Skip to content

Cherry-pick #21643 to 7.x: [Filebeat][Cyberark] Fix cyberark/corepas pipeline#21654

Merged
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21643_7.x
Oct 7, 2020
Merged

Cherry-pick #21643 to 7.x: [Filebeat][Cyberark] Fix cyberark/corepas pipeline#21654
marc-gr merged 1 commit intoelastic:7.xfrom
marc-gr:backport_21643_7.x

Conversation

@marc-gr
Copy link
Copy Markdown
Contributor

@marc-gr marc-gr commented Oct 7, 2020
edited by zube bot
Loading

Cherry-pick of PR #21643 to 7.x branch. Original message:

What does this PR do?

Fixes an error in the cyberark pipeline

Checklist

- [ ] My code follows the style guidelines of this project
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] I have made corresponding change to the default configuration files
- [ ] I have added tests that prove my fix is effective or that my feature works
- [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Oct 7, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 7, 2020

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Oct 7, 2020
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 7, 2020

💔 Tests Failed

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #21654 opened]

  • Start Time: 2020-10-07T16:55:48.534+0000

  • Duration: 78 min 0 sec

Test stats 🧪

Test Results
Failed 84
Passed 1863
Skipped 259
Total 2206

Test errors 84

Expand to view the tests failures

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_000_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 33.154
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'kubernetes.container.name': 'ambassador', 'kubernetes.node.name': 'minikube', 'kubernetes.pod.uid': 'e57d545e-2a9d-11e9-995f-08002730e0dc', 'kubernetes.pod.name': 'ambassador-76c58d9df4-jwhsg', 'kubernetes.namespace': 'default', 'kubernetes.labels.service': 'ambassador', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-VA', 'destination.geo.city_name': 'Ashburn', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Virginia', 'destination.geo.location.lon': -77.4728, 'destination.geo.location.lat': 39.0481, 'destination.as.number': 14618, 'destination.as.organization.name': 'Amazon.com, Inc.', 'destination.address': '52.71.234.219', 'destination.port': 80, 'destination.ip': '52.71.234.219', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '52.71.234.219'], 'event.duration': 180000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'fileset.name': 'log', 'message': 'ACCESS [2019-04-10T03:49:34.451Z] "GET /httpbin/status/501 HTTP/1.1" 501 - 0 0 180 179 "172.17.0.3" "curl/7.59.0" "413bf460-bd56-4515-ada4-2a69c5e78e54" "httpbin.org" "52.71.234.219:80"', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'httpbin.org', 'envoyproxy.upstream_service_time': 179000000, 'envoyproxy.request_id': '413bf460-bd56-4515-ada4-2a69c5e78e54', 'envoyproxy.proxy_type': 'http', 'url.path': '/httpbin/status/501', 'url.domain': 'httpbin.org', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-10T03:49:34.451Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 501, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_001_envoyproxy – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.324
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 399, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 54113, 'destination.as.organization.name': 'Fastly', 'destination.address': '151.101.66.217', 'destination.port': 80, 'destination.ip': '151.101.66.217', 'source.address': '172.17.0.3', 'source.ip': '172.17.0.3', 'network.protocol': 'http', 'related.ip': ['172.17.0.3', '151.101.66.217'], 'event.duration': 41000000, 'event.kind': 'event', 'event.module': 'envoyproxy', 'event.type': ['connection', 'protocol'], 'event.category': ['network'], 'event.dataset': 'envoyproxy.log', 'event.outcome': ['success'], 'user_agent.original': 'curl/7.59.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.59.0', 'message': '[2019-04-11T00:51:07.980Z] "GET /elastic/ HTTP/1.1" 301 - 0 0 41 39 "172.17.0.3" "curl/7.59.0" "078d1daa-b786-4d6d-85a5-7e4366adaa19" "www.elastic.co" "151.101.66.217:80"', 'fileset.name': 'log', 'envoyproxy.log_type': 'ACCESS', 'envoyproxy.authority': 'www.elastic.co', 'envoyproxy.upstream_service_time': 39000000, 'envoyproxy.request_id': '078d1daa-b786-4d6d-85a5-7e4366adaa19', 'envoyproxy.proxy_type': 'http', 'url.path': '/elastic/', 'url.domain': 'www.elastic.co', 'tags': ['envoyproxy'], 'input.type': 'log', '@timestamp': '2019-04-11T00:51:07.980Z', 'service.type': 'envoyproxy', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 301, 'http.response.body.bytes': 0, 'http.version': '1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_002_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.48
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'informational', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.address': '1.2.3.4', 'source.ip': '1.2.3.4', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'input.type': 'log', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'related.ip': ['1.2.3.4'], 'service.type': 'cisco', 'event.severity': 6, 'event.code': 734001, 'event.original': '%ASA-6-734001: DAP: User firsname.lastname@domain.net, Addr 1.2.3.4, Connection AnyConnect: The following DAP records were selected for this connection: dap_1, dap_2', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info'], 'event.dataset': 'cisco.asa', 'user.email': 'firsname.lastname@domain.net', 'cisco.asa.connection_type': 'AnyConnect', 'cisco.asa.dap_records': ['dap_1', 'dap_2'], 'cisco.asa.message_id': '734001'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_003_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.724
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1723, 'log.level': 'alert', 'destination.geo.continent_name': 'Asia', 'destination.geo.region_iso_code': 'CN-GD', 'destination.geo.country_iso_code': 'CN', 'destination.geo.country_name': 'China', 'destination.geo.region_name': 'Guangdong', 'destination.geo.location.lon': 113.25, 'destination.geo.location.lat': 23.1167, 'destination.address': '1.2.33.40', 'destination.port': 8080, 'destination.ip': '1.2.33.40', 'source.address': '10.1.2.3', 'source.port': 64321, 'source.ip': '10.1.2.3', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.transport': 'icmp', 'network.iana_number': 1, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', 'related.ip': ['10.1.2.3', '1.2.33.40'], 'related.user': ['joe'], 'service.type': 'cisco', 'event.severity': 1, 'event.code': 106103, 'event.original': '%ASA-1-106103: access-list filter denied icmp for user joe inside/10.1.2.3(64321) -> outside/1.2.33.40(8080) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'firewall-rule', 'event.category': ['network'], 'event.type': ['info', 'denied'], 'event.dataset': 'cisco.asa', 'event.outcome': 'deny', 'user.name': 'joe', 'cisco.asa.destination_interface': 'outside', 'cisco.asa.rule_name': 'filter', 'cisco.asa.source_interface': 'inside', 'cisco.asa.message_id': '106103'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_005_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 8.753
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3172, 'log.level': 'critical', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Thousand Oaks', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -118.8199, 'destination.geo.location.lat': 34.197, 'destination.as.number': 395776, 'destination.as.organization.name': 'FEDERAL ONLINE GROUP LLC', 'destination.address': '192.186.2.2', 'destination.port': 53356, 'destination.ip': '192.186.2.2', 'source.address': '10.10.10.10', 'source.port': 161, 'source.ip': '10.10.10.10', 'fileset.name': 'asa', 'tags': ['cisco-asa', 'forwarded'], 'network.bytes': 64585, 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'net', 'observer.hostname': 'dev01', 'observer.product': 'asa', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'intfacename', 'related.hosts': ['dev01', 'dev01'], 'related.ip': ['10.10.10.10', '192.186.2.2'], 'service.type': 'cisco', 'host.hostname': 'dev01', 'event.severity': 2, 'event.code': 302016, 'event.original': '%ASA-2-302016: Teardown UDP connection 1671727 for intfacename:10.10.10.10/161 to net:192.186.2.2/53356 duration 0:02:04 bytes 64585', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-05-05T20:38:46.000Z', 'event.type': ['connection', 'end'], 'event.duration': 124000000000, 'event.action': 'flow-expiration', 'event.end': '2020-05-05T18:40:50.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.asa', 'cisco.asa.destination_interface': 'net', 'cisco.asa.connection_id': '1671727', 'cisco.asa.source_interface': 'intfacename', 'cisco.asa.message_id': '302016'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_011_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.306
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 3639, 'log.level': 'alert', 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'DE-ST', 'destination.geo.city_name': 'Magdeburg', 'destination.geo.country_iso_code': 'DE', 'destination.geo.country_name': 'Germany', 'destination.geo.region_name': 'Saxony-Anhalt', 'destination.geo.location.lon': 11.6167, 'destination.geo.location.lat': 52.1333, 'destination.as.number': 43341, 'destination.as.organization.name': 'MDlink online service center GmbH', 'destination.address': '213.211.198.62', 'destination.port': 80, 'destination.ip': '213.211.198.62', 'source.address': '10.0.1.20', 'source.port': 46004, 'source.ip': '10.0.1.20', 'fileset.name': 'ftd', 'url.original': 'http://www.eicar.org/download/eicar_com.zip', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'http', 'network.application': 'curl', 'network.transport': 'tcp', 'network.iana_number': 6, 'input.type': 'log', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', '@timestamp': '2019-08-16T07:39:03.000-02:00', 'file.size': '184', 'file.name': 'eicar_com.zip', 'file.hash.sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '213.211.198.62'], 'related.user': ['No Authentication Required'], 'related.hash': ['2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430005, 'event.original': '%FTD-1-430005: SrcIP: 10.0.1.20, DstIP: 213.211.198.62, SrcPort: 46004, DstPort: 80, Protocol: tcp, FileDirection: Download, FileAction: Malware Cloud Lookup, FileSHA256: 2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad, SHA_Disposition: Unavailable, SperoDisposition: Spero detection not performed on file, ThreatName: Win.Ransomware.Eicar::95.sbx.tg, FileName: eicar_com.zip, FileType: ZIP, FileSize: 184, ApplicationProtocol: HTTP, Client: cURL, User: No Authentication Required, FirstPacketSecond: 2019-08-16T09:39:02Z, FilePolicy: malware-and-file-policy, FileStorageStatus: Not Stored (Disposition Was Pending), FileSandboxStatus: File Size Is Too Small, URI: http://www.eicar.org/download/eicar_com.zip', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'cisco', 'event.start': '2019-08-16T09:39:02Z', 'event.action': 'malware-detected', 'event.category': ['malware'], 'event.type': ['info'], 'event.dataset': 'cisco.ftd', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.security.file_policy': 'malware-and-file-policy', 'cisco.ftd.security.sha_disposition': 'Unavailable', 'cisco.ftd.security.file_name': 'eicar_com.zip', 'cisco.ftd.security.file_action': 'Malware Cloud Lookup', 'cisco.ftd.security.spero_disposition': 'Spero detection not performed on file', 'cisco.ftd.security.first_packet_second': '2019-08-16T09:39:02Z', 'cisco.ftd.security.file_sandbox_status': 'File Size Is Too Small', 'cisco.ftd.security.uri': 'http://www.eicar.org/download/eicar_com.zip', 'cisco.ftd.security.file_sha256': '2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad', 'cisco.ftd.security.dst_ip': '213.211.198.62', 'cisco.ftd.security.file_size': '184', 'cisco.ftd.security.src_port': '46004', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.file_storage_status': 'Not Stored (Disposition Was Pending)', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.threat_name': 'Win.Ransomware.Eicar::95.sbx.tg', 'cisco.ftd.security.file_direction': 'Download', 'cisco.ftd.security.file_type': 'ZIP', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.client': 'cURL', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': 'malware-and-file-policy', 'cisco.ftd.message_id': '430005', 'cisco.ftd.threat_category': 'Win.Ransomware.Eicar::95.sbx.tg'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_012_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.394
