Skip to content

Cherry-pick #21446 to 7.x: [Filebeat][New Module] Add support for Microsoft MTP / 365 Defender#21555

Merged
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21446_7.x
Oct 6, 2020
Merged

Cherry-pick #21446 to 7.x: [Filebeat][New Module] Add support for Microsoft MTP / 365 Defender#21555
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21446_7.x

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented Oct 6, 2020
edited by zube bot
Loading

Cherry-pick of PR #21446 to 7.x branch. Original message:

What does this PR do?

This PR adds support for Microsoft 365 Defender (Microsoft Threat Protection), this builds upon the already existing module for Microsoft ATP (Microsoft Defender for Endpoint).

Why is it important?

Adds support for new products in beats.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

The list of fields related to MTP is documented here: https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-list-incidents?view=o365-worldwide

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 6, 2020

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 6, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 6, 2020
edited by jenkins-beats-ci bot
Loading

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21555 updated]

  • Start Time: 2020-10-06T14:20:56.586+0000

  • Duration: 84 min 52 sec

Test stats 🧪

Test Results
Failed 196
Passed 4218
Skipped 570
Total 4984

Test errors 196

Expand to view the tests failures

  • Name: Build&Test / filebeat-build / test_fileset_file_001_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.728
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 257, 'destination.address': '127.0.0.1', 'destination.port': 80, 'destination.ip': '127.0.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.path': '/', 'url.query': 'q=100', 'input.type': 'log', 'iis.access.sub_status': 0, 'iis.access.win32_status': 0, '@timestamp': '2018-01-01T08:09:10.000Z', 'related.ip': ['85.181.35.98', '127.0.0.1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.response.status_code': 200, 'event.duration': 123000000, 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0', 'user_agent.os.name': 'Windows', 'user_agent.os.version': '7', 'user_agent.os.full': 'Windows 7', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Other', 'user_agent.version': '57.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_004_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.077
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 286, 'destination.address': '127.0.0.1', 'destination.port': 80, 'destination.ip': '127.0.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.port': 2780, 'source.ip': '85.181.35.98', 'fileset.name': 'error', 'url.original': '/ThisIsMyUrl.htm', 'input.type': 'log', 'iis.error.reason_phrase': 'Hostname', '@timestamp': '2018-01-01T09:10:11.000Z', 'related.ip': ['85.181.35.98', '127.0.0.1'], 'service.type': 'iis', 'http.request.method': 'GET', 'http.response.status_code': 400, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_006_iis – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.961
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'destination.address': '192.168.101.101', 'destination.port': 443, 'destination.ip': '192.168.101.101', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.address': '149.42.83.135', 'source.port': 12345, 'source.ip': '149.42.83.135', 'fileset.name': 'error', 'url.original': '12.2.1', 'input.type': 'log', 'iis.error.reason_phrase': 'URL', '@timestamp': '2018-05-05T05:05:55.000Z', 'related.ip': ['149.42.83.135', '192.168.101.101'], 'service.type': 'iis', 'http.request.method': 't3', 'http.response.status_code': 400, 'http.version': '0.9', 'event.kind': 'event', 'event.module': 'iis', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'iis.error', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_029_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.311
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '85.181.35.98'], 'log.offset': 341, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_030_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.662
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['77.179.66.156'], 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-RP', 'source.geo.city_name': 'Germersheim', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Rheinland-Pfalz', 'source.geo.location.lon': 8.3639, 'source.geo.location.lat': 49.2231, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '77.179.66.156', 'source.ip': '77.179.66.156', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-10-25T12:49:33.000Z', 'related.ip': ['77.179.66.156'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 612, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12.0', 'user_agent.os.full': 'Mac OS X 10.12.0', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Mac', 'user_agent.version': '54.0.2840.59'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_031_nginx – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.277
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'nginx.access.remote_ip_list': ['10.0.0.2', '10.0.0.1', '85.181.35.98'], 'log.offset': 365, 'destination.domain': 'example.com', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ocelot', 'input.type': 'log', '@timestamp': '2016-12-07T10:05:07.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'nginx', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 571, 'http.version': '1.1', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'nginx', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'nginx.access', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.12', 'user_agent.os.full': 'Mac OS X 10.12', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '49.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_043_haproxy – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.139
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'haproxy', 'process.pid': 24551, 'log.offset': 0, 'destination.port': 5000, 'destination.ip': '1.2.3.4', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.port': 40780, 'source.ip': '1.2.3.4', 'fileset.name': 'log', 'input.type': 'log', 'related.ip': ['1.2.3.4', '1.2.3.4'], 'service.type': 'haproxy', 'haproxy.mode': 'HTTP', 'haproxy.frontend_name': 'main', 'haproxy.source': '1.2.3.4', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'haproxy', 'event.category': ['web', 'network'], 'event.type': ['connection'], 'event.dataset': 'haproxy.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_045_haproxy – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.905
