Skip to content

[ML] Edits to fields used in auditbeat module configurations#25866

Merged
peteharverson merged 1 commit intoelastic:masterfrom
peteharverson:ml-auditbeat-module-fields
Nov 19, 2018
Merged

[ML] Edits to fields used in auditbeat module configurations#25866
peteharverson merged 1 commit intoelastic:masterfrom
peteharverson:ml-auditbeat-module-fields

Conversation

@peteharverson
Copy link
Copy Markdown
Contributor

@peteharverson peteharverson commented Nov 19, 2018

Summary

Minor edits to the configuration files used in the auditbeat process data recognizer modules following discussion with @tsg:

  • Query used to match against Kibana index patterns replaces test for existence of auditd field with auditd.summary (check against auditd would result in false positives against auditd filebeat module.
  • hosts module jobs and 'Event volume' visualization use beat.name in place of beat.hostname (use of beat.name preferred over beat.hostname in 6.x since beat.name defaults to the hostname but can be changed by the user).

Checklist

N/A

@peteharverson peteharverson added review non-issue Indicates to automation that a pull request should not appear in the release notes v7.0.0 :ml Feature:Anomaly Detection ML anomaly detection v6.6.0 labels Nov 19, 2018
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 19, 2018

Pinging @elastic/ml-ui

@tsg
Copy link
Copy Markdown
Contributor

tsg commented Nov 19, 2018

Pinging @elastic/secops for visibility.

alvarezmelissa87
alvarezmelissa87 approved these changes Nov 19, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@alvarezmelissa87 alvarezmelissa87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM ⚡️

@webmat
Copy link
Copy Markdown

webmat commented Nov 19, 2018

Note that beat.hostname is being renamed to agent.hostname for 7.0, in the move to ECS schema.

See elastic/beats#8873 (and elastic/beats#8655 for more upcoming changes)

walterra
walterra approved these changes Nov 19, 2018
View reviewed changes
Copy link
Copy Markdown
Contributor

@walterra walterra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 💯

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Nov 19, 2018

💚 Build Succeeded

@peteharverson peteharverson merged commit cc07aa2 into elastic:master Nov 19, 2018
@peteharverson peteharverson deleted the ml-auditbeat-module-fields branch November 19, 2018 16:22
@peteharverson peteharverson mentioned this pull request Nov 19, 2018
Merged
peteharverson added a commit to peteharverson/kibana that referenced this pull request Nov 19, 2018
@peteharverson
[ML] Edits to fields used in auditbeat module configurations (elastic…
f25cd12 
…#25866)
peteharverson added a commit that referenced this pull request Nov 20, 2018
@peteharverson
[ML] Edits to fields used in auditbeat module configurations (#25866) (
0643155 
…#25871)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@walterra walterra walterra approved these changes

@alvarezmelissa87 alvarezmelissa87 alvarezmelissa87 approved these changes

@jgowdyelastic jgowdyelastic Awaiting requested review from jgowdyelastic

Assignees

No one assigned

Labels

Feature:Anomaly Detection ML anomaly detection :ml non-issue Indicates to automation that a pull request should not appear in the release notes review v6.6.0 v7.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@peteharverson @elasticmachine @tsg @webmat @walterra @alvarezmelissa87