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 1182, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'eu-central-1.ec2.archive.ubuntu.com', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 0, 'destination.ip': '8.8.8.8', 'destination.packets': 0, 'source.address': '10.0.1.20', 'source.port': 50074, 'source.bytes': 106, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'firepower', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-15T14:05:37.000-02:00', 'related.hosts': ['firepower', 'firepower'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'firepower', 'event.severity': 1, 'event.code': 430002, 'event.original': '%FTD-1-430002: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 50074, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Rule-1, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 106, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity, DNSQuery: eu-central-1.ec2.archive.ubuntu.com, DNSRecordType: a host address', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.action': 'connection-started', 'event.category': ['network'], 'event.type': ['connection', 'start', 'allowed'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '0', 'cisco.ftd.security.access_control_rule_name': 'Rule-1', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.dns_query': 'eu-central-1.ec2.archive.ubuntu.com', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_port': '50074', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '106', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.responder_bytes': '0', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Rule-1'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430002'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_015_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 6.095
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'alert', 'dns.response_code': 'NOERROR', 'dns.question.name': 'elastic.co', 'dns.question.type': 'A', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 145, 'destination.ip': '8.8.8.8', 'destination.packets': 1, 'source.address': '10.0.1.20', 'source.port': 57379, 'source.bytes': 93, 'source.ip': '10.0.1.20', 'source.packets': 1, 'fileset.name': 'ftd', 'tags': ['cisco-ftd', 'forwarded'], 'network.protocol': 'dns', 'network.application': 'dns client', 'network.transport': 'udp', 'network.iana_number': 17, 'input.type': 'log', 'observer.ingress.interface.name': 'outside', 'observer.hostname': 'siem-ftd', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 'inside', '@timestamp': '2019-08-26T21:11:03.000-02:00', 'related.hosts': ['siem-ftd', 'siem-ftd'], 'related.ip': ['10.0.1.20', '8.8.8.8'], 'related.user': ['No Authentication Required'], 'service.type': 'cisco', 'host.hostname': 'siem-ftd', 'event.severity': 1, 'event.code': 430003, 'event.original': '%FTD-1-430003: AccessControlRuleAction: Allow, SrcIP: 10.0.1.20, DstIP: 8.8.8.8, SrcPort: 57379, DstPort: 53, Protocol: udp, IngressInterface: inside, EgressInterface: outside, IngressZone: input-zone, EgressZone: output-zone, ACPolicy: default, AccessControlRuleName: Intrusion-Rule, Prefilter Policy: Default Prefilter Policy, User: No Authentication Required, Client: DNS client, ApplicationProtocol: DNS, ConnectionDuration: 0, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 93, ResponderBytes: 145, NAPPolicy: Balanced Security and Connectivity, DNSQuery: elastic.co, DNSRecordType: a host address, DNS_TTL: 70', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2019-08-26T23:11:03.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 0, 'event.action': 'connection-finished', 'event.end': '2019-08-26T21:11:03.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required', 'cisco.ftd.destination_interface': 'outside', 'cisco.ftd.security.egress_zone': 'output-zone', 'cisco.ftd.security.dns_record_type': 'a host address', 'cisco.ftd.security.responder_packets': '1', 'cisco.ftd.security.dns_query': 'elastic.co', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'Balanced Security and Connectivity', 'cisco.ftd.security.dst_ip': '8.8.8.8', 'cisco.ftd.security.ac_policy': 'default', 'cisco.ftd.security.src_ip': '10.0.1.20', 'cisco.ftd.security.protocol': 'udp', 'cisco.ftd.security.application_protocol': 'DNS', 'cisco.ftd.security.initiator_bytes': '93', 'cisco.ftd.security.initiator_packets': '1', 'cisco.ftd.security.connection_duration': '0', 'cisco.ftd.security.client': 'DNS client', 'cisco.ftd.security.access_control_rule_name': 'Intrusion-Rule', 'cisco.ftd.security.egress_interface': 'outside', 'cisco.ftd.security.prefilter_policy': 'Default Prefilter Policy', 'cisco.ftd.security.ingress_zone': 'input-zone', 'cisco.ftd.security.src_port': '57379', 'cisco.ftd.security.dns_ttl': '70', 'cisco.ftd.security.dst_port': '53', 'cisco.ftd.security.ingress_interface': 'inside', 'cisco.ftd.security.responder_bytes': '145', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['default', 'Intrusion-Rule'], 'cisco.ftd.source_interface': 'inside', 'cisco.ftd.message_id': '430003'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_018_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.925
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'unknown', 'destination.geo.continent_name': 'Europe', 'destination.geo.country_iso_code': 'FR', 'destination.geo.country_name': 'France', 'destination.geo.location.lon': 2.3387, 'destination.geo.location.lat': 48.8582, 'destination.as.number': 3215, 'destination.as.organization.name': 'Orange', 'destination.address': '2.2.2.2', 'destination.port': 80, 'destination.bytes': 246, 'destination.ip': '2.2.2.2', 'destination.packets': 4, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-WA', 'source.geo.city_name': 'Seattle', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Washington', 'source.geo.location.lon': -122.3451, 'source.geo.location.lat': 47.6348, 'source.address': '3.3.3.3', 'source.port': 65090, 'source.bytes': 729, 'source.ip': '3.3.3.3', 'source.packets': 4, 'network.protocol': 'http', 'network.application': 'chrome', 'network.transport': 'tcp', 'network.iana_number': 6, 'observer.ingress.interface.name': 's1p2', 'observer.hostname': 'CISCO-SENSOR-3D', 'observer.product': 'ftd', 'observer.vendor': 'Cisco', 'observer.type': 'firewall', 'observer.egress.interface.name': 's1p1', 'related.hosts': ['CISCO-SENSOR-3D', 'CISCO-SENSOR-3D'], 'related.ip': ['3.3.3.3', '2.2.2.2'], 'related.user': ['No Authentication Required'], 'host.hostname': 'CISCO-SENSOR-3D', 'event.severity': 0, 'event.code': 430003, 'event.original': '%NGIPS-0-430003: DeviceUUID: 1c8ff662-08f3-11e4-85c0-bc960372972f, AccessControlRuleAction: Allow, AccessControlRuleReason: IP Monitor, SrcIP: 3.3.3.3, DstIP: 2.2.2.2, SrcPort: 65090, DstPort: 80, Protocol: tcp, IngressInterface: s1p1, EgressInterface: s1p2, IngressZone: Inside-DMZ-Interface-Inline, EgressZone: Inside-DMZ-Interface-Inline, ACPolicy: COOL-POLICY-3D, AccessControlRuleName: Inside DMZ-Rule-Inline, Prefilter Policy: Unknown, User: No Authentication Required, UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36, Client: Chrome, ClientVersion: 80.0.3987.87, ApplicationProtocol: HTTP, ConnectionDuration: 20, InitiatorPackets: 4, ResponderPackets: 4, InitiatorBytes: 729, ResponderBytes: 246, NAPPolicy: State-Backbone, SecIntMatchingIP: Destination, IPReputationSICategory: Malware, HTTPReferer: http://eyedropper-color-pick.info/mk?c=1581483445764, ReferencedHost: eyedropper-color-pick.info, URL: http://bad-malwaresite-grr.info/favicon.ico', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'cisco', 'event.start': '2020-03-01T01:02:16.000Z', 'event.type': ['connection', 'end', 'allowed'], 'event.duration': 20000000000, 'event.action': 'connection-finished', 'event.end': '2020-02-29T23:02:36.000-02:00', 'event.category': ['network'], 'event.dataset': 'cisco.ftd', 'event.outcome': 'allow', 'cisco.ftd.destination_interface': 's1p2', 'cisco.ftd.security.access_control_rule_reason': 'IP Monitor', 'cisco.ftd.security.egress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.responder_packets': '4', 'cisco.ftd.security.access_control_rule_action': 'Allow', 'cisco.ftd.security.nap_policy': 'State-Backbone', 'cisco.ftd.security.dst_ip': '2.2.2.2', 'cisco.ftd.security.ac_policy': 'COOL-POLICY-3D', 'cisco.ftd.security.src_ip': '3.3.3.3', 'cisco.ftd.security.protocol': 'tcp', 'cisco.ftd.security.application_protocol': 'HTTP', 'cisco.ftd.security.initiator_bytes': '729', 'cisco.ftd.security.sec_int_matching_ip': 'Destination', 'cisco.ftd.security.initiator_packets': '4', 'cisco.ftd.security.connection_duration': '20', 'cisco.ftd.security.client': 'Chrome', 'cisco.ftd.security.client_version': '80.0.3987.87', 'cisco.ftd.security.referenced_host': 'eyedropper-color-pick.info', 'cisco.ftd.security.user_agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'cisco.ftd.security.access_control_rule_name': 'Inside DMZ-Rule-Inline', 'cisco.ftd.security.egress_interface': 's1p2', 'cisco.ftd.security.prefilter_policy': 'Unknown', 'cisco.ftd.security.ingress_zone': 'Inside-DMZ-Interface-Inline', 'cisco.ftd.security.url': 'http://bad-malwaresite-grr.info/favicon.ico', 'cisco.ftd.security.src_port': '65090', 'cisco.ftd.security.http_referer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'cisco.ftd.security.ip_reputation_si_category': 'Malware', 'cisco.ftd.security.dst_port': '80', 'cisco.ftd.security.ingress_interface': 's1p1', 'cisco.ftd.security.responder_bytes': '246', 'cisco.ftd.security.user': 'No Authentication Required', 'cisco.ftd.rule_name': ['COOL-POLICY-3D', 'Inside DMZ-Rule-Inline'], 'cisco.ftd.source_interface': 's1p1', 'cisco.ftd.message_id': '430003', 'user_agent.original': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', 'process.name': 'Alerts', 'fileset.name': 'ftd', 'url.original': 'http://bad-malwaresite-grr.info/favicon.ico', 'url.domain': 'eyedropper-color-pick.info', 'tags': ['cisco-ftd', 'forwarded'], 'input.type': 'log', '@timestamp': '2020-02-29T23:02:36.000-02:00', 'service.type': 'cisco', 'http.request.referrer': 'http://eyedropper-color-pick.info/mk?c=1581483445764', 'user.name': 'No Authentication Required', 'user.id': 'No Authentication Required'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_023_cisco – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.515
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.original': 'Jun 20 02:41:56 198.51.100.2 1663306: Jun 20 02:41:55.222: %SEC-6-IPACCESSLOGP: list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'log.offset': 1064, 'log.level': 'informational', 'log.source.address': '198.51.100.2', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '172.217.10.46', 'destination.port': 80, 'destination.ip': '172.217.10.46', 'source.address': '198.51.100.12', 'source.port': 59825, 'source.ip': '198.51.100.12', 'source.packets': 1, 'message': 'list 150 denied tcp 198.51.100.12(59825) -> 172.217.10.46(80), 1 packet', 'fileset.name': 'ios', 'network.community_id': '1:chQ9+C+0W0ihrzqZ0HbcFSRdBRc=', 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 1, 'tags': ['cisco-ios', 'forwarded'], 'input.type': 'log', 'related.ip': ['198.51.100.12', '172.217.10.46'], 'service.type': 'cisco', 'event.severity': 6, 'event.sequence': 1663306, 'event.code': 'IPACCESSLOGP', 'event.kind': 'event', 'event.timezone': '-02:00', 'event.module': 'cisco', 'event.category': ['network', 'network_traffic'], 'event.type': ['connection', 'firewall'], 'event.dataset': 'cisco.ios', 'event.outcome': 'deny', 'cisco.ios.access_list': '150', 'cisco.ios.facility': 'SEC'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_031_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.543
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.address': '35.199.178.4', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'Mountain View', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -122.0748, 'destination.geo.location.lat': 37.4043, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '35.199.178.4', 'destination.port': 9243, 'destination.ip': '35.199.178.4', 'zeek.session_id': 'CAOvs1BMFCX2Eh0Y3', 'zeek.ssl.established': True, 'zeek.ssl.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'zeek.ssl.server.subject.country': 'US', 'zeek.ssl.server.subject.organization': 'Elasticsearch Inc.', 'zeek.ssl.server.subject.locality': 'Mountain View', 'zeek.ssl.server.subject.state': 'California', 'zeek.ssl.server.subject.common_name': '.gcp.cloud.es.io', 'zeek.ssl.server.cert_chain_fuids': ['FebkbHWVCV8rEEEne', 'F4BDY41MGUBT6URZMd', 'FWlfEfiHVkv8evDL3'], 'zeek.ssl.server.name': 'dd625ffb4fc54735b281862aa1cd6cd4.us-west1.gcp.cloud.es.io', 'zeek.ssl.server.issuer.country': 'US', 'zeek.ssl.server.issuer.organization': 'DigiCert Inc', 'zeek.ssl.server.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'zeek.ssl.curve': 'secp256r1', 'zeek.ssl.resumed': False, 'zeek.ssl.version': 'TLSv12', 'zeek.ssl.validation.status': 'ok', 'source.address': '10.178.98.102', 'source.port': 63199, 'source.ip': '10.178.98.102', 'fileset.name': 'ssl', 'tags': ['zeek.ssl'], 'network.community_id': '1:1PMhYqOKBIyRAQeMbg/pWiJ198g=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2019-01-17T01:32:16.805Z', 'related.ip': ['10.178.98.102', '35.199.178.4'], 'service.type': 'zeek', 'client.address': '10.178.98.102', 'tls.cipher': 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'tls.established': True, 'tls.server.x509.subject.country': 'US', 'tls.server.x509.subject.state_or_province': 'California', 'tls.server.x509.subject.organization': 'Elasticsearch Inc.', 'tls.server.x509.subject.locality': 'Mountain View', 'tls.server.x509.subject.common_name': '.gcp.cloud.es.io', 'tls.server.x509.issuer.country': 'US', 'tls.server.x509.issuer.organization': 'DigiCert Inc', 'tls.server.x509.issuer.common_name': 'DigiCert SHA2 Secure Server CA', 'tls.server.issuer': 'CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', 'tls.curve': 'secp256r1', 'tls.resumed': False, 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'zeek', 'event.id': 'CAOvs1BMFCX2Eh0Y3', 'event.category': ['network'], 'event.type': ['connection', 'protocol'], 'event.dataset': 'zeek.ssl'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_045_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.643