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'haproxy', 'process.pid': 32450, 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.port': 38862, 'source.ip': '1.2.3.4', 'fileset.name': 'log', 'input.type': 'log', 'related.ip': ['1.2.3.4'], 'service.type': 'haproxy', 'haproxy.server_name': 'docs', 'haproxy.backend_queue': 0, 'haproxy.total_waiting_time_ms': 0, 'haproxy.termination_state': '----', 'haproxy.connection_wait_time_ms': 1, 'haproxy.backend_name': 'docs_microservice', 'haproxy.http.request.raw_request_line': 'GET /component---src-pages-index-js-4b15624544f97cf0bb8f.js HTTP/1.1', 'haproxy.http.request.captured_cookie': '-', 'haproxy.http.request.captured_headers': ['docs.example.internal'], 'haproxy.http.request.time_wait_ms': 0, 'haproxy.http.request.time_wait_without_data_ms': 0, 'haproxy.http.response.captured_cookie': '-', 'haproxy.http.response.captured_headers': [], 'haproxy.frontend_name': 'incoming~', 'haproxy.server_queue': 0, 'haproxy.bytes_read': 168, 'haproxy.connections.server': 0, 'haproxy.connections.retries': 0, 'haproxy.connections.active': 6, 'haproxy.connections.backend': 0, 'haproxy.connections.frontend': 6, 'http.response.status_code': 304, 'http.response.bytes': 168, 'event.duration': 2000000, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'haproxy', 'event.category': ['web'], 'event.dataset': 'haproxy.log', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_052_traefik – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 2.014
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 280, 'traefik.access.user_identifier': '-', 'traefik.access.frontend_name': 'Host-host1', 'traefik.access.backend_url': 'http://172.19.0.3:5601', 'traefik.access.request_count': 271, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-BE', 'source.geo.city_name': 'Berlin', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Land Berlin', 'source.geo.location.lon': 13.4531, 'source.geo.location.lat': 52.4473, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '85.181.35.98', 'source.ip': '85.181.35.98', 'fileset.name': 'access', 'url.original': '/ui/favicons/favicon.ico', 'input.type': 'log', '@timestamp': '2017-10-02T20:22:08.000Z', 'related.ip': ['85.181.35.98'], 'service.type': 'traefik', 'http.request.referrer': 'http://example.com/login', 'http.request.method': 'GET', 'http.response.status_code': 304, 'http.response.body.bytes': 0, 'http.version': '1.1', 'event.duration': 3000000, 'event.kind': 'event', 'event.module': 'traefik', 'event.category': ['web'], 'event.type': ['access'], 'event.dataset': 'traefik.access', 'event.outcome': 'success', 'user.name': '-', 'user_agent.original': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36', 'user_agent.os.name': 'Linux', 'user_agent.name': 'Chrome', 'user_agent.device.name': 'Other', 'user_agent.version': '61.0.3163.100'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_087_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.646
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 181, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'DE-RP', 'source.geo.city_name': 'Germersheim', 'source.geo.country_iso_code': 'DE', 'source.geo.country_name': 'Germany', 'source.geo.region_name': 'Rheinland-Pfalz', 'source.geo.location.lon': 8.3639, 'source.geo.location.lat': 49.2231, 'source.as.number': 6805, 'source.as.organization.name': 'Telefonica Germany', 'source.address': '77.179.66.156', 'source.ip': '77.179.66.156', 'fileset.name': 'access', 'url.original': '/', 'input.type': 'log', '@timestamp': '2016-12-26T16:23:35.000Z', 'service.type': 'apache', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 45, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access', 'event.outcome': 'success', 'user.name': '-'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_088_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.861
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 276, 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.address': '11.19.0.217', 'source.ip': '11.19.0.217', 'fileset.name': 'access', 'url.original': '/appl/ajaxhelper.php?cmd=getxicoreajax&opts=%7B%22func%22%3A%22get_pagetop_alert_content_html%22%2C%22args%22%3A%22%22%7D&nsp=c2700eab9797eda8a9f65a3ab17a6adbceccd60a6cca7708650a5923950d', 'input.type': 'log', 'apache.access.ssl.cipher': 'ECDHE-RSA-AES128-GCM-SHA256', 'apache.access.ssl.protocol': 'TLSv1.2', '@timestamp': '2019-10-16T09:53:47.000Z', 'service.type': 'apache', 'http.request.method': 'GET', 'http.version': '1.1', 'tls.cipher': 'ECDHE-RSA-AES128-GCM-SHA256', 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.dataset': 'apache.access'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_089_apache – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.652
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.pid': 35708, 'process.thread.id': 4328636416, 'log.offset': 229, 'log.level': 'error', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-GA', 'source.geo.city_name': 'Newnan', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Georgia', 'source.geo.location.lon': -84.8154, 'source.geo.location.lat': 33.3708, 'source.as.number': 11693, 'source.as.organization.name': 'WideOpenWest Finance LLC', 'source.address': '72.15.99.187', 'source.ip': '72.15.99.187', 'fileset.name': 'error', 'message': 'File does not exist: /usr/local/apache2/htdocs/favicon.ico', 'input.type': 'log', '@timestamp': '2011-09-09T10:42:29.902-02:00', 'apache.error.module': 'core', 'service.type': 'apache', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'apache', 'event.category': 'web', 'event.type': 'error', 'event.dataset': 'apache.error'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_106_system – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 1.902
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'sshd', 'process.pid': 5774, 'log.offset': 324, 'source.geo.continent_name': 'Asia', 'source.geo.region_iso_code': 'CN-GD', 'source.geo.country_iso_code': 'CN', 'source.geo.country_name': 'China', 'source.geo.region_name': 'Guangdong', 'source.geo.location.lon': 113.25, 'source.geo.location.lat': 23.1167, 'source.as.number': 134764, 'source.as.organization.name': 'CHINANET Guangdong province network', 'source.port': 29160, 'source.ip': '116.31.116.24', 'fileset.name': 'auth', 'input.type': 'log', 'system.auth.ssh.method': 'password', 'system.auth.ssh.event': 'Failed', 'related.hosts': ['slave22'], 'related.ip': ['116.31.116.24'], 'related.user': ['root'], 'service.type': 'system', 'host.hostname': 'slave22', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'system', 'event.action': 'ssh_login', 'event.type': ['authentication_failure', 'info'], 'event.category': ['authentication'], 'event.dataset': 'system.auth', 'event.outcome': 'failure', 'user.name': 'root'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / filebeat-build / test_fileset_file_107_system – filebeat.tests.system.test_modules.Test

