[Filebeat][Fortinet Module] Can we include hardware id in observer.serial_number in fortimail fileset, just in like firewall fileset?

[kunisen]

Describe the enhancement:
Describe a specific use case for the enhancement or feature:

We use firewall fileset of Filebeat Fortinet module.
We found that, unlike the firewall fileset in the fortinet module, the device ID was not set to observer.serial_number.
Therefore we need to set it manually like this in pipeline.yml.

​ - rename:
field: rsa.misc.hardware_id
target_field: observer.serial_number
ignore_missing: true

Could we improve this in the future version please?

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[legoguy1000]

@jamiehynds There are 26 modules that use the rsa2elk conversions and the fortinet module is the only one to have sample data that actually has content for the rsa.misc.hardware_id field. I can update just the fortinet module or I can do all 26 so its consistent between them. Just let me know.

[jamiehynds]

Hi @legoguy1000 - I'd recommend only updating the Fortinet module for now. Thanks for yet another contribution!