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 23028, 'destination.as.organization.name': 'Team Cymru Inc.', 'destination.address': '38.229.70.20', 'destination.port': 8000, 'destination.ip': '38.229.70.20', 'zeek.session_id': 'CNJBX5FQdL62VUUP1', 'zeek.irc.addl': '+iw xxxxx XxxxxxXxxx ', 'zeek.irc.value': 'xxxxx', 'zeek.irc.command': 'USER', 'source.address': '10.180.156.249', 'source.port': 45921, 'source.ip': '10.180.156.249', 'fileset.name': 'irc', 'tags': ['zeek.irc'], 'network.protocol': 'irc', 'network.community_id': '1:YdkGov/c+KLtmg7Cf5DLDB4+YdQ=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2013-12-20T15:44:10.647Z', 'related.ip': ['10.180.156.249', '38.229.70.20'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'USER', 'event.id': 'CNJBX5FQdL62VUUP1', 'event.type': ['connection', 'protocol', 'info'], 'event.category': ['network'], 'event.dataset': 'zeek.irc'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_050_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.505
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 427, 'destination.as.organization.name': 'Air Force Systems Networking', 'destination.address': '132.16.110.133', 'destination.port': 8080, 'destination.ip': '132.16.110.133', 'zeek.tunnel.action': 'Tunnel::DISCOVER', 'zeek.tunnel.type': 'Tunnel::HTTP', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.as.number': 427, 'source.as.organization.name': 'Air Force Systems Networking', 'source.address': '132.16.146.79', 'source.port': 0, 'source.ip': '132.16.146.79', 'fileset.name': 'tunnel', 'tags': ['zeek.tunnel'], 'input.type': 'log', '@timestamp': '2018-12-10T01:34:26.743Z', 'related.ip': ['132.16.146.79', '132.16.110.133'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'Tunnel::DISCOVER', 'event.category': ['network'], 'event.type': ['connection'], 'event.dataset': 'zeek.tunnel'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_052_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.617
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-CA', 'destination.geo.city_name': 'San Jose', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'California', 'destination.geo.location.lon': -121.8914, 'destination.geo.location.lat': 37.3388, 'destination.as.number': 6185, 'destination.as.organization.name': 'Apple Inc.', 'destination.address': '17.253.5.203', 'destination.port': 80, 'destination.ip': '17.253.5.203', 'zeek.http.resp_mime_types': ['application/ocsp-response'], 'zeek.http.trans_depth': 1, 'zeek.http.status_msg': 'OK', 'zeek.http.resp_fuids': ['F5zuip1tSwASjNAHy7'], 'zeek.http.tags': [], 'zeek.session_id': 'CCNp8v1SNzY7v9d1Ih', 'source.address': '10.178.98.102', 'source.port': 62995, 'source.ip': '10.178.98.102', 'fileset.name': 'http', 'url.original': '/ocsp04-aaica02/ME4wTKADAgEAMEUwQzBBMAkGBSsOAwIaBQAEFNqvF+Za6oA4ceFRLsAWwEInjUhJBBQx6napI3Sl39T97qDBpp7GEQ4R7AIIUP1IOZZ86ns=', 'url.port': 80, 'url.domain': 'ocsp.apple.com', 'tags': ['zeek.http'], 'network.community_id': '1:dtBPRfpKEZyg1iOHss95buwv+cw=', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2019-01-17T01:05:30.172Z', 'related.ip': ['10.178.98.102', '17.253.5.203'], 'service.type': 'zeek', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 200, 'http.response.body.bytes': 3735, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'get', 'event.id': 'CCNp8v1SNzY7v9d1Ih', 'event.type': ['connection', 'info', 'protocol'], 'event.category': ['network', 'web'], 'event.dataset': 'zeek.http', 'event.outcome': 'success', 'user_agent.original': 'com.apple.trustd/2.0', 'user_agent.name': 'Other', 'user_agent.device.name': 'Other'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_054_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.984
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.ip': '8.8.8.8', 'source.address': '192.168.1.1', 'source.ip': '192.168.1.1', 'fileset.name': 'traceroute', 'network.transport': 'udp', 'tags': ['zeek.traceroute'], 'input.type': 'log', '@timestamp': '2013-02-26T22:02:38.650Z', 'related.ip': ['192.168.1.1', '8.8.8.8'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.category': ['network'], 'event.type': ['info'], 'event.dataset': 'zeek.traceroute'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_060_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.504
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 357, 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'DE-HE', 'destination.geo.city_name': 'Frankfurt am Main', 'destination.geo.country_iso_code': 'DE', 'destination.geo.country_name': 'Germany', 'destination.geo.region_name': 'Hesse', 'destination.geo.location.lon': 8.6843, 'destination.geo.location.lat': 50.1188, 'destination.as.number': 14061, 'destination.as.organization.name': 'DigitalOcean, LLC', 'destination.address': '207.154.238.205', 'destination.ip': '207.154.238.205', 'rule.name': 'Scan::Port_Scan', 'rule.description': '8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s', 'zeek.notice.msg': '8.42.77.171 scanned at least 15 unique ports of host 207.154.238.205 in 0m0s', 'zeek.notice.suppress_for': 3600, 'zeek.notice.sub': 'remote', 'zeek.notice.note': 'Scan::Port_Scan', 'zeek.notice.dropped': False, 'zeek.notice.peer_descr': 'bro', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CO', 'source.geo.city_name': 'Longmont', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Colorado', 'source.geo.location.lon': -105.1624, 'source.geo.location.lat': 40.1559, 'source.as.number': 393552, 'source.as.organization.name': 'Longmont Power & Communications', 'source.address': '8.42.77.171', 'source.ip': '8.42.77.171', 'fileset.name': 'notice', 'tags': ['zeek.notice'], 'input.type': 'log', '@timestamp': '2019-02-28T22:36:28.426Z', 'related.ip': ['8.42.77.171', '207.154.238.205'], 'service.type': 'zeek', 'event.kind': 'alert', 'event.module': 'zeek', 'event.type': ['info', 'allowed'], 'event.category': ['intrusion_detection'], 'event.dataset': 'zeek.notice'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_061_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.06
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 398, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.bytes': 206, 'destination.ip': '8.8.8.8', 'destination.packets': 1, 'zeek.session_id': 'CAcJw21BbVedgFnYH4', 'zeek.connection.local_resp': False, 'zeek.connection.local_orig': True, 'zeek.connection.history': 'Dd', 'zeek.connection.missed_bytes': 0, 'zeek.connection.state': 'SF', 'zeek.connection.state_message': 'Normal establishment and termination.', 'source.address': '192.168.86.167', 'source.port': 38340, 'source.bytes': 103, 'source.ip': '192.168.86.167', 'source.packets': 1, 'fileset.name': 'connection', 'network.community_id': '1:77KJyeznYjdDxCSKdZhW89aAaBI=', 'network.protocol': 'dns', 'network.bytes': 309, 'network.transport': 'udp', 'network.packets': 2, 'network.direction': 'outbound', 'tags': ['zeek.connection', 'local_orig'], 'input.type': 'log', '@timestamp': '2019-01-11T06:33:36.857Z', 'related.ip': ['192.168.86.167', '8.8.8.8'], 'service.type': 'zeek', 'event.duration': 76967000, 'event.kind': 'event', 'event.module': 'zeek', 'event.id': 'CAcJw21BbVedgFnYH4', 'event.category': ['network'], 'event.type': ['connection', 'start', 'end'], 'event.dataset': 'zeek.connection'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_063_zeek – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.65
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 29791, 'destination.as.organization.name': 'Internap Corporation', 'destination.address': '74.63.41.218', 'destination.port': 5060, 'destination.ip': '74.63.41.218', 'zeek.session_id': 'CPRLCB4eWHdjP852Bk', 'zeek.sip.sequence.number': '4127', 'zeek.sip.sequence.method': 'REGISTER', 'zeek.sip.request.path': ['SIP/2.0/UDP 172.16.133.19:5060'], 'zeek.sip.request.from': '"AppNeta" sip:116954_Boston6@newyork.voip.ms', 'zeek.sip.request.to': 'sip:116954_Boston6@newyork.voip.ms', 'zeek.sip.request.body_length': 0, 'zeek.sip.response.path': ['SIP/2.0/UDP 172.16.133.19:5060'], 'zeek.sip.response.from': '"AppNeta" sip:116954_Boston6@newyork.voip.ms', 'zeek.sip.response.to': 'sip:116954_Boston6@newyork.voip.ms;tag=as023f66a5', 'zeek.sip.response.body_length': 0, 'zeek.sip.uri': 'sip:newyork.voip.ms:5060', 'zeek.sip.transaction_depth': 0, 'zeek.sip.user_agent': 'PolycomSoundStationIP-SSIP_5000-UA/3.2.4.0267', 'zeek.sip.call_id': '8694cd7e-976e4fc3-d76f6e38@172.16.133.19', 'zeek.sip.status.msg': 'Unauthorized', 'zeek.sip.status.code': 401, 'source.address': '172.16.133.19', 'source.port': 5060, 'source.ip': '172.16.133.19', 'fileset.name': 'sip', 'url.full': 'sip:newyork.voip.ms:5060', 'network.protocol': 'sip', 'network.community_id': '1:t8Jl0amIXPHemzxKgsLjtkB+ewo=', 'network.transport': 'udp', 'tags': ['zeek.sip'], 'input.type': 'log', '@timestamp': '2013-02-26T22:02:39.055Z', 'related.ip': ['172.16.133.19', '74.63.41.218'], 'service.type': 'zeek', 'event.kind': 'event', 'event.module': 'zeek', 'event.action': 'REGISTER', 'event.id': 'CPRLCB4eWHdjP852Bk', 'event.type': ['connection', 'protocol', 'error'], 'event.category': ['network'], 'event.dataset': 'zeek.sip', 'event.outcome': 'failure'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_066_okta – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.911
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-CA', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'California', 'source.geo.location.lon': -121.919, 'source.geo.location.lat': 37.7201, 'source.as.number': 7018, 'source.as.organization.name': 'AT&T Services, Inc.', 'source.ip': '108.255.197.247', 'source.user.full_name': 'xxxxxx', 'source.user.id': '00u1abvz4pYqdM8ms4x6', 'fileset.name': 'system', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-14T22:18:51.843Z', 'related.ip': '108.255.197.247', 'related.user': 'xxxxxx', 'service.type': 'okta', 'client.geo.city_name': 'Dublin', 'client.geo.country_name': 'United States', 'client.geo.region_name': 'California', 'client.geo.location.lon': -121.919, 'client.geo.location.lat': 37.7201, 'client.ip': '108.255.197.247', 'client.user.full_name': 'xxxxxx', 'client.user.id': '00u1abvz4pYqdM8ms4x6', 'event.original': '{"actor":{"alternateId":"xxxxxx@elastic.co","detailEntry":null,"displayName":"xxxxxx","id":"00u1abvz4pYqdM8ms4x6","type":"User"},"authenticationContext":{"authenticationProvider":null,"authenticationStep":0,"credentialProvider":null,"credentialType":null,"externalSessionId":"102nZHzd6OHSfGG51vsoc22gw","interface":null,"issuer":null},"client":{"device":"Computer","geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"id":null,"ipAddress":"108.255.197.247","userAgent":{"browser":"FIREFOX","os":"Mac OS X","rawUserAgent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"},"zone":"null"},"debugContext":{"debugData":{"authnRequestId":"XkcAsWb8WjwDP76xh@1v8wAABp0","requestId":"XkccyyMli2Uay2I93ZgRzQAAB0c","requestUri":"/login/signout","threatSuspected":"false","url":"/login/signout?message=login_page_messages.session_has_expired"}},"displayMessage":"User logout from Okta","eventType":"user.session.end","legacyEventType":"core.user_auth.logout_success","outcome":{"reason":null,"result":"SUCCESS"},"published":"2020-02-14T22:18:51.843Z","request":{"ipChain":[{"geographicalContext":{"city":"Dublin","country":"United States","geolocation":{"lat":37.7201,"lon":-121.919},"postalCode":"94568","state":"California"},"ip":"108.255.197.247","source":null,"version":"V4"}]},"securityContext":{"asNumber":null,"asOrg":null,"domain":null,"isProxy":null,"isp":null},"severity":"INFO","target":null,"transaction":{"detail":{},"id":"XkccyyMli2Uay2I93ZgRzQAAB0c","type":"WEB"},"uuid":"faf7398a-4f77-11ea-97fb-5925e98228bd","version":"0"}', 'event.kind': 'event', 'event.module': 'okta', 'event.action': 'user.session.end', 'event.id': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'event.category': ['authentication'], 'event.type': ['access'], 'event.dataset': 'okta.system', 'event.outcome': 'success', 'okta.actor.id': '00u1abvz4pYqdM8ms4x6', 'okta.actor.display_name': 'xxxxxx', 'okta.actor.type': 'User', 'okta.actor.alternate_id': 'xxxxxx@elastic.co', 'okta.debug_context.debug_data.threat_suspected': 'false', 'okta.debug_context.debug_data.request_id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.debug_context.debug_data.url': '/login/signout?message=login_page_messages.session_has_expired', 'okta.debug_context.debug_data.request_uri': '/login/signout', 'okta.event_type': 'user.session.end', 'okta.authentication_context.authentication_step': 0, 'okta.authentication_context.external_session_id': '102nZHzd6OHSfGG51vsoc22gw', 'okta.display_message': 'User logout from Okta', 'okta.client.zone': 'null', 'okta.client.ip': '108.255.197.247', 'okta.client.device': 'Computer', 'okta.client.user_agent.raw_user_agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'okta.client.user_agent.os': 'Mac OS X', 'okta.client.user_agent.browser': 'FIREFOX', 'okta.uuid': 'faf7398a-4f77-11ea-97fb-5925e98228bd', 'okta.transaction.id': 'XkccyyMli2Uay2I93ZgRzQAAB0c', 'okta.transaction.type': 'WEB', 'okta.outcome.result': 'SUCCESS', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.15', 'user_agent.os.full': 'Mac OS X 10.15', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_069_iptables – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.486