    • Age: 1
    • Duration: 4.118
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'process.name': 'sshd', 'process.pid': 2738, 'log.offset': 0, 'source.geo.continent_name': 'Asia', 'source.geo.region_iso_code': 'CN-JX', 'source.geo.country_iso_code': 'CN', 'source.geo.country_name': 'China', 'source.geo.region_name': 'Jiangxi', 'source.geo.location.lon': 115.9333, 'source.geo.location.lat': 28.55, 'source.as.number': 4134, 'source.as.organization.name': 'No.31,Jin-rong Street', 'source.port': 1786, 'source.ip': '202.109.143.106', 'fileset.name': 'auth', 'input.type': 'log', 'system.auth.ssh.method': 'password', 'system.auth.ssh.event': 'Failed', 'related.hosts': ['slave22'], 'related.ip': ['202.109.143.106'], 'related.user': ['root'], 'service.type': 'system', 'host.hostname': 'slave22', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'system', 'event.action': 'ssh_login', 'event.type': ['authentication_failure', 'info'], 'event.category': ['authentication'], 'event.dataset': 'system.auth', 'event.outcome': 'failure', 'user.name': 'root'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_092_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.184
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_093_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.167
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_094_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.196
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_095_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_096_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.171
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_097_juniper – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.166
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_098_barracuda – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.167
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_099_barracuda – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.17
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_100_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.215
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_101_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.173
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_102_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.159
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_103_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.163
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_149_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.245
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_150_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.129
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_151_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_152_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.132
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_153_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.243
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_154_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.25
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_155_crowdstrike – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.224
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_156_crowdstrike – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.243
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_157_crowdstrike – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.255
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_158_checkpoint – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.233
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_159_checkpoint – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.224
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_160_tomcat – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.238
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_164_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.238
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_165_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.253
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_166_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.265
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_167_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.24
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_168_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.234
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_169_zoom – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.227
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_185_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.23
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_186_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.224
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_187_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.141
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_188_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.23
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_189_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.286
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_190_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.247
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_191_rabbitmq – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.134
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_200_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.232
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_201_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.227
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_202_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_203_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.224
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_204_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.225
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_205_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.229
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_206_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.258
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_207_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.184
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_208_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.249
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_209_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.227
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_210_f5 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_211_f5 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.229
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_212_snort – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.225
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_213_microsoft – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_214_microsoft – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.23
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_215_microsoft – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_216_imperva – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.231
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_217_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.136
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_218_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.288
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_219_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.256
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_220_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.136
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_221_suricata – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.232
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_222_suricata – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.226
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_223_suricata – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.244
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_224_cylance – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_225_symantec – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.224
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_231_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.228
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_232_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.226
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_233_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.231
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_234_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.171
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_235_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.281
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_236_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.248
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_237_misp – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.181
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_238_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.271
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_239_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.254
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_240_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.254
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_241_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.308
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_242_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.293
    • Error Details: beat.beat.TimeoutError: Timeout waiting for 'cond' to be true. Waited 10 seconds.

