Skip to content

Commit 02315d9

Browse files
adriansradriansr
authored
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)
This visualization was expecting an uppercase EXECVE value in event.action while the ingest pipeline was lowercasing this value.
1 parent 89e415d commit 02315d9

2 files changed

Lines changed: 2 additions & 1 deletion

File tree

CHANGELOG.next.asciidoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
303303
- Fixes the Snyk module to work with the new API changes. {pull}27358[27358]
304304
- Fixes a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
305305
- Update indentation for azure filebeat configuration. {pull}26604[26604]
306+
- Auditd: Fix Top Exec Commands dashboard visualization. {pull}27638[27638]
306307

307308
*Heartbeat*
308309

filebeat/module/auditd/_meta/kibana/7/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
88
"query": {
99
"language": "kuery",
10-
"query": "event.action:EXECVE"
10+
"query": "event.action:execve"
1111
}
1212
}
1313
},

0 commit comments

Comments
 (0)