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'iptables.tcp.reserved_bits': 0, 'iptables.tcp.flags': ['ACK'], 'iptables.tcp.window': 2853, 'iptables.input_device': 'eth0', 'iptables.precedence_bits': 0, 'iptables.fragment_flags': ['DF'], 'iptables.length': 52, 'iptables.ttl': 63, 'iptables.ubiquiti.output_zone': 'lan', 'iptables.ubiquiti.input_zone': 'wan', 'iptables.ubiquiti.rule_set': 'wan-lan', 'iptables.ubiquiti.rule_number': 'default', 'iptables.ether_type': 2048, 'iptables.tos': 0, 'iptables.output_device': '', 'iptables.id': 0, 'log.original': 'Oct 10 07:25:12 Hostname kernel: [wan-lan-default-D]IN=eth0 OUT= MAC=90:10:20:76:8d:20:90:10:65:29:b6:2a:08:00 SRC=158.109.0.1 DST=10.4.0.5 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=TCP SPT=38842 DPT=443 WINDOW=2853 RES=0x00 ACK URGP=0 ', 'log.offset': 0, 'destination.port': 443, 'destination.ip': '10.4.0.5', 'destination.mac': '90:10:20:76:8d:20', 'rule.name': 'wan-lan', 'rule.id': 'default', 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.location.lon': -3.684, 'source.geo.location.lat': 40.4172, 'source.as.number': 13041, 'source.as.organization.name': 'Consorci de Serveis Universitaris de Catalunya', 'source.port': 38842, 'source.ip': '158.109.0.1', 'source.mac': '90:10:65:29:b6:2a', 'fileset.name': 'log', 'network.community_id': '1:RGJPRWtru8Lg2itNyFREDvoRkNA=', 'network.transport': 'tcp', 'network.type': 'ipv4', 'tags': ['iptables'], 'input.type': 'log', 'observer.ingress.zone': 'wan', 'observer.egress.zone': 'lan', 'related.ip': ['158.109.0.1', '10.4.0.5'], 'service.type': 'iptables', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'iptables', 'event.action': 'drop', 'event.type': ['denied', 'connection'], 'event.category': ['network'], 'event.dataset': 'iptables.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_076_cef – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.94
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'cef.severity': 'Unknown', 'cef.extensions.nat_addtnl_rulenum': '1', 'cef.extensions.destinationPort': 443, 'cef.extensions.sourcePort': 49363, 'cef.extensions.destinationAddress': '52.173.84.157', 'cef.extensions.origin': '192.168.101.254', 'cef.extensions.rule_uid': '9e5e6e74-aa9a-4693-b9fe-53712dd27bea', 'cef.extensions.deviceReceiptTime': '2018-11-26T22:17:32.000Z', 'cef.extensions.layer_uuid': 'b406b732-2437-4848-9741-6eae1f5bf112', 'cef.extensions.deviceCustomDate2Label': 'This field is made up', 'cef.extensions.destinationTranslatedPort': 0, 'cef.extensions.deviceCustomString5Label': 'Matched Category', 'cef.extensions.loguid': '{0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001}', 'cef.extensions.ifname': 'eth0', 'cef.extensions.nat_rulenum': '4', 'cef.extensions.transportProtocol': '6', 'cef.extensions.service_id': 'https', 'cef.extensions.layer_name': 'Network', 'cef.extensions.deviceCustomString2Label': 'Rule Name', 'cef.extensions.product': 'VPN-1 & FireWall-1', 'cef.extensions.sourceAddress': '192.168.101.100', 'cef.extensions.sequencenum': '1', 'cef.extensions.deviceAction': 'Accept', 'cef.extensions.rule_action': 'Accept', 'cef.extensions.inzone': 'Internal', 'cef.extensions.sourceTranslatedPort': 35398, 'cef.extensions.match_id': '4', 'cef.extensions.deviceCustomDate2': '2017-10-16T10:42:13.713Z', 'cef.extensions.originsicname': 'CN=R80,O=R80_M..6u6bdo', 'cef.extensions.outzone': 'External', 'cef.extensions.deviceCustomString5': 'Business / Economy', 'cef.extensions.version': '5', 'cef.extensions.sourceTranslatedAddress': '192.168.103.254', 'cef.extensions.parent_rule': '0', 'cef.extensions.destinationTranslatedAddress': '0.0.0.0', 'cef.extensions.logid': '0', 'cef.extensions.deviceDirection': 0, 'cef.name': 'https', 'cef.device.product': 'VPN-1 & FireWall-1', 'cef.device.event_class_id': 'Log', 'cef.device.vendor': 'Check Point', 'cef.device.version': 'Check Point', 'cef.version': '0', 'destination.nat.port': 0, 'destination.nat.ip': '0.0.0.0', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-IA', 'destination.geo.city_name': 'Des Moines', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Iowa', 'destination.geo.location.lon': -93.6112, 'destination.geo.location.lat': 41.6006, 'destination.as.number': 8075, 'destination.as.organization.name': 'Microsoft Corporation', 'destination.port': 443, 'destination.ip': '52.173.84.157', 'rule.category': 'Business / Economy', 'rule.uuid': '9e5e6e74-aa9a-4693-b9fe-53712dd27bea', 'source.nat.port': 35398, 'source.nat.ip': '192.168.103.254', 'source.port': 49363, 'source.ip': '192.168.101.100', 'message': 'https', 'fileset.name': 'log', 'tags': ['cef', 'forwarded'], 'network.community_id': '1:yRLApDaheTmJZHL4UUDMjcHWAik=', 'network.transport': '6', 'network.direction': 'inbound', 'input.type': 'log', 'observer.ingress.zone': 'Internal', 'observer.ingress.interface.name': 'eth0', 'observer.product': 'VPN-1 & FireWall-1', 'observer.vendor': 'Check Point', 'observer.version': 'Check Point', 'observer.egress.zone': 'External', 'related.ip': ['52.173.84.157', '0.0.0.0', '192.168.101.100', '192.168.103.254'], 'service.type': 'cef', 'event.original': 'CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|https|Unknown|act=Accept destinationTranslatedAddress=0.0.0.0 destinationTranslatedPort=0 deviceDirection=0 rt=1543270652000 sourceTranslatedAddress=192.168.103.254 sourceTranslatedPort=35398 spt=49363 dpt=443 cs2Label=Rule Name layer_name=Network layer_uuid=b406b732-2437-4848-9741-6eae1f5bf112 match_id=4 parent_rule=0 rule_action=Accept rule_uid=9e5e6e74-aa9a-4693-b9fe-53712dd27bea ifname=eth0 logid=0 loguid={0x5bfc70fc,0x1,0xfe65a8c0,0xc0000001} origin=192.168.101.254 originsicname=CN\=R80,O\=R80_M..6u6bdo sequencenum=1 version=5 dst=52.173.84.157 inzone=Internal nat_addtnl_rulenum=1 nat_rulenum=4 outzone=External product=VPN-1 & FireWall-1 proto=6 service_id=https src=192.168.101.100 cs5Label=Matched Category cs5=Business / Economy deviceCustomDate2=1508150533713 deviceCustomDate2Label=This field is made up', 'event.code': 'Log', 'event.kind': 'event', 'event.module': 'cef', 'event.action': 'Accept', 'event.category': 'network', 'event.dataset': 'cef.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_078_cef – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.753
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'cef.severity': 'low', 'cef.extensions.destinationPort': 443, 'cef.extensions.eventId': 3457, 'cef.extensions.sourcePort': 33876, 'cef.extensions.sourceAddress': '6.7.8.9', 'cef.extensions.destinationAddress': '192.168.10.1', 'cef.extensions.requestContext': 'https://www.google.com', 'cef.extensions.sourceServiceName': 'httpd', 'cef.extensions.requestUrl': 'https://www.example.com/cart', 'cef.extensions.sourceGeoLongitude': -77.511, 'cef.extensions.sourceGeoLatitude': 38.915, 'cef.extensions.transportProtocol': 'TCP', 'cef.extensions.requestMethod': 'POST', 'cef.name': 'Web request', 'cef.device.product': 'Vaporware', 'cef.device.event_class_id': '18', 'cef.device.vendor': 'Elastic', 'cef.device.version': '1.0.0-alpha', 'cef.version': '0', 'log.offset': 0, 'destination.port': 443, 'destination.ip': '192.168.10.1', 'source.geo.continent_name': 'North America', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.location.lon': -97.822, 'source.geo.location.lat': 37.751, 'source.port': 33876, 'source.service.name': 'httpd', 'source.ip': '6.7.8.9', 'fileset.name': 'log', 'message': 'Web request', 'url.original': 'https://www.example.com/cart', 'tags': ['cef', 'forwarded'], 'network.community_id': '1:e2rSLr3fJ93cIJDMtVABFxSH5zg=', 'network.transport': 'tcp', 'observer.product': 'Vaporware', 'observer.vendor': 'Elastic', 'observer.version': '1.0.0-alpha', 'input.type': 'log', 'related.ip': ['192.168.10.1', '6.7.8.9'], 'service.type': 'cef', 'http.request.referrer': 'https://www.google.com', 'http.request.method': 'POST', 'event.severity': 0, 'event.original': 'CEF:0|Elastic|Vaporware|1.0.0-alpha|18|Web request|low|eventId=3457 requestMethod=POST slat=38.915 slong=-77.511 proto=TCP sourceServiceName=httpd requestContext=https://www.google.com src=6.7.8.9 spt=33876 dst=192.168.10.1 dpt=443 request=https://www.example.com/cart', 'event.code': '18', 'event.module': 'cef', 'event.id': 3457, 'event.dataset': 'cef.log'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_083_squid – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 9.738
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'rsa.internal.messageid': 'CONNECT', 'rsa.internal.hcode': 'DIRECT', 'rsa.web.alias_host': 'login.yahoo.com', 'rsa.investigations.ec_subject': 'NetworkComm', 'rsa.investigations.ec_theme': 'ALM', 'rsa.time.event_time_str': '1157689312', 'rsa.time.duration_time': 5006, 'rsa.time.event_time': '2006-09-08T04:21:52.000Z', 'rsa.network.domain': 'login.yahoo.com', 'rsa.misc.content_type': '-', 'rsa.misc.action': ['CONNECT', 'TCP_MISS'], 'rsa.misc.result_code': '200', 'server.domain': 'login.yahoo.com', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 36752, 'destination.as.organization.name': 'Oath Holdings Inc.', 'destination.ip': ['209.73.177.115'], 'source.bytes': 19763, 'source.ip': ['10.105.21.199'], 'fileset.name': 'log', 'url.original': 'login.yahoo.com:443', 'url.domain': 'login.yahoo.com', 'tags': ['squid.log', 'forwarded'], 'observer.product': 'Proxy', 'observer.vendor': 'Squid', 'observer.type': 'Proxies', 'input.type': 'log', '@timestamp': '2006-09-08T04:21:52.000Z', 'related.hosts': ['login.yahoo.com', 'login.yahoo.com'], 'related.ip': ['209.73.177.115', '10.105.21.199'], 'related.user': ['badeyek'], 'service.type': 'squid', 'event.original': '1157689312.049 5006 10.105.21.199 TCP_MISS/200 19763 CONNECT login.yahoo.com:443 badeyek DIRECT/209.73.177.115 -', 'event.code': 'CONNECT', 'event.module': 'squid', 'event.action': 'TCP_MISS', 'event.dataset': 'squid.log', 'user.name': 'badeyek'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_089_sonicwall – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.905
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'rsa.internal.msg': 'Connection Opened', 'rsa.internal.messageid': '98', 'rsa.time.event_time': '2007-01-03T16:48:06.000Z', 'rsa.network.sinterface': 'WAN', 'log.original': 'Connection Opened', 'log.offset': 0, 'log.flags': ['dissect_parsing_error'], 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'FR', 'source.geo.country_name': 'France', 'source.geo.location.lon': 2.3387, 'source.geo.location.lat': 48.8582, 'source.as.number': 3215, 'source.as.organization.name': 'Orange', 'source.port': 36701, 'source.ip': ['2.2.2.2'], 'fileset.name': 'firewall', 'tags': ['sonicwall.firewall', 'forwarded'], 'input.type': 'log', 'observer.ingress.interface.name': 'WAN', 'observer.product': 'Firewalls', 'observer.vendor': 'Sonicwall', 'observer.type': 'Firewall', '@timestamp': '2007-01-03T16:48:06.000Z', 'related.ip': ['2.2.2.2'], 'service.type': 'sonicwall', 'event.original': 'Jan 3 13:45:36 192.168.5.1 id=firewall sn=000SERIAL time="2007-01-03 14:48:06" fw=1.1.1.1 pri=6 c=262144 m=98 msg="Connection Opened" n=23419 src=2.2.2.2:36701:WAN dst=1.1.1.1:50000:WAN proto=tcp/50000', 'event.code': '98', 'event.module': 'sonicwall', 'event.dataset': 'sonicwall.firewall'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_100_fortinet – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.907