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_000_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 32.712
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'kubernetes.container.name': 'ambassador', 'kubernetes.node.name': 'minikube', 'kubernetes.pod.uid': 'e57d545e-2a9d-11e9-995f-08002730e0dc', 'kubernetes.pod.name': 'ambassador-76c58d9df4-jwhsg', 'kubernetes.namespace': 'default', 'kubernetes.labels.service': 'ambassador', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-VA', 'destination.geo.city_name': 'Ashburn', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Virginia', 'destination.geo.location.lon': -77.4728, 'destination.geo.location.lat': 39.0481, 'destination.as.number': 14618, 'destination.as.organization.name': 'Amazon.com, Inc.', 'destination.address': '52.71.234.219', 'destination.port': 80, 'destination.ip': '52.71.234.219', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '52.71.234.219'], 'event.duration': 180000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'fileset.name': 'log', 'message': 'ACCESS [2019-04-10T03:49:34.451Z] "GET /httpbin/status/501 HTTP/1.1" 501 - 0 0 180 179 "172.17.0.3" "curl/7.59.0" "413bf460-bd56-4515-ada4-2a69c5e78e54" "httpbin.org" "52.71.234.219:80"', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'httpbin.org', 'envoyproxy.upstream_service_time': 179000000, 'envoyproxy.request_id': '413bf460-bd56-4515-ada4-2a69c5e78e54', 'envoyproxy.proxy_type': 'http', 'url.path': '/httpbin/status/501', 'url.domain': 'httpbin.org', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-10T03:49:34.451Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 501, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_001_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 4.066
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 399, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 54113, 'destination.as.organization.name': 'Fastly', 'destination.address': '151.101.66.217', 'destination.port': 80, 'destination.ip': '151.101.66.217', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '151.101.66.217'], 'event.duration': 41000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'fileset.name': 'log', 'message': '[2019-04-11T00:51:07.980Z] "GET /elastic/ HTTP/1.1" 301 - 0 0 41 39 "172.17.0.3" "curl/7.59.0" "078d1daa-b786-4d6d-85a5-7e4366adaa19" "www.elastic.co" "151.101.66.217:80"', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'www.elastic.co', 'envoyproxy.upstream_service_time': 39000000, 'envoyproxy.request_id': '078d1daa-b786-4d6d-85a5-7e4366adaa19', 'envoyproxy.proxy_type': 'http', 'url.path': '/elastic/', 'url.domain': 'www.elastic.co', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-11T00:51:07.980Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 301, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_002_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 5.021
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'informational', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.ip': '1.2.3.4', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'input.type': 'log', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'related.ip': ['1.2.3.4'], 'service.type': 'cisco', 'event.severity': 6, 'event.code': 734001, 'event.original': '%ASA-6-734001: DAP: User firsname.lastname@domain.net, Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info'], 'event.dataset': 'cisco.asa', 'user.email': 'firsname.lastname@domain.net', 'cisco.asa.connection_type': 'AnyConnect', 'cisco.asa.dap_records': ['dap_1', 'dap_2'], 'cisco.asa.message_id': '734001'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_003_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 4.785
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1723, 'log.level': 'alert', 'destination.geo.continent_name': 'Asia', 'destination.geo.region_iso_code': 'CN-GD', 'destination.geo.country_iso_code': 'CN', 'destination.geo.country_name': 'China', 'destination.geo.region_name': 'Guangdong', 'destination.geo.location.lon': 113.25, 'destination.geo.location.lat': 23.1167, 'destination.address': '1.2.33.40', 'destination.port': 8080, 'destination.ip': '1.2.33.40', 'source.address': '10.1.2.3', 'source.port': 64321, 'source.ip': '10.1.2.3', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.transport': 'icmp', 'network.iana_number': 1, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', 'related.ip': ['10.1.2.3', '1.2.33.40'], 'related.user': ['joe'], 'service.type': 'cisco', 'event.severity': 1, 'event.code': 106103, 'event.original': '%ASA-1-106103: access-list filter denied icmp for user joe inside/10.1.2.3(64321) -> outside/1.2.33.40(8080) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info', 'denied'], 'event.dataset': 'cisco.asa', 'event.outcome': 'deny', 'user.name': 'joe', 'cisco.asa.destination_interface': 'outside', 'cisco.asa.rule_name': 'filter', 'cisco.asa.source_interface': 'inside', 'cisco.asa.message_id': '106103'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_005_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 8.917
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3172, 'log.level': 'critical', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Thousand Oaks', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -118.8199, 'destination.geo.location.lat': 34.197, 'destination.as.number': 395776, 'destination.as.organization.name': 'FEDERAL ONLINE GROUP LLC', 'destination.address': '192.186.2.2', 'destination.port': 53356, 'destination.ip': '192.186.2.2', 'source.address': '10.10.10.10', 'source.port': 161, 'source.ip': '10.10.10.10', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.bytes': 64585, 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'net', 'observer.hostname': 'dev01', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'intfacename', 'related.hosts': ['dev01', 'dev01'], 'related.ip': ['10.10.10.10', '192.186.2.2'], 'service.type': 'cisco', 'host.hostname': 'dev01', 'event.severity': 2, 'event.code': 302016, 'event.original': '%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-05-05T20:38:46.000Z', 'event.type': ['connection', 'end'], 'event.duration': 124000000000, 'event.action': 'flow-expiration', 'event.end': '2020-05-05T18:40:50.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.asa', 'cisco.asa.destination_interface': 'net', 'cisco.asa.connection_id': '1671727', 'cisco.asa.source_interface': 'intfacename', 'cisco.asa.message_id': '302016'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_011_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 6.117
