus-tpd" }, "reference": "http://www.eicar.org/download/eicar.com.txt" - }, - "software": { - "type": "malicious" } } }, { "@timestamp": "2021-11-24T19:50:35.239Z", "cisco_meraki": { + "disposition": "malicious", "event_subtype": "security_filtering_disposition_change", "event_type": "security_event", "security": { @@ -144,7 +143,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "issued-retrospective-malicious-disposition", @@ -175,9 +174,6 @@ }, "name": "EICAR:EICAR_Test_file_not_a_virus-tpd" } - }, - "software": { - "type": "malicious" } } }, @@ -192,7 +188,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ids-signature-matched", @@ -250,7 +246,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ids-signature-matched", diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json index c58e7e35f5d..524083d5d99 100644 --- a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json +++ b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-urls.log-expected.json @@ -32,7 +32,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "http-access-error", @@ -98,7 +98,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "http-access", diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml index efe77c8f7f3..bcb383879e4 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Meraki syslog processors: - set: field: ecs.version - value: 8.3.0 + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/security.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/security.yml index 38cd9373523..6ddd6e2f373 100644 --- a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/security.yml +++ b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/security.yml @@ -93,8 +93,8 @@ processors: if: ctx?.cisco_meraki?.event_subtype == 'security_filtering_file_scanned' || ctx?.cisco_meraki?.event_subtype == 'security_filtering_disposition_change' - rename: field: disposition - target_field: threat.software.type - if: ctx?.cisco_meraki?.event_subtype == 'security_filtering_file_scanned' || ctx?.cisco_meraki?.event_subtype == 'security_filtering_disposition_change' + target_field: cisco_meraki.disposition + ignore_missing: true - rename: field: action target_field: cisco_meraki.security.action diff --git a/packages/cisco_meraki/data_stream/log/fields/ecs.yml b/packages/cisco_meraki/data_stream/log/fields/ecs.yml index 4fb5c24a0d6..668ec366d90 100644 --- a/packages/cisco_meraki/data_stream/log/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/log/fields/ecs.yml @@ -268,8 +268,6 @@ name: source.geo.region_name - external: ecs name: network.vlan.id -- external: ecs - name: threat.software.type - external: ecs name: threat.indicator.last_seen - external: ecs diff --git a/packages/cisco_meraki/data_stream/log/fields/fields.yml b/packages/cisco_meraki/data_stream/log/fields/fields.yml index 373013e01f4..10a68230e98 100644 --- a/packages/cisco_meraki/data_stream/log/fields/fields.yml +++ b/packages/cisco_meraki/data_stream/log/fields/fields.yml @@ -1,6 +1,8 @@ - name: cisco_meraki type: group fields: + - name: disposition + type: keyword - name: event_type type: keyword - name: event_subtype diff --git a/packages/cisco_meraki/data_stream/log/sample_event.json b/packages/cisco_meraki/data_stream/log/sample_event.json index 35a53441ee7..930a22a9e84 100644 --- a/packages/cisco_meraki/data_stream/log/sample_event.json +++ b/packages/cisco_meraki/data_stream/log/sample_event.json @@ -1,12 +1,11 @@ { "@timestamp": "2021-11-23T18:13:18.348Z", "agent": { - "ephemeral_id": "b81987d6-cf2e-4101-af0b-0415b1576f88", - "hostname": "docker-fleet-agent", - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "ephemeral_id": "d0614353-dd50-4b65-b142-df54b2a69013", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.3.2" }, "cisco_meraki": { "event_subtype": "ids_alerted", @@ -28,12 +27,12 @@ "port": 56391 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "snapshot": false, - "version": "7.17.0" + "version": "8.3.2" }, "event": { "action": "ids-signature-matched", @@ -43,7 +42,7 @@ "threat" ], "dataset": "cisco_meraki.log", - "ingested": "2022-04-26T04:02:28Z", + "ingested": "2022-08-08T18:50:52Z", "original": "\u003c134\u003e1 1637691198.348361125 MX84 security_event ids_alerted signature=1:29708:4 priority=1 timestamp=1637691198.330873 dhost=D0:AB:D5:7B:43:73 direction=ingress protocol=tcp/ip src=67.43.156.12:80 dst=10.0.3.162:56391 decision=allowed message: BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected", "type": [ "info", @@ -55,7 +54,7 @@ }, "log": { "source": { - "address": "192.168.208.4:40317" + "address": "172.18.0.5:44064" } }, "network": { diff --git a/packages/cisco_meraki/docs/README.md b/packages/cisco_meraki/docs/README.md index b303aa9d0b3..c1cf9721661 100644 --- a/packages/cisco_meraki/docs/README.md +++ b/packages/cisco_meraki/docs/README.md @@ -69,6 +69,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | cisco_meraki.device_packet_flood | | flattened | | cisco_meraki.dfs_event | | flattened | | cisco_meraki.disassociation | | flattened | +| cisco_meraki.disposition | | keyword | | cisco_meraki.event_subtype | | keyword | | cisco_meraki.event_type | | keyword | | cisco_meraki.fc_subtype | | keyword | @@ -176,7 +177,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | | host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | | host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | | host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | | host.os.build | OS build information. | keyword | | host.os.codename | OS codename, if any. | keyword | @@ -200,7 +201,7 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.name | Name given by operators to sections of their network. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | @@ -262,7 +263,6 @@ The `cisco_meraki.log` dataset provides events from the configured syslog server | threat.indicator.file.name | Name of the file including the extension, without the directory. | keyword | | threat.indicator.last_seen | The date and time when intelligence source last reported sighting this indicator. | date | | threat.indicator.reference | Reference URL linking to additional information about this indicator. | keyword | -| threat.software.type | The type of software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®. Recommended values \* Malware \* Tool While not required, you can use a MITRE ATT&CK® software type. | keyword | | url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | wildcard | | url.original.text | Multi-field of `url.original`. | match_only_text | @@ -286,12 +286,11 @@ An example event for `log` looks as following: { "@timestamp": "2021-11-23T18:13:18.348Z", "agent": { - "ephemeral_id": "b81987d6-cf2e-4101-af0b-0415b1576f88", - "hostname": "docker-fleet-agent", - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "ephemeral_id": "d0614353-dd50-4b65-b142-df54b2a69013", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.3.2" }, "cisco_meraki": { "event_subtype": "ids_alerted", @@ -313,12 +312,12 @@ An example event for `log` looks as following: "port": 56391 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "snapshot": false, - "version": "7.17.0" + "version": "8.3.2" }, "event": { "action": "ids-signature-matched", @@ -328,7 +327,7 @@ An example event for `log` looks as following: "threat" ], "dataset": "cisco_meraki.log", - "ingested": "2022-04-26T04:02:28Z", + "ingested": "2022-08-08T18:50:52Z", "original": "\u003c134\u003e1 1637691198.348361125 MX84 security_event ids_alerted signature=1:29708:4 priority=1 timestamp=1637691198.330873 dhost=D0:AB:D5:7B:43:73 direction=ingress protocol=tcp/ip src=67.43.156.12:80 dst=10.0.3.162:56391 decision=allowed message: BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected", "type": [ "info", @@ -340,7 +339,7 @@ An example event for `log` looks as following: }, "log": { "source": { - "address": "192.168.208.4:40317" + "address": "172.18.0.5:44064" } }, "network": { @@ -522,7 +521,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.name | Name given by operators to sections of their network. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | @@ -588,7 +587,7 @@ An example event for `log` looks as following: | threat.indicator.file.name | Name of the file including the extension, without the directory. | keyword | | threat.indicator.last_seen | The date and time when intelligence source last reported sighting this indicator. | date | | threat.indicator.reference | Reference URL linking to additional information about this indicator. | keyword | -| threat.software.type | The type of software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®. Recommended values \* Malware \* Tool While not required, you can use a MITRE ATT&CK® software type. | keyword | +| threat.software.type | The type of software used by this threat to conduct behavior commonly modeled using MITRE ATT&CK®. While not required, you can use a MITRE ATT&CK® software type. | keyword | | url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | wildcard | | url.original.text | Multi-field of `url.original`. | match_only_text | @@ -612,12 +611,11 @@ An example event for `events` looks as following: { "@timestamp": "2018-02-11T00:00:00.123Z", "agent": { - "ephemeral_id": "4dfea986-5bfd-4b6a-a1b0-00b3043870bd", - "hostname": "docker-fleet-agent", - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "ephemeral_id": "4e898a47-a469-4602-9ba2-0a46f55a3998", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "name": "docker-fleet-agent", "type": "filebeat", - "version": "7.17.0" + "version": "8.3.2" }, "cisco_meraki": { "event": { @@ -649,12 +647,12 @@ An example event for `events` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "9e1c0aac-8d48-4c33-a9f5-98e770f2028e", + "id": "e999e428-e6a9-4c63-bd05-0eda93c920b3", "snapshot": false, - "version": "7.17.0" + "version": "8.3.2" }, "event": { "action": "Cellular came up", @@ -663,7 +661,7 @@ An example event for `events` looks as following: "network" ], "dataset": "cisco_meraki.events", - "ingested": "2022-04-26T04:00:40Z", + "ingested": "2022-08-08T18:48:35Z", "original": "{\"alertData\":{\"connection\":\"LTE\",\"local\":\"192.168.1.2\",\"model\":\"UML290VW\",\"provider\":\"Purview Wireless\",\"remote\":\"1.2.3.5\"},\"alertId\":\"0000000000000000\",\"alertLevel\":\"informational\",\"alertType\":\"Cellular came up\",\"alertTypeId\":\"cellular_up\",\"deviceMac\":\"00:11:22:33:44:55\",\"deviceModel\":\"MX\",\"deviceName\":\"My appliance\",\"deviceSerial\":\"Q234-ABCD-5678\",\"deviceTags\":[\"tag1\",\"tag2\"],\"deviceUrl\":\"https://n1.meraki.com//n//manage/nodes/new_list/000000000000\",\"networkId\":\"N_24329156\",\"networkName\":\"Main Office\",\"networkTags\":[],\"networkUrl\":\"https://n1.meraki.com//n//manage/nodes/list\",\"occurredAt\":\"2018-02-11T00:00:00.123450Z\",\"organizationId\":\"2930418\",\"organizationName\":\"My organization\",\"organizationUrl\":\"https://dashboard.meraki.com/o/VjjsAd/manage/organization/overview\",\"sentAt\":\"2021-10-07T08:42:00.926325Z\",\"sharedSecret\":\"secret\",\"version\":\"0.1\"}", "type": [ "info", diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 647defb24ac..2a177bc02a5 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki -version: 1.0.1 +version: 1.1.0 license: basic description: Collect logs from Cisco Meraki with Elastic Agent. type: integration