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'warning', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.port': 443, 'destination.bytes': 1130, 'destination.ip': '8.8.8.8', 'rule.ruleset': 'elasticruleset', 'rule.id': '100602', 'rule.category': 'Internet Telephony', 'source.port': 61930, 'source.bytes': 1152, 'source.ip': '192.168.2.1', 'source.user.name': 'elasticuser', 'source.user.group.name': 'elasticgroup', 'fileset.name': 'firewall', 'message': 'URL belongs to a denied category in policy', 'url.path': '/config/', 'url.domain': 'elastic.co', 'tags': ['fortinet-firewall', 'forwarded'], 'network.protocol': 'https', 'network.bytes': 2282, 'network.iana_number': '6', 'network.direction': 'outgoing', 'input.type': 'log', 'observer.ingress.interface.name': 'port1', 'observer.product': 'Fortigate', 'observer.vendor': 'Fortinet', 'observer.name': 'testswitch1', 'observer.serial_number': 'somerouterid', 'observer.type': 'firewall', 'observer.egress.interface.name': 'wan1', '@timestamp': '2020-04-23T12:17:48.000-05:00', 'related.ip': ['192.168.2.1', '8.8.8.8'], 'related.user': ['elasticuser'], 'service.type': 'fortinet', 'fortinet.firewall.srcintfrole': 'lan', 'fortinet.firewall.authserver': 'elasticauth', 'fortinet.firewall.sessionid': '1234', 'fortinet.firewall.type': 'utm', 'fortinet.firewall.subtype': 'webfilter', 'fortinet.firewall.reqtype': 'direct', 'fortinet.firewall.cat': '76', 'fortinet.firewall.action': 'blocked', 'fortinet.firewall.method': 'domain', 'fortinet.firewall.vd': 'root', 'fortinet.firewall.dstintfrole': 'wan', 'event.code': '0316013056', 'event.timezone': '-0500', 'event.kind': 'event', 'event.module': 'fortinet', 'event.start': '2020-04-18T12:17:49.052-05:00', 'event.action': 'ftgd_blk', 'event.type': ['denied'], 'event.category': ['network'], 'event.dataset': 'fortinet.firewall', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_107_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.715
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'destination.bytes': 859, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-TE', 'source.geo.city_name': 'Teruel', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Teruel', 'source.geo.location.lon': -1.1065, 'source.geo.location.lat': 40.3456, 'source.as.number': 12430, 'source.as.organization.name': 'Vodafone Spain', 'source.port': '51600', 'source.bytes': 134, 'source.ip': '77.227.156.41', 'fileset.name': 'elb', 'tags': ['forwarded'], 'cloud.provider': 'aws', 'input.type': 'log', '@timestamp': '2019-10-17T13:22:51.758Z', 'service.type': 'aws', 'event.kind': 'event', 'event.module': 'aws', 'event.end': '2019-10-17T13:22:51.758Z', 'event.category': 'network', 'event.dataset': 'aws.elb', 'aws.elb.response_processing_time.sec': 1.5e-05, 'aws.elb.protocol': 'tcp', 'aws.elb.name': 'filebeat-aws-elb-test-elb', 'aws.elb.backend.port': '80', 'aws.elb.backend.ip': '10.0.0.47', 'aws.elb.backend_processing_time.sec': 1e-05, 'aws.elb.request_processing_time.sec': 0.000943} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_109_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.476
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'destination.bytes': 246, 'destination.domain': 'my-network-loadbalancer-c6e77e28c25b2234.elb.us-east-2.amazonaws.com', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-VA', 'source.geo.city_name': 'Ashburn', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Virginia', 'source.geo.location.lon': -77.4728, 'source.geo.location.lat': 39.0481, 'source.as.number': 16509, 'source.as.organization.name': 'Amazon.com, Inc.', 'source.port': '51341', 'source.bytes': 98, 'source.ip': '72.21.218.154', 'fileset.name': 'elb', 'tags': ['forwarded'], 'cloud.provider': 'aws', 'input.type': 'log', '@timestamp': '2018-12-20T02:59:40.000Z', 'service.type': 'aws', 'tls.cipher': 'ECDHE-RSA-AES128-SHA', 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.kind': 'event', 'event.module': 'aws', 'event.end': '2018-12-20T02:59:40.000Z', 'event.category': 'network', 'event.dataset': 'aws.elb', 'aws.elb.connection_time.ms': 5.0, 'aws.elb.protocol': 'tcp', 'aws.elb.ssl_cipher': 'ECDHE-RSA-AES128-SHA', 'aws.elb.name': 'net/my-network-loadbalancer/c6e77e28c25b2234', 'aws.elb.listener': 'g3d4b5e8bb8464cd', 'aws.elb.tls_handshake_time.ms': 2.0, 'aws.elb.backend.port': '443', 'aws.elb.backend.ip': '172.100.100.185', 'aws.elb.type': 'tls', 'aws.elb.ssl_protocol': 'tlsv12', 'aws.elb.chosen_cert.arn': 'arn:aws:acm:us-east-2:671290407336:certificate/2a108f19-aded-46b0-8493-c63eb1ef4a99'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_112_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.642
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.as.number': 35377, 'source.as.organization.name': 'Ao a.b.n.', 'source.port': '54106', 'source.ip': '78.24.182.42', 'fileset.name': 'elb', 'tags': ['forwarded'], 'cloud.provider': 'aws', 'input.type': 'log', '@timestamp': '2019-10-14T12:00:20.694Z', 'service.type': 'aws', 'http.request.referrer': 'http://18.194.223.56:80/', 'http.request.method': 'GET', 'http.request.body.bytes': 0, 'http.response.status_code': 200, 'http.response.body.bytes': 612, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'aws', 'event.end': '2019-10-14T12:00:20.694Z', 'event.category': 'web', 'event.dataset': 'aws.elb', 'event.outcome': 'success', 'aws.elb.response_processing_time.sec': 2.3e-05, 'aws.elb.protocol': 'http', 'aws.elb.name': 'filebeat-aws-elb-test', 'aws.elb.backend.port': '80', 'aws.elb.backend.ip': '10.0.1.185', 'aws.elb.backend.http.response.status_code': 200, 'aws.elb.backend_processing_time.sec': 0.000785, 'aws.elb.request_processing_time.sec': 4.3e-05, 'user_agent.original': 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_113_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.942
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'tracing.trace.id': 'Root=1-5da09932-2c342a443bfb96249aa50ed7', 'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-TE', 'source.geo.city_name': 'Teruel', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Teruel', 'source.geo.location.lon': -1.1065, 'source.geo.location.lat': 40.3456, 'source.as.number': 12430, 'source.as.organization.name': 'Vodafone Spain', 'source.port': '56398', 'source.ip': '77.227.156.41', 'fileset.name': 'elb', 'tags': ['forwarded'], 'cloud.provider': 'aws', 'input.type': 'log', '@timestamp': '2019-10-11T15:01:12.376Z', 'service.type': 'aws', 'http.request.referrer': 'http://filebeat-aws-elb-test-12030537.eu-central-1.elb.amazonaws.com:80/', 'http.request.method': 'GET', 'http.request.body.bytes': 125, 'http.response.status_code': 460, 'http.response.body.bytes': 0, 'http.version': '1.1', 'event.kind': 'event', 'event.module': 'aws', 'event.start': '2019-10-11T15:01:06.657000Z', 'event.end': '2019-10-11T15:01:12.376Z', 'event.category': 'web', 'event.dataset': 'aws.elb', 'event.outcome': 'failure', 'aws.elb.trace_id': 'Root=1-5da09932-2c342a443bfb96249aa50ed7', 'aws.elb.protocol': 'http', 'aws.elb.matched_rule_priority': '0', 'aws.elb.name': 'app/filebeat-aws-elb-test/c86a326e7dc14222', 'aws.elb.backend.port': '80', 'aws.elb.backend.ip': '10.0.0.192', 'aws.elb.target_group.arn': 'arn:aws:elasticloadbalancing:eu-central-1:627959692251:targetgroup/test-lb-instances/8f04c4fe71f5f794', 'aws.elb.type': 'http', 'aws.elb.action_executed': ['forward'], 'user_agent.original': 'curl/7.58.0'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_117_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.722
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'log.offset': 115, 'destination.geo.continent_name': 'Europe', 'destination.geo.country_iso_code': 'ES', 'destination.geo.country_name': 'Spain', 'destination.geo.location.lon': -3.684, 'destination.geo.location.lat': 40.4172, 'destination.as.number': 13041, 'destination.as.organization.name': 'Consorci de Serveis Universitaris de Catalunya', 'destination.address': '158.109.0.1', 'destination.port': 22, 'destination.ip': '158.109.0.1', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.as.number': 35377, 'source.as.organization.name': 'Ao a.b.n.', 'source.address': '78.24.182.42', 'source.port': 20641, 'source.bytes': 4249, 'source.ip': '78.24.182.42', 'source.packets': 20, 'fileset.name': 'vpcflow', 'network.community_id': '1:Ln/vlDqu658GHymxjnRAaUF8KS4=', 'network.bytes': 4249, 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.iana_number': '6', 'network.packets': 20, 'tags': ['forwarded'], 'cloud.provider': 'aws', 'cloud.account.id': '123456789010', 'input.type': 'log', '@timestamp': '2014-12-14T04:07:50.000Z', 'related.ip': ['78.24.182.42', '158.109.0.1'], 'service.type': 'aws', 'event.original': '2 123456789010 eni-1235b8ca123456789 78.24.182.42 158.109.0.1 20641 22 6 20 4249 1418530010 1418530070 ACCEPT OK', 'event.kind': 'event', 'event.module': 'aws', 'event.start': '2014-12-14T04:06:50.000Z', 'event.end': '2014-12-14T04:07:50.000Z', 'event.type': 'flow', 'event.category': 'network_traffic', 'event.dataset': 'aws.vpcflow', 'event.outcome': 'allow', 'aws.vpcflow.interface_id': 'eni-1235b8ca123456789', 'aws.vpcflow.log_status': 'OK', 'aws.vpcflow.account_id': '123456789010', 'aws.vpcflow.action': 'ACCEPT', 'aws.vpcflow.version': '2'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_118_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.516
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 183, 'destination.address': '10.0.0.62', 'destination.port': 5001, 'destination.ip': '10.0.0.62', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'IE-L', 'source.geo.city_name': 'Dublin', 'source.geo.country_iso_code': 'IE', 'source.geo.country_name': 'Ireland', 'source.geo.region_name': 'Leinster', 'source.geo.location.lon': -6.2488, 'source.geo.location.lat': 53.3338, 'source.as.number': 16509, 'source.as.organization.name': 'Amazon.com, Inc.', 'source.address': '52.213.180.42', 'source.port': 43416, 'source.bytes': 568, 'source.ip': '52.213.180.42', 'source.packets': 8, 'fileset.name': 'vpcflow', 'network.community_id': '1:HQ1oJYZ+9SJOoeju7badiLfvwls=', 'network.bytes': 568, 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.iana_number': '6', 'network.packets': 8, 'tags': ['forwarded'], 'cloud.instance.id': 'i-01234567890123456', 'cloud.provider': 'aws', 'cloud.account.id': '123456789010', 'input.type': 'log', '@timestamp': '2019-08-26T19:48:53.000Z', 'related.ip': ['52.213.180.42', '10.0.0.62'], 'service.type': 'aws', 'event.original': '3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 IPv4 52.213.180.42 10.0.0.62 43416 5001 52.213.180.42 10.0.0.62 6 568 8 1566848875 1566848933 ACCEPT 2 OK', 'event.kind': 'event', 'event.module': 'aws', 'event.start': '2019-08-26T19:47:55.000Z', 'event.end': '2019-08-26T19:48:53.000Z', 'event.type': 'flow', 'event.category': 'network_traffic', 'event.dataset': 'aws.vpcflow', 'event.outcome': 'allow', 'aws.vpcflow.vpc_id': 'vpc-abcdefab012345678', 'aws.vpcflow.pkt_srcaddr': '52.213.180.42', 'aws.vpcflow.type': 'IPv4', 'aws.vpcflow.version': '3', 'aws.vpcflow.instance_id': 'i-01234567890123456', 'aws.vpcflow.account_id': '123456789010', 'aws.vpcflow.interface_id': 'eni-1235b8ca123456789', 'aws.vpcflow.log_status': 'OK', 'aws.vpcflow.tcp_flags': '2', 'aws.vpcflow.subnet_id': 'subnet-aaaaaaaa012345678', 'aws.vpcflow.action': 'ACCEPT', 'aws.vpcflow.pkt_dstaddr': '10.0.0.62'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_122_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.459
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-VA', 'source.geo.city_name': 'Ashburn', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Virginia', 'source.geo.location.lon': -77.4728, 'source.geo.location.lat': 39.0481, 'source.as.number': 16509, 'source.as.organization.name': 'Amazon.com, Inc.', 'source.address': '72.21.198.64', 'source.ip': '72.21.198.64', 'fileset.name': 'cloudtrail', 'tags': ['forwarded'], 'cloud.region': 'us-east-2', 'cloud.account.id': '123456789012', 'input.type': 'log', '@timestamp': '2014-03-06T17:10:34.000Z', 'service.type': 'aws', 'event.original': '{"eventVersion":"1.0","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2014-03-06T15:15:06Z"}}},"eventTime":"2014-03-06T17:10:34Z","eventSource":"ec2.amazonaws.com","eventName":"CreateKeyPair","awsRegion":"us-east-2","sourceIPAddress":"72.21.198.64","userAgent":"EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx","requestParameters":{"keyName":"mykeypair"},"responseElements":{"keyName":"mykeypair","keyFingerprint":"30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21","keyMaterial":""}}', 'event.provider': 'ec2.amazonaws.com', 'event.kind': 'event', 'event.module': 'aws', 'event.action': 'CreateKeyPair', 'event.type': ['admin', 'creation'], 'event.category': ['iam'], 'event.dataset': 'aws.cloudtrail', 'event.outcome': 'success', 'aws.cloudtrail.event_version': '1.0', 'aws.cloudtrail.flattened.request_parameters.keyName': 'mykeypair', 'aws.cloudtrail.flattened.response_elements.keyMaterial': '', 'aws.cloudtrail.flattened.response_elements.keyFingerprint': '30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21', 'aws.cloudtrail.flattened.response_elements.keyName': 'mykeypair', 'aws.cloudtrail.user_identity.access_key_id': 'EXAMPLE_KEY_ID', 'aws.cloudtrail.user_identity.session_context.mfa_authenticated': 'false', 'aws.cloudtrail.user_identity.session_context.creation_date': '2014-03-06T15:15:06.000Z', 'aws.cloudtrail.user_identity.type': 'IAMUser', 'aws.cloudtrail.user_identity.arn': 'arn:aws:iam::123456789012:user/Alice', 'aws.cloudtrail.request_parameters': '{keyName=mykeypair}', 'aws.cloudtrail.response_elements': '{keyMaterial=, keyFingerprint=30:1d:46:d0:5b:ad:7e:1b:b6:70:62:8b:ff:38:b5:e9:ab:5d:b8:21, keyName=mykeypair}', 'user.name': 'Alice', 'user.id': 'EX_PRINCIPAL_ID', 'user_agent.original': 'EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx', 'user_agent.os.name': 'Linux', 'user_agent.name': 'Other', 'user_agent.device.name': 'Other'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_130_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.538