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3639, 'log.level': 'alert', 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'DE-ST', 'destination.geo.city_name': 'Magdeburg', 'destination.geo.country_iso_code': 'DE', 'destination.geo.country_name': 'Germany', 'destination.geo.region_name': 'Saxony-Anhalt', 'destination.geo.location.lon': 11.6167, 'destination.geo.location.lat': 52.1333, 'destination.as.number': 43341, 'destination.as.organization.name': 'MDlink online service center GmbH', 'destination.address': '213.211.198.62', 'destination.port': 80, 'destination.ip': '213.211.198.62', 'source.address': '10.0.1.20', 'source.port': 46004, 'source.ip': '10.0.1.20', 'fileset.name': 'ftd', 'url.original': 'http://www.eicar.org/download/eicar_com.zip', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'http', 'network.application': 'curl', 'network.transport': 'tcp', 'network.iana_number': 6, 'input.type': 'log', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', '@timestamp': '2019-08-16T07:39:03.000-02:00', 'file.size': '184', 'file.name': 'eicar_com.zip', 'file.hash.sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '213.211.198.62'], 'related.user': ['No Authentication Required'], 'related.hash': ['2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430005, 'event.original': '%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'cisco', 'event.start': '2019-08-16T09:39:02Z', 'event.action': 'malware-detected', 'event.category': ['malware'], 'event.type': ['info'], 'event.dataset': 'cisco.ftd', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.security.file_policy': 'malware-and-file-policy', 'cisco.ftd.security.sha_disposition': 'Unavailable', 'cisco.ftd.security.file_name': 'eicar_com.zip', 'cisco.ftd.security.file_action': 'Malware Cloud Lookup', 'cisco.ftd.security.spero_disposition': 'Spero detection not performed on file', 'cisco.ftd.security.first_packet_second': '2019-08-16T09:39:02Z', 'cisco.ftd.security.file_sandbox_status': 'File Size Is Too Small', 'cisco.ftd.security.uri': 'http://www.eicar.org/download/eicar_com.zip', 'cisco.ftd.security.file_sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'cisco.ftd.security.dst_ip': '213.211.198.62', 'cisco.ftd.security.file_size': '184', 'cisco.ftd.security.src_port': '46004', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.file_storage_status': 'Not Stored (Disposition Was Pending)', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.threat_name': 'Win.Ransomware.Eicar::95.sbx.tg', 'cisco.ftd.security.file_direction': 'Download', 'cisco.ftd.security.file_type': 'ZIP', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.client': 'cURL', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': 'malware-and-file-policy', 'cisco.ftd.message_id': '430005', 'cisco.ftd.threat_category': 'Win.Ransomware.Eicar::95.sbx.tg'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_012_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 6.564
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1182, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'eu-central-1.ec2.archive.ubuntu.com', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 0, 'destination.ip': '8.8.8.8', 'destination.packets': 0, 'source.address': '10.0.1.20', 'source.port': 50074, 'source.bytes': 106, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-15T14:05:37.000-02:00', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430002, 'event.original': '%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'connection-started', 'event.category': ['network'], 'event.type': ['connection', 'start', 'allowed'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '0', 'cisco.ftd.security.access_control_rule_name': 'Rule-1', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.dns_query': 'eu-central-1.ec2.archive.ubuntu.com', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_port': '50074', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '106', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.responder_bytes': '0', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Rule-1'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430002'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_015_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 6.234
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'elastic.co', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 145, 'destination.ip': '8.8.8.8', 'destination.packets': 1, 'source.address': '10.0.1.20', 'source.port': 57379, 'source.bytes': 93, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'siem-ftd', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-26T21:11:03.000-02:00', 'related.hosts': ['siem-ftd', 'siem-ftd'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'siem-ftd', 'event.severity': 1, 'event.code': 430003, 'event.original': '%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2019-08-26T23:11:03.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 0, 'event.action': 'connection-finished', 'event.end': '2019-08-26T21:11:03.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '1', 'cisco.ftd.security.dns_query': 'elastic.co', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '93', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.connection_duration': '0', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.access_control_rule_name': 'Intrusion-Rule', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.src_port': '57379', 'cisco.ftd.security.dns_ttl': '70', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.responder_bytes': '145', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Intrusion-Rule'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430003'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_018_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 3.879