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-OR', 'source.geo.city_name': 'Boardman', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Oregon', 'source.geo.location.lon': -119.7143, 'source.geo.location.lat': 45.8491, 'source.as.number': 16509, 'source.as.organization.name': 'Amazon.com, Inc.', 'source.address': '205.251.233.182', 'source.ip': '205.251.233.182', 'fileset.name': 'cloudtrail', 'tags': ['forwarded'], 'cloud.region': 'us-east-2', 'cloud.account.id': '123456789012', 'input.type': 'log', '@timestamp': '2016-07-14T19:15:45.000Z', 'service.type': 'aws', 'event.original': '{"eventVersion":"1.04","userIdentity":{"type":"IAMUser","principalId":"EX_PRINCIPAL_ID","arn":"arn:aws:iam::123456789012:user/Alice","accountId":"123456789012","accessKeyId":"EXAMPLE_KEY_ID","userName":"Alice"},"eventTime":"2016-07-14T19:15:45Z","eventSource":"cloudtrail.amazonaws.com","eventName":"UpdateTrail","awsRegion":"us-east-2","sourceIPAddress":"205.251.233.182","userAgent":"aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22","errorCode":"TrailNotFoundException","errorMessage":"Unknown trail: myTrail2 for the user: 123456789012","requestParameters":{"name":"myTrail2"},"responseElements":null,"requestID":"5d40662a-49f7-11e6-97e4-dEXAMPLE","eventID":"b7d4398e-b2f0-4faa-9c76-e2EXAMPLE","eventType":"AwsApiCall","recipientAccountId":"123456789012"}', 'event.provider': 'cloudtrail.amazonaws.com', 'event.kind': 'event', 'event.module': 'aws', 'event.action': 'UpdateTrail', 'event.id': 'b7d4398e-b2f0-4faa-9c76-e2EXAMPLE', 'event.type': 'info', 'event.dataset': 'aws.cloudtrail', 'event.outcome': 'failure', 'aws.cloudtrail.event_version': '1.04', 'aws.cloudtrail.error_message': 'Unknown trail: myTrail2 for the user: 123456789012', 'aws.cloudtrail.flattened.request_parameters.name': 'myTrail2', 'aws.cloudtrail.event_type': 'AwsApiCall', 'aws.cloudtrail.user_identity.access_key_id': 'EXAMPLE_KEY_ID', 'aws.cloudtrail.user_identity.type': 'IAMUser', 'aws.cloudtrail.user_identity.arn': 'arn:aws:iam::123456789012:user/Alice', 'aws.cloudtrail.error_code': 'TrailNotFoundException', 'aws.cloudtrail.recipient_account_id': '123456789012', 'aws.cloudtrail.request_parameters': '{name=myTrail2}', 'user.name': 'Alice', 'user.id': 'EX_PRINCIPAL_ID', 'user_agent.original': 'aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22', 'user_agent.os.name': 'Windows', 'user_agent.name': 'aws-cli', 'user_agent.device.name': 'Spider', 'user_agent.version': '1.10.32'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_149_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.419
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Asia', 'source.geo.region_iso_code': 'CN-CQ', 'source.geo.country_iso_code': 'CN', 'source.geo.country_name': 'China', 'source.geo.region_name': 'Chongqing', 'source.geo.location.lon': 106.5531, 'source.geo.location.lat': 29.5569, 'source.as.number': 4837, 'source.as.organization.name': 'CHINA UNICOM China169 Backbone', 'source.address': '123.145.67.89', 'source.ip': '123.145.67.89', 'fileset.name': 'cloudtrail', 'tags': ['forwarded'], 'cloud.region': 'us-east-2', 'cloud.account.id': '111111111111', 'input.type': 'log', '@timestamp': '2019-10-02T22:12:29.000Z', 'service.type': 'aws', 'event.original': '{"eventVersion":"1.05","userIdentity":{"type":"AssumedRole","principalId":"AROAIN5ATK5U7KEXAMPLE:JohnRole1","arn":"arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1","accountId":"111111111111","accessKeyId":"AKIAI44QH8DHBEXAMPLE","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-10-02T21:50:54Z"},"sessionIssuer":{"type":"Role","principalId":"AROAIN5ATK5U7KEXAMPLE","arn":"arn:aws:iam::111111111111:role/JohnRole1","accountId":"111111111111","userName":"JohnDoe"}}},"eventTime":"2019-10-02T22:12:29Z","eventSource":"sts.amazonaws.com","eventName":"AssumeRole","awsRegion":"us-east-2","sourceIPAddress":"123.145.67.89","userAgent":"aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239","requestParameters":{"incomingTransitiveTags":{"Department":"Engineering"},"tags":[{"value":"johndoe@example.com","key":"Email"},{"value":"12345","key":"CostCenter"}],"roleArn":"arn:aws:iam::111111111111:role/JohnRole2","roleSessionName":"Role2WithTags","transitiveTagKeys":["Email","CostCenter"],"durationSeconds":3600},"responseElements":{"credentials":{"accessKeyId":"ASIAWHOJDLGPOEXAMPLE","expiration":"Oct 2, 2019 11:12:29 PM","sessionToken":"AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN"},"assumedRoleUser":{"assumedRoleId":"AROAIFR7WHDTSOYQYHFUE:Role2WithTags","arn":"arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags"}},"requestID":"b96b0e4e-e561-11e9-8b3f-7b396EXAMPLE","eventID":"1917948f-3042-46ec-98e2-62865EXAMPLE","resources":[{"ARN":"arn:aws:iam::111122223333:role/JohnRole2","accountId":"111111111111","type":"AWS::IAM::Role"}],"eventType":"AwsApiCall","recipientAccountId":"111111111111"}', 'event.provider': 'sts.amazonaws.com', 'event.kind': 'event', 'event.module': 'aws', 'event.action': 'AssumeRole', 'event.id': '1917948f-3042-46ec-98e2-62865EXAMPLE', 'event.type': ['info'], 'event.category': ['authentication'], 'event.dataset': 'aws.cloudtrail', 'event.outcome': 'success', 'aws.cloudtrail.event_version': '1.05', 'aws.cloudtrail.flattened.request_parameters.incomingTransitiveTags.Department': 'Engineering', 'aws.cloudtrail.flattened.request_parameters.transitiveTagKeys': ['Email', 'CostCenter'], 'aws.cloudtrail.flattened.request_parameters.durationSeconds': 3600, 'aws.cloudtrail.flattened.request_parameters.roleArn': 'arn:aws:iam::111111111111:role/JohnRole2', 'aws.cloudtrail.flattened.request_parameters.roleSessionName': 'Role2WithTags', 'aws.cloudtrail.flattened.request_parameters.tags': [{'value': 'johndoe@example.com', 'key': 'Email'}, {'value': '12345', 'key': 'CostCenter'}], 'aws.cloudtrail.flattened.response_elements.assumedRoleUser.assumedRoleId': 'AROAIFR7WHDTSOYQYHFUE:Role2WithTags', 'aws.cloudtrail.flattened.response_elements.assumedRoleUser.arn': 'arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags', 'aws.cloudtrail.flattened.response_elements.credentials.accessKeyId': 'ASIAWHOJDLGPOEXAMPLE', 'aws.cloudtrail.flattened.response_elements.credentials.sessionToken': 'AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN', 'aws.cloudtrail.flattened.response_elements.credentials.expiration': 'Oct 2, 2019 11:12:29 PM', 'aws.cloudtrail.event_type': 'AwsApiCall', 'aws.cloudtrail.user_identity.access_key_id': 'AKIAI44QH8DHBEXAMPLE', 'aws.cloudtrail.user_identity.session_context.session_issuer.account_id': '111111111111', 'aws.cloudtrail.user_identity.session_context.session_issuer.type': 'Role', 'aws.cloudtrail.user_identity.session_context.session_issuer.arn': 'arn:aws:iam::111111111111:role/JohnRole1', 'aws.cloudtrail.user_identity.session_context.session_issuer.principal_id': 'AROAIN5ATK5U7KEXAMPLE', 'aws.cloudtrail.user_identity.session_context.mfa_authenticated': 'false', 'aws.cloudtrail.user_identity.session_context.creation_date': '2019-10-02T21:50:54.000Z', 'aws.cloudtrail.user_identity.type': 'AssumedRole', 'aws.cloudtrail.user_identity.arn': 'arn:aws:sts::111111111111:assumed-role/JohnDoe/JohnRole1', 'aws.cloudtrail.recipient_account_id': '111111111111', 'aws.cloudtrail.request_parameters': '{incomingTransitiveTags={Department=Engineering}, transitiveTagKeys=[Email, CostCenter], durationSeconds=3600, roleArn=arn:aws:iam::111111111111:role/JohnRole2, roleSessionName=Role2WithTags, tags=[{value=johndoe@example.com, key=Email}, {value=12345, key=CostCenter}]}', 'aws.cloudtrail.response_elements': '{assumedRoleUser={assumedRoleId=AROAIFR7WHDTSOYQYHFUE:Role2WithTags, arn=arn:aws:sts::111111111111:assumed-role/test-role/Role2WithTags}, credentials={accessKeyId=ASIAWHOJDLGPOEXAMPLE, sessionToken=AgoJb3JpZ2luX2VjEB4aCXVzLXdlc3QtMSJHMEXAMPLETOKEN+//rJb8Lo30mFc5MlhFCEbubZvEj0wHB/mDMwIgSEe9gk/Zjr09tZV7F1HDTMhmEXAMPLETOKEN/iEJ/rkqngII9///////////ARABGgw0MjgzMDc4NjM5NjYiDLZjZFKwP4qxQG5sFCryASO4UPz5qE97wPPH1eLMvs7CgSDBSWfonmRTCfokm2FN1+hWUdQQH6adjbbrVLFL8c3jSsBhQ383AvxpwK5YRuDE1AI/+C+WKFZb701eiv9J5La2EXAMPLETOKEN/c7S5Iro1WUJ0q3Cxuo/8HUoSxVhQHM7zF7mWWLhXLEQ52ivL+F6q5dpXu4aTFedpMfnJa8JtkWwG9x1Axj0Ypy2ok8v5unpQGWych1vwdvj6ez1Dm8Xg1+qIzXILiEXAMPLETOKEN/vQGqu8H+nxp3kabcrtOvTFTvxX6vsc8OGwUfHhzAfYGEXAMPLETOKEN/L6v1yMM3B1OwFOrQBno1HEjf1oNI8RnQiMNFdUOtwYj7HUZIOCZmjfN8PPHq77N7GJl9lzvIZKQA0Owcjg+mc78zHCj8y0siY8C96paEXAMPLETOKEN/E3cpksxWdgs91HRzJWScjN2+r2LTGjYhyPqcmFzzo2mCE7mBNEXAMPLETOKEN/oJy+2o83YNW5tOiDmczgDzJZ4UKR84yGYOMfSnF4XcEJrDgAJ3OJFwmTcTQICAlSwLEXAMPLETOKEN, expiration=Oct 2, 2019 11:12:29 PM}}', 'user.name': 'JohnDoe', 'user.id': 'AROAIN5ATK5U7KEXAMPLE:JohnRole1', 'user_agent.original': 'aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239', 'user_agent.os.name': 'Linux', 'user_agent.os.version': '4.9.184', 'user_agent.os.full': 'Linux 4.9.184', 'user_agent.name': 'aws-cli', 'user_agent.device.name': 'Spider', 'user_agent.version': '1.16.248'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_154_aws – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.723
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['geo.country_name']]}, full object: {'log.offset': 0, 'fileset.name': 's3access', 'tags': ['forwarded'], 'geo.continent_name': 'North America', 'geo.region_iso_code': 'US-VA', 'geo.city_name': 'Ashburn', 'geo.country_iso_code': 'US', 'geo.country_name': 'United States', 'geo.region_name': 'Virginia', 'geo.location.lon': -77.4728, 'geo.location.lat': 39.0481, 'cloud.provider': 'aws', 'input.type': 'log', '@timestamp': '2019-08-01T00:24:41.000Z', 'related.ip': ['72.21.217.31'], 'related.user': ['36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2'], 'service.type': 'aws', 'client.address': '72.21.217.31', 'client.ip': '72.21.217.31', 'client.user.id': 'arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9', 'http.response.status_code': 200, 'tls.cipher': 'ECDHE-RSA-AES128-SHA', 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'event.duration': '17', 'event.kind': 'event', 'event.module': 'aws', 'event.action': 'REST.GET.LOCATION', 'event.id': '44EE8651683CB4DA', 'event.dataset': 'aws.s3access', 'event.outcome': 'success', 'aws.s3access.requester': 'arn:aws:sts::123456:assumed-role/AWSServiceRoleForTrustedAdvisor/TrustedAdvisor_627959692251_784ab70b-8cc9-4d37-a2ec-2ff4d0c08af9', 'aws.s3access.tls_version': 'TLSv1.2', 'aws.s3access.signature_version': 'SigV4', 'aws.s3access.bytes_sent': 142, 'aws.s3access.authentication_type': 'AuthHeader', 'aws.s3access.request_uri': 'GET /test-s3-ks/?location&aws-account=627959692251 HTTP/1.1', 'aws.s3access.host_id': 'BsCfJedfuSnds2QFoxi+E/O7M6OEWzJnw4dUaes/2hyA363sONRJKzB7EOY+Bt9DTHYUn+HoHxI=', 'aws.s3access.host_header': 's3.ap-southeast-1.amazonaws.com', 'aws.s3access.bucket': 'test-s3-ks', 'aws.s3access.remote_ip': '72.21.217.31', 'aws.s3access.cipher_suite': 'ECDHE-RSA-AES128-SHA', 'aws.s3access.http_status': 200, 'aws.s3access.total_time': 17, 'aws.s3access.bucket_owner': '36c1f05b76016b78528454e6e0c60e2b7ff7aa20c0a5e4c748276e5b0a2debd2', 'aws.s3access.operation': 'REST.GET.LOCATION', 'aws.s3access.request_id': '44EE8651683CB4DA', 'aws.s3access.user_agent': 'AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation', 'user_agent.original': 'AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation', 'user_agent.os.name': 'Linux', 'user_agent.os.version': '4.9.137', 'user_agent.os.full': 'Linux 4.9.137', 'user_agent.name': 'aws-sdk-java', 'user_agent.device.name': 'Other', 'user_agent.version': '1.11.590'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_158_checkpoint – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 45.073