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'unknown', 'destination.geo.continent_name': 'Europe', 'destination.geo.country_iso_code': 'FR', 'destination.geo.country_name': 'France', 'destination.geo.location.lon': 2.3387, 'destination.geo.location.lat': 48.8582, 'destination.as.number': 3215, 'destination.as.organization.name': 'Orange', 'destination.address': '2.2.2.2', 'destination.port': 80, 'destination.bytes': 246, 'destination.ip': '2.2.2.2', 'destination.packets': 4, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-WA', 'source.geo.city_name': 'Seattle', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Washington', 'source.geo.location.lon': -122.3451, 'source.geo.location.lat': 47.6348, 'source.address': '3.3.3.3', 'source.port': 65090, 'source.bytes': 729, 'source.ip': '3.3.3.3', 'source.packets': 4, 'network.protocol': 'http', 'network.application': 'chrome', 'network.transport': 'tcp', 'network.iana_number': 6, 'observer.ingress.interface.name': 's1p2', 'observer.hostname': 'CISCO-SENSOR-3D', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 's1p1', 'related.hosts': ['CISCO-SENSOR-3D', 'CISCO-SENSOR-3D'], 'related.ip': ['3.3.3.3', '2.2.2.2'], 'related.user': ['No Authentication Required'], 'host.hostname': 'CISCO-SENSOR-3D', 'event.severity': 0, 'event.code': 430003, 'event.original': '%NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-03-01T01:02:16.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 20000000000, 'event.action': 'connection-finished', 'event.end': '2020-02-29T23:02:36.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'cisco.ftd.destination_interface': 's1p2', 'cisco.ftd.security.access_control_rule_reason': 'IP Monitor', 'cisco.ftd.security.egress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.responder_packets': '4', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'State-Backbone', 'cisco.ftd.security.dst_ip': '2.2.2.2', 'cisco.ftd.security.ac_policy': 'COOL-POLICY-3D', 'cisco.ftd.security.src_ip': '3.3.3.3', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.initiator_bytes': '729', 'cisco.ftd.security.sec_int_matching_ip': 'Destination', 'cisco.ftd.security.initiator_packets': '4', 'cisco.ftd.security.connection_duration': '20', 'cisco.ftd.security.client': 'Chrome', 'cisco.ftd.security.client_version': '80.0.3987.87', 'cisco.ftd.security.referenced_host': 'eyedropper-color-pick.info', 'cisco.ftd.security.user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'cisco.ftd.security.access_control_rule_name': 'Inside DMZ-Rule-Inline', 'cisco.ftd.security.egress_interface': 's1p2', 'cisco.ftd.security.prefilter_policy': 'Unknown', 'cisco.ftd.security.ingress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.url': 'http://bad-malwaresite-grr.info/favicon.ico', 'cisco.ftd.security.src_port': '65090', 'cisco.ftd.security.http_referer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'cisco.ftd.security.ip_reputation_si_category': 'Malware', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.ingress_interface': 's1p1', 'cisco.ftd.security.responder_bytes': '246', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['COOL-POLICY-3D', 'Inside DMZ-Rule-Inline'], 'cisco.ftd.source_interface': 's1p1', 'cisco.ftd.message_id': '430003', 'user_agent.original': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'process.name': 'Alerts', 'fileset.name': 'ftd', 'url.original': 'http://bad-malwaresite-grr.info/favicon.ico', 'url.domain': 'eyedropper-color-pick.info', 'tags': ['cisco-ftd', 'forwarded'], 'input.type': 'log', '@timestamp': '2020-02-29T23:02:36.000-02:00', 'service.type': 'cisco', 'http.request.referrer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_023_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 5.63
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.original': 'Jun 20 02:41:56 198.51.100.2 1663306: Jun 20 02:41:55.222: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'log.offset': 1064, 'log.level': 'informational', 'log.source.address': '198.51.100.2', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '172.217.10.46', 'destination.port': 80, 'destination.ip': '172.217.10.46', 'source.address': '198.51.100.12', 'source.port': 59825, 'source.ip': '198.51.100.12', 'source.packets': 1, 'message': 'list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'fileset.name': 'ios', 'network.community_id': '1:chQ9+C+0W0ihrzqZ0HbcFSRdBRc=', 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 1, 'tags': ['cisco-ios', 'forwarded'], 'input.type': 'log', 'related.ip': ['198.51.100.12', '172.217.10.46'], 'service.type': 'cisco', 'event.severity': 6, 'event.sequence': 1663306, 'event.code': 'IPACCESSLOGP', 'event.kind': 'event', 'event.timezone': '-02:00', 'event.module': 'cisco', 'event.category': ['network', 'network_traffic'], 'event.type': ['connection', 'firewall'], 'event.dataset': 'cisco.ios', 'event.outcome': 'deny', 'cisco.ios.access_list': '150', 'cisco.ios.facility': 'SEC'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_031_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 2
    • Duration: 3.682
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.address': '35.199.178.4', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Mountain View', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -122.0748, 'destination.geo.location.lat': 37.4043, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '35.199.178.4', 'destination.port': 9243, 'destination.ip': '35.199.178.4', 'zeek.session_id': 'CAOvs1BMFCX2Eh0Y3', 'zeek.ssl.established': True, 'zeek.ssl.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'zeek.ssl.server.subject.country': 'US', 'zeek.ssl.server.subject.organization': 'Elasticsearch Inc.', 'zeek.ssl.server.subject.locality': 'Mountain View', 'zeek.ssl.server.subject.state': 'California', 'zeek.ssl.server.subject.common_name': '.gcp.cloud.es.io', 'zeek.ssl.server.cert_chain_fuids': ['FebkbHWVCV8rEEEne', 'F4BDY41MGUBT6URZMd', 'FWlfEfiHVkv8evDL3'], 'zeek.ssl.server.name': 'dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io', 'zeek.ssl.server.issuer.country': 'US', 'zeek.ssl.server.issuer.organization': 'DigiCert Inc', 'zeek.ssl.server.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'zeek.ssl.curve': 'secp256r1', 'zeek.ssl.resumed': False, 'zeek.ssl.version': 'TLSv12', 'zeek.ssl.validation.status': 'ok', 'source.address': '10.178.98.102', 'source.port': 63199, 'source.ip': '10.178.98.102', 'fileset.name': 'ssl', 'tags': ['zeek.ssl'], 'network.community_id': '1:1PMhYqOKBIyRAQeMbg/pWiJ198g=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2019-01-17T01:32:16.805Z', 'related.ip': ['10.178.98.102', '35.199.178.4'], 'service.type': 'zeek', 'client.address': '10.178.98.102', 'tls.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'tls.established': True, 'tls.server.x509.subject.country': 'US', 'tls.server.x509.subject.state_or_province': 'California', 'tls.server.x509.subject.organization': 'Elasticsearch Inc.', 'tls.server.x509.subject.locality': 'Mountain View', 'tls.server.x509.subject.common_name': '.gcp.cloud.es.io', 'tls.server.x509.issuer.country': 'US', 'tls.server.x509.issuer.organization': 'DigiCert Inc', 'tls.server.x509.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'tls.server.issuer': 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', 'tls.curve': 'secp256r1', 'tls.resumed': False, 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'zeek', 'event.id': 'CAOvs1BMFCX2Eh0Y3', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'zeek.ssl'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

Steps errors 2

Expand to view the steps failures

  • Name: mage build test

    • Description: mage build test

    • Duration: 27 min 44 sec

    • Start Time: 2020-10-06T14:47:55.733+0000

    • log

  • Name: mage build test

    • Description: mage build test

    • Duration: 51 min 12 sec

    • Start Time: 2020-10-06T14:49:40.927+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-10-06T15:40:58.667Z] Copy ./x-pack/filebeat/build into build/x-pack/filebeat/build
[2020-10-06T15:40:58.681Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/build
[2020-10-06T15:40:59.003Z] + rm -rf ve
[2020-10-06T15:40:59.003Z] + find . -type d -name vendor -exec rm -r {} ;
[2020-10-06T15:40:59.019Z] WARNING: Unknown parameter(s) found for class type 'hudson.tasks.junit.pipeline.JUnitResultsStep': id,stashedTestReports
[2020-10-06T15:40:59.022Z] Recording test results
[2020-10-06T15:41:02.200Z] Stashed 4 file(s)
[2020-10-06T15:41:02.518Z] + tar --version
[2020-10-06T15:41:02.868Z] + tar --exclude=test-build-artifacts-x-pack/filebeat-build.tgz -czf test-build-artifacts-x-pack/filebeat-build.tgz .
[2020-10-06T15:41:59.650Z] Archiving artifacts
[2020-10-06T15:42:31.626Z] + python .ci/scripts/search_system_tests.py
[2020-10-06T15:42:31.648Z] [INFO] system-tests='build/x-pack/filebeat/build/system-tests'. If no empty then let's create a tarball
[2020-10-06T15:42:31.971Z] + tar --version
[2020-10-06T15:42:32.290Z] + tar --exclude=x-pack-filebeat--system-tests-linux.tgz -czf x-pack-filebeat--system-tests-linux.tgz build/x-pack/filebeat/build/system-tests
[2020-10-06T15:42:59.171Z] Archiving artifacts
[2020-10-06T15:43:12.187Z] Client: Docker Engine - Community
[2020-10-06T15:43:12.187Z]  Version:           19.03.13
[2020-10-06T15:43:12.187Z]  API version:       1.40
[2020-10-06T15:43:12.187Z]  Go version:        go1.13.15
[2020-10-06T15:43:12.187Z]  Git commit:        4484c46d9d
[2020-10-06T15:43:12.187Z]  Built:             Wed Sep 16 17:02:36 2020
[2020-10-06T15:43:12.187Z]  OS/Arch:           linux/amd64
[2020-10-06T15:43:12.187Z]  Experimental:      false
[2020-10-06T15:43:12.187Z] 
[2020-10-06T15:43:12.187Z] Server: Docker Engine - Community
[2020-10-06T15:43:12.187Z]  Engine:
[2020-10-06T15:43:12.187Z]   Version:          19.03.13
[2020-10-06T15:43:12.187Z]   API version:      1.40 (minimum version 1.12)
[2020-10-06T15:43:12.187Z]   Go version:       go1.13.15
[2020-10-06T15:43:12.187Z]   Git commit:       4484c46d9d
[2020-10-06T15:43:12.187Z]   Built:            Wed Sep 16 17:01:06 2020
[2020-10-06T15:43:12.187Z]   OS/Arch:          linux/amd64
[2020-10-06T15:43:12.187Z]   Experimental:     false
[2020-10-06T15:43:12.187Z]  containerd:
[2020-10-06T15:43:12.187Z]   Version:          1.3.7
[2020-10-06T15:43:12.187Z]   GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
[2020-10-06T15:43:12.187Z]  runc:
[2020-10-06T15:43:12.187Z]   Version:          1.0.0-rc10
[2020-10-06T15:43:12.187Z]   GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
[2020-10-06T15:43:12.187Z]  docker-init:
[2020-10-06T15:43:12.187Z]   Version:          0.18.0
[2020-10-06T15:43:12.187Z]   GitCommit:        fec3683
[2020-10-06T15:43:17.526Z] Failed in branch x-pack/filebeat-build
[2020-10-06T15:43:22.957Z] [INFO] unstashV2: JOB_GCS_BUCKET is set. bucket param got precedency instead.
[2020-10-06T15:43:22.971Z] [INFO] unstashV2: JOB_GCS_CREDENTIALS is set. credentialsId param got precedency instead.
[2020-10-06T15:43:23.040Z] [Google Cloud Storage Plugin] Found 1 files to download from pattern: gs://beats-ci-temp/Beats/beats/PR-21555-2/source/source.tgz
[2020-10-06T15:43:23.060Z] [Google Cloud Storage Plugin] Downloading: Beats/beats/PR-21555-2/source/source.tgz to local path: /var/lib/jenkins/workspace/Beats_beats_PR-21555/source.tgz
[2020-10-06T15:43:36.541Z] + tar --version
[2020-10-06T15:43:36.879Z] + tar -xpf source.tgz
[2020-10-06T15:43:49.626Z] + rm source.tgz
[2020-10-06T15:43:49.696Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats
[2020-10-06T15:43:49.708Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/lint-1601995425587
[2020-10-06T15:43:49.767Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/filebeat-windows-windows-2019-1601996451202
[2020-10-06T15:43:49.834Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/x-pack-filebeat-windows-windows-2019-1601996600199
[2020-10-06T15:43:49.891Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/filebeat-build-1601997285909
[2020-10-06T15:43:49.969Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats/x-pack-filebeat-build-1601998861682
[2020-10-06T15:43:50.428Z] + cat
[2020-10-06T15:43:50.428Z] + /usr/local/bin/runbld ./runbld-test-reports --job-name elastic+beats+pull-request
[2020-10-06T15:43:50.428Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-10-06T15:43:57.093Z] runbld>>> runbld started
[2020-10-06T15:43:57.093Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-10-06T15:43:58.488Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-10-06T15:43:58.488Z] runbld>>> Matches in the system config:
[2020-10-06T15:43:58.488Z] runbld>>> - Matched ^elastic\+beats
[2020-10-06T15:43:58.488Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-10-06T15:43:59.879Z] runbld>>> Debug logging enabled.
[2020-10-06T15:43:59.879Z] runbld>>> Storing result
[2020-10-06T15:43:59.879Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-10-06T15:43:59.879Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201006154359-2FC0F20D
[2020-10-06T15:43:59.879Z] runbld>>> Adding system facts.
[2020-10-06T15:44:01.272Z] runbld>>> Adding vcs info for the latest commit:  d67017e5f709eac08fbdb49bc5dbeb4785b18287
[2020-10-06T15:44:01.272Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-10-06T15:44:01.272Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-10-06T15:44:01.272Z] Processing JUnit reports with runbld...
[2020-10-06T15:44:01.272Z] + echo 'Processing JUnit reports with runbld...'
[2020-10-06T15:44:01.847Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-10-06T15:44:01.847Z] runbld>>> DURATION: 28ms
[2020-10-06T15:44:01.847Z] runbld>>> STDOUT: 40 bytes
[2020-10-06T15:44:01.847Z] runbld>>> STDERR: 49 bytes
[2020-10-06T15:44:01.847Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-10-06T15:44:01.847Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-21555
[2020-10-06T15:44:02.791Z] runbld>>> Storing build metadata: 
[2020-10-06T15:44:02.791Z] runbld>>> Adding test report.
[2020-10-06T15:44:02.791Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-21555/src/github.com/elastic/beats
[2020-10-06T15:44:03.365Z] runbld>>> Found 12 test output files
[2020-10-06T15:44:05.285Z] runbld>>> Test output logs contained: Errors: 0 Failures: 196 Tests: 4984 Skipped: 545
[2020-10-06T15:44:05.285Z] runbld>>> Storing result
[2020-10-06T15:44:05.285Z] runbld>>> FAILURES: 196
[2020-10-06T15:44:44.150Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-10-06T15:44:44.150Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201006154359-2FC0F20D
[2020-10-06T15:44:44.150Z] runbld>>> Email notification disabled by environment variable.
[2020-10-06T15:44:44.150Z] runbld>>> Slack notification disabled by environment variable.
[2020-10-06T15:44:46.997Z] Running on Jenkins in /var/lib/jenkins/workspace/Beats_beats_PR-21555
[2020-10-06T15:44:47.271Z] [INFO] getVaultSecret: Getting secrets
[2020-10-06T15:44:47.547Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-10-06T15:44:48.662Z] + chmod 755 generate-build-data.sh
[2020-10-06T15:44:48.662Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21555/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21555/runs/2 FAILURE 5031753
[2020-10-06T15:44:48.662Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21555/runs/2/steps/?limit=10000 -o steps-info.json
[2020-10-06T15:44:55.184Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21555/runs/2/tests/?status=FAILED -o tests-errors.json
[2020-10-06T15:44:55.436Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21555/runs/2/log/ -o pipeline-log.txt