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'checkpoint.nat_addtnl_rulenum': '0', 'checkpoint.nat_rulenum': '0', 'checkpoint.rule_action': 'Accept', 'checkpoint.match_id': '1', 'checkpoint.parent_rule': '0', 'checkpoint.logid': '0', 'server.port': 443, 'server.ip': '194.29.39.10', 'log.offset': 1739, 'destination.geo.continent_name': 'Asia', 'destination.geo.region_iso_code': 'IL-TA', 'destination.geo.city_name': 'Tel Aviv', 'destination.geo.country_iso_code': 'IL', 'destination.geo.country_name': 'Israel', 'destination.geo.region_name': 'Tel Aviv', 'destination.geo.location.lon': 34.7647, 'destination.geo.location.lat': 32.0678, 'destination.as.number': 25046, 'destination.as.organization.name': 'Check Point Software Technologies LTD', 'destination.port': 443, 'destination.ip': '194.29.39.10', 'rule.uuid': '1fde807b-6300-4b1a-914f-f1c1f3e2e7d2', 'source.nat.port': 26680, 'source.port': 61794, 'source.ip': '192.168.1.100', 'fileset.name': 'firewall', 'tags': ['checkpoint-firewall', 'forwarded'], 'network.application': 'https', 'network.name': 'Network', 'network.iana_number': '6', 'network.direction': 'outbound', 'input.type': 'log', 'observer.ingress.zone': 'Local', 'observer.product': 'VPN-1 & FireWall-1', 'observer.vendor': 'Checkpoint', 'observer.name': '192.168.1.100', 'observer.type': 'firewall', 'observer.egress.zone': 'Internal', 'observer.egress.interface.name': 'eth0', '@timestamp': '2020-03-29T13:19:22.000Z', 'related.ip': ['192.168.1.100', '194.29.39.10'], 'service.type': 'checkpoint', 'client.nat.port': 26680, 'client.port': 61794, 'client.ip': '192.168.1.100', 'event.sequence': 2, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'checkpoint', 'event.action': 'Accept', 'event.id': '{0x5e80a05a,0x0,0xbba3afa,0xd2c10858}', 'event.category': ['network'], 'event.type': ['allowed', 'connection'], 'event.dataset': 'checkpoint.firewall', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_170_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.902
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'user_accounts', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"user_accounts","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"2sv_change","name":"2sv_disable"}}', 'event.provider': 'user_accounts', 'event.module': 'gsuite', 'event.action': '2sv_disable', 'event.id': '1', 'event.type': ['change', 'user'], 'event.category': ['iam'], 'event.dataset': 'gsuite.user_accounts', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.event.type': '2sv_change'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_171_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.05
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'groups', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"groups","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"acl_change","name":"change_acl_permission","parameters":[{"name":"acl_permission","value":"can_add_members"},{"name":"group_email","value":"group@example.com"},{"name":"new_value_repeated","multiValue":["managers","members"]},{"name":"old_value_repeated","multiValue":["managers"]}]}}', 'event.provider': 'groups', 'event.module': 'gsuite', 'event.action': 'change_acl_permission', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['group', 'change'], 'event.dataset': 'gsuite.groups', 'group.domain': 'example.com', 'group.name': 'group', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.groups.old_value': ['managers'], 'gsuite.groups.email': 'group@example.com', 'gsuite.groups.acl_permission': 'can_add_members', 'gsuite.groups.new_value': ['managers', 'members'], 'gsuite.event.type': 'acl_change'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_172_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.801
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'saml', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_failure","parameters":[{"name":"application_name","value":"app"},{"name":"failure_type","value":"failure_app_not_configured_for_user"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_second_level_status_code","value":"400"},{"name":"saml_status_code","value":"400"}]}}', 'event.provider': 'saml', 'event.module': 'gsuite', 'event.action': 'login_failure', 'event.id': '1', 'event.type': ['start'], 'event.category': ['authentication'], 'event.dataset': 'gsuite.saml', 'event.outcome': 'failure', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.saml.initiated_by': 'idp', 'gsuite.saml.application_name': 'app', 'gsuite.saml.status_code': 400, 'gsuite.saml.second_level_status_code': 400, 'gsuite.saml.failure_type': 'failure_app_not_configured_for_user', 'gsuite.saml.orgunit_path': 'ounit', 'gsuite.event.type': 'login'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_173_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.607
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'drive', 'tags': ['forwarded'], 'input.type': 'log', 'file.owner': 'owner', 'file.name': 'document title', 'file.type': 'file', 'related.ip': ['98.235.162.24'], 'related.user': ['foo', 'owner'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"drive","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"access","name":"add_to_folder","parameters":[{"name":"billable","boolValue":false},{"name":"destination_folder_id","value":"1234"},{"name":"destination_folder_title","value":"folder title"},{"name":"doc_id","value":"1234"},{"name":"doc_title","value":"document title"},{"name":"doc_type","value":"document"},{"name":"originating_app_id","value":"1234"},{"name":"owner","value":"owner@example.com"},{"name":"owner_is_shared_drive","boolValue":false},{"name":"primary_event","boolValue":true},{"name":"visibility","value":"people_with_link"}]}}', 'event.provider': 'drive', 'event.module': 'gsuite', 'event.action': 'add_to_folder', 'event.id': '1', 'event.category': ['file'], 'event.type': ['change'], 'event.dataset': 'gsuite.drive', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.event.type': 'access', 'gsuite.drive.file.owner.is_shared_drive': False, 'gsuite.drive.file.owner.email': 'owner@example.com', 'gsuite.drive.file.id': '1234', 'gsuite.drive.file.type': 'document', 'gsuite.drive.originating_app_id': '1234', 'gsuite.drive.primary_event': True, 'gsuite.drive.visibility': 'people_with_link', 'gsuite.drive.destination_folder_title': 'folder title', 'gsuite.drive.billable': False, 'gsuite.drive.destination_folder_id': '1234'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_174_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.071
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'login', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"login","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"account_warning","name":"account_disabled_password_leak","parameters":[{"name":"affected_email_address","value":"foo@elastic.co"}]}}', 'event.provider': 'login', 'event.module': 'gsuite', 'event.action': 'account_disabled_password_leak', 'event.id': '1', 'event.category': ['authentication'], 'event.type': ['user', 'change'], 'event.dataset': 'gsuite.login', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.event.type': 'account_warning', 'gsuite.login.affected_email_address': 'foo@elastic.co'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_175_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 8.166
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo', 'user'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"USER_SETTINGS","name":"DELETE_2SV_SCRATCH_CODES","parameters":[{"name":"USER_EMAIL","value":"user@example.com"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'DELETE_2SV_SCRATCH_CODES', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['user', 'deletion'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.user.email': 'user@example.com', 'gsuite.event.type': 'USER_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_176_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.292
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"GROUP_SETTINGS","name":"CREATE_GROUP","parameters":[{"name":"GROUP_EMAIL","value":"group@example.com"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CREATE_GROUP', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['group', 'creation'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.group.email': 'group@example.com', 'gsuite.event.type': 'GROUP_SETTINGS', 'group.domain': 'example.com', 'group.name': 'group'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_177_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.375
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"CONTACTS_SETTINGS","name":"CHANGE_CONTACTS_SETTING","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_NAME","value":"setting"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CHANGE_CONTACTS_SETTING', 'event.id': '1', 'event.type': ['change'], 'event.category': ['iam'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.domain.name': 'example.com', 'gsuite.admin.old_value': 'old', 'gsuite.admin.new_value': 'new', 'gsuite.admin.setting.name': 'setting', 'gsuite.event.type': 'CONTACTS_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_178_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.398
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"ORG_SETTINGS","name":"CHROME_LICENSES_ENABLED","parameters":[{"name":"APPLICATION_NAME","value":"app"},{"name":"CHROME_LICENSES_ENABLED","value":"DISABLED"},{"name":"ORG_UNIT_NAME","value":"org"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CHROME_LICENSES_ENABLED', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.application.name': 'app', 'gsuite.admin.chrome_licenses.enabled': 'DISABLED', 'gsuite.event.type': 'ORG_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_179_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.829
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"LICENSES_SETTINGS","name":"ORG_USERS_LICENSE_ASSIGNMENT","parameters":[{"name":"NEW_VALUE","value":"new"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"PRODUCT_NAME","value":"product"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'ORG_USERS_LICENSE_ASSIGNMENT', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.product.name': 'product', 'gsuite.admin.new_value': 'new', 'gsuite.event.type': 'LICENSES_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_180_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.896
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"SECURITY_SETTINGS","name":"ALLOW_STRONG_AUTHENTICATION","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'ALLOW_STRONG_AUTHENTICATION', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.domain.name': 'example.com', 'gsuite.admin.old_value': 'old', 'gsuite.admin.new_value': 'new', 'gsuite.event.type': 'SECURITY_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_181_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.3
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo', 'user'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"MOBILE_SETTINGS","name":"ACTION_CANCELLED","parameters":[{"name":"ACTION_ID","value":"id"},{"name":"ACTION_TYPE","value":"ACCOUNT_WIPE"},{"name":"DEVICE_ID","value":"id"},{"name":"DEVICE_TYPE","value":"type"},{"name":"USER_EMAIL","value":"user@example.com"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'ACTION_CANCELLED', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['user', 'info'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.mobile.action.id': 'id', 'gsuite.admin.mobile.action.type': 'ACCOUNT_WIPE', 'gsuite.admin.user.email': 'user@example.com', 'gsuite.admin.device.id': 'id', 'gsuite.admin.device.type': 'type', 'gsuite.event.type': 'MOBILE_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_182_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.645
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"CHROME_OS_SETTINGS","name":"CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING","parameters":[{"name":"APP_ID","value":"2345"},{"name":"CHROME_OS_SESSION_TYPE","value":"type"},{"name":"GROUP_EMAIL","value":"group@example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_NAME","value":"setting"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CHANGE_CHROME_OS_ANDROID_APPLICATION_SETTING', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.application.id': '2345', 'gsuite.admin.chrome_os.session_type': 'type', 'gsuite.admin.old_value': 'old', 'gsuite.admin.new_value': 'new', 'gsuite.admin.group.email': 'group@example.com', 'gsuite.admin.setting.name': 'setting', 'gsuite.event.type': 'CHROME_OS_SETTINGS', 'group.domain': 'example.com', 'group.name': 'group'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_183_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.481
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo', 'user'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"DOCS_SETTINGS","name":"TRANSFER_DOCUMENT_OWNERSHIP","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"USER_EMAIL","value":"user@example.com"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'TRANSFER_DOCUMENT_OWNERSHIP', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.domain.name': 'example.com', 'gsuite.admin.user.email': 'user@example.com', 'gsuite.admin.new_value': 'new', 'gsuite.event.type': 'DOCS_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_184_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.88
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo', 'user'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"DELEGATED_ADMIN_SETTINGS","name":"ASSIGN_ROLE","parameters":[{"name":"ORG_UNIT_NAME","value":"org"},{"name":"ROLE_NAME","value":"_DIRECTORY_SYNC_ADMIN_ROLE"},{"name":"USER_EMAIL","value":"user@example.com"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'ASSIGN_ROLE', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.role.name': '_DIRECTORY_SYNC_ADMIN_ROLE', 'gsuite.admin.user.email': 'user@example.com', 'gsuite.event.type': 'DELEGATED_ADMIN_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_185_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.058
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"CALENDAR_SETTINGS","name":"CREATE_BUILDING","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"new"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CREATE_BUILDING', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['creation'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.domain.name': 'example.com', 'gsuite.admin.new_value': 'new', 'gsuite.event.type': 'CALENDAR_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_186_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.864
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"EMAIL_SETTINGS","name":"DROP_FROM_QUARANTINE","parameters":[{"name":"EMAIL_LOG_SEARCH_MSG_ID","value":"id"},{"name":"QUARANTINE_NAME","value":"quarantine"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'DROP_FROM_QUARANTINE', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.email.log_search_filter.message_id': 'id', 'gsuite.admin.email.quarantine_name': 'quarantine', 'gsuite.event.type': 'EMAIL_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_187_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.017
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"APPLICATION_SETTINGS","name":"CHANGE_APPLICATION_SETTING","parameters":[{"name":"APPLICATION_EDITION","value":"basic"},{"name":"APPLICATION_NAME","value":"drive"},{"name":"GROUP_EMAIL","value":"group@example.com"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_NAME","value":"setting"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CHANGE_APPLICATION_SETTING', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.application.name': 'drive', 'gsuite.admin.application.edition': 'basic', 'gsuite.admin.old_value': 'old', 'gsuite.admin.new_value': 'new', 'gsuite.admin.setting.name': 'setting', 'gsuite.admin.group.email': 'group@example.com', 'gsuite.event.type': 'APPLICATION_SETTINGS', 'group.domain': 'example.com', 'group.name': 'group'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_188_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 8.635
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"DOMAIN_SETTINGS","name":"CHANGE_ACCOUNT_AUTO_RENEWAL","parameters":[{"name":"DOMAIN_NAME","value":"example.com"},{"name":"NEW_VALUE","value":"NON_AUTO_RENEWAL"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'CHANGE_ACCOUNT_AUTO_RENEWAL', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['change'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.domain.name': 'example.com', 'gsuite.admin.new_value': 'NON_AUTO_RENEWAL', 'gsuite.event.type': 'DOMAIN_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_189_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.603
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"CHAT_SETTINGS","name":"MEET_INTEROP_CREATE_GATEWAY","parameters":[{"name":"GATEWAY_NAME","value":"gateway"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'MEET_INTEROP_CREATE_GATEWAY', 'event.id': '1', 'event.type': ['creation'], 'event.category': ['iam'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.gateway.name': 'gateway', 'gsuite.event.type': 'CHAT_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_190_gsuite – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.653
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-PA', 'source.geo.city_name': 'State College', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Pennsylvania', 'source.geo.location.lon': -77.8618, 'source.geo.location.lat': 40.7957, 'source.as.number': 7922, 'source.as.organization.name': 'Comcast Cable Communications, LLC', 'source.ip': '98.235.162.24', 'source.user.domain': 'bar.com', 'source.user.name': 'foo', 'source.user.id': '1', 'source.user.email': 'foo@bar.com', 'fileset.name': 'admin', 'url.path': '/path/in/url', 'url.full': 'http://example.com/path/in/url', 'tags': ['forwarded'], 'input.type': 'log', 'related.ip': ['98.235.162.24'], 'related.user': ['foo'], 'service.type': 'gsuite', 'organization.id': '1', 'event.original': '{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"admin","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"SITES_SETTINGS","name":"ADD_WEB_ADDRESS","parameters":[{"name":"SITE_LOCATION","value":"/path/in/url"},{"name":"WEB_ADDRESS","value":"http://example.com/path/in/url"},{"name":"NEW_VALUE","value":"new"},{"name":"OLD_VALUE","value":"old"},{"name":"ORG_UNIT_NAME","value":"org"},{"name":"SETTING_NAME","value":"setting"}]}}', 'event.provider': 'admin', 'event.module': 'gsuite', 'event.action': 'ADD_WEB_ADDRESS', 'event.id': '1', 'event.category': ['iam'], 'event.type': ['creation'], 'event.dataset': 'gsuite.admin', 'gsuite.actor.type': 'USER', 'gsuite.kind': 'admin#reports#activity', 'gsuite.organization.domain': 'elastic.com', 'gsuite.admin.org_unit.name': 'org', 'gsuite.admin.old_value': 'old', 'gsuite.admin.new_value': 'new', 'gsuite.admin.setting.name': 'setting', 'gsuite.event.type': 'SITES_SETTINGS'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_192_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.268
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.SourceFileName': 'Screenshot 2020-01-27 at 11.30.48.png', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.ItemType': 'File', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/', 'o365.audit.Operation': 'FileDeleted', 'o365.audit.SourceFileExtension': 'png', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Documents', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 6, 'o365.audit.ListId': '2b6ad2bd-0fd7-4556-9c89-a97847085b85', 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.CreationTime': '2020-02-07T16:44:07', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CorrelationId': '652b339f-908c-a000-f25f-91423da7dd9b', 'o365.audit.Id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '4803608a-df7d-4f63-aa73-67aa33bb576e', 'file.extension': 'png', 'file.name': 'Screenshot 2020-01-27 at 11.30.48.png', 'file.directory': 'Documents', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePointFileOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'FileDeleted', 'event.id': 'ec04aa09-0a43-4879-cdc8-08d7abecf327', 'event.category': 'file', 'event.type': 'deletion', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.', 'fileset.name': 'audit', 'url.original': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/Documents/Screenshot 2020-01-27 at 11.30.48.png', 'tags': ['forwarded'], 'input.type': 'log', '@timestamp': '2020-02-07T16:44:07.000Z', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_194_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 9.32
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '83.57.233.151', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.AzureActiveDirectoryEventType': 1, 'o365.audit.UserKey': '1003200096971F55@testsiem.onmicrosoft.com', 'o365.audit.ActorIpAddress': '83.57.233.151', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'UserLoggedIn', 'o365.audit.ExtendedProperties.ResultStatusDetail': 'Success', 'o365.audit.ExtendedProperties.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.ExtendedProperties.KeepMeSignedIn': 'False', 'o365.audit.ExtendedProperties.UserAuthenticationMethod': '9', 'o365.audit.ExtendedProperties.RequestType': 'OAuth2:Authorize', 'o365.audit.IntraSystemId': 'c4206c29-46c2-4a6f-a46b-735107705400', 'o365.audit.Target': [{'Type': 0, 'ID': '00000002-0000-0000-c000-000000000000'}], 'o365.audit.RecordType': 15, 'o365.audit.Version': 1, 'o365.audit.SupportTicketId': '', 'o365.audit.Actor': [{'Type': 0, 'ID': '755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 5, 'ID': 'asr@testsiem.onmicrosoft.com'}, {'Type': 3, 'ID': '1003200096971F55'}], 'o365.audit.ActorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ResultStatus': 'Succeeded', 'o365.audit.ObjectId': '00000002-0000-0000-c000-000000000000', 'o365.audit.ClientIP': '83.57.233.151', 'o365.audit.Workload': 'AzureActiveDirectory', 'o365.audit.TargetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.CreationTime': '2020-02-10T15:13:13', 'o365.audit.InterSystemsId': '03616b3a-fc75-46a1-b34a-2d82fc8f1e7e', 'o365.audit.Id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'o365.audit.ApplicationId': '4345a7b9-9a63-4910-a426-35363201d503', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-10T15:13:13.000Z', 'related.ip': '83.57.233.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '83.57.233.151', 'client.ip': '83.57.233.151', 'event.code': 'AzureActiveDirectoryStsLogon', 'event.provider': 'AzureActiveDirectory', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'UserLoggedIn', 'event.id': 'ca0efc24-1b89-4962-8fef-a3ac5437302f', 'event.category': 'authentication', 'event.type': ['start', 'authentication_success'], 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_195_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.619
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '213.97.47.133', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com/_layouts/15/onedrive.aspx', 'o365.audit.ItemType': 'Page', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.Operation': 'PageViewed', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ClientIP': '213.97.47.133', 'o365.audit.Workload': 'OneDrive', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.RecordType': 4, 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.CreationTime': '2020-02-07T16:43:53', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'o365.audit.CustomUniqueId': True, 'o365.audit.Id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'o365.audit.CorrelationId': '622b339f-4000-a000-f25f-92b3478c7a25', 'o365.audit.UserType': 0, 'o365.audit.ListItemUniqueId': '59a8433d-9bb8-cfef-6edc-4c0fc8b86875', 'input.type': 'log', '@timestamp': '2020-02-07T16:43:53.000Z', 'related.ip': '213.97.47.133', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '213.97.47.133', 'client.ip': '213.97.47.133', 'event.code': 'SharePoint', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'PageViewed', 'event.id': '99d005e6-a4c6-46fd-117c-08d7abeceab5', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '72.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_197_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.481
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.port': '12345', 'source.ip': '79.159.10.151', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.GroupName': 'Sales', 'o365.audit.ResultStatus': 'TRUE', 'o365.audit.ObjectId': 'Sales', 'o365.audit.YammerNetworkId': 5846122497, 'o365.audit.UserKey': '100320009d6edf94', 'o365.audit.ActorUserId': 'alice@testsiem2.onmicrosoft.com', 'o365.audit.ActorYammerUserId': 36787265537, 'o365.audit.OrganizationId': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'o365.audit.Operation': 'GroupCreation', 'o365.audit.ClientIP': '79.159.10.151:12345', 'o365.audit.Workload': 'Yammer', 'o365.audit.RecordType': 22, 'o365.audit.Version': 1, 'o365.audit.UserId': 'alice@testsiem2.onmicrosoft.com', 'o365.audit.CreationTime': '2020-02-28T09:42:45', 'o365.audit.Id': '2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-28T09:42:45.000Z', 'related.ip': '79.159.10.151', 'service.type': 'o365', 'organization.id': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'host.id': '0e1dddce-163e-4b0b-9e33-87ba56ac4655', 'client.address': '79.159.10.151:12345', 'client.port': '12345', 'client.ip': '79.159.10.151', 'event.code': 'Yammer', 'event.provider': 'Yammer', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'GroupCreation', 'event.id': '2af7bbf1-d5d8-5cb0-8aca-f4ad8a087594', 'event.type': ['group', 'creation'], 'event.category': 'iam', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.id': '36787265537', 'user.email': 'alice@testsiem2.onmicrosoft.com', 'group.name