adriansr
adriansr suggested changes Oct 6, 2020
View reviewed changes
@P1llus @marc-gr
[Filebeat][New Module] Add support for Microsoft MTP / 365 Defender (e…
d67017e 
…lastic#21446)

* Initial commit for mtp mvp

* first finished MVP version of MTP module

* updating m365_defender with new fields and new name

* reverting some files that shouldnt be added

* removing dhcp generated logs from PR

* converting two fields to strings and updating some default template configurations

* adding changelog entry

* Initial commit for mtp mvp

* first finished MVP version of MTP module

* updating m365_defender with new fields and new name

* reverting some files that shouldnt be added

* removing dhcp generated logs from PR

* converting two fields to strings and updating some default template configurations

* adding changelog entry

* updating typo

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
(cherry picked from commit 804db76)
@marc-gr marc-gr force-pushed the backport_21446_7.x branch from bdcda45 to d67017e Compare October 6, 2020 14:20
@marc-gr marc-gr requested a review from adriansr October 6, 2020 14:20
@marc-gr marc-gr merged commit 0e6ea45 into elastic:7.x Oct 6, 2020
@marc-gr marc-gr deleted the backport_21446_7.x branch October 6, 2020 16:16
@zube zube bot removed the [zube]: Done label Jan 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@adriansr adriansr adriansr approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marc-gr @elasticmachine @adriansr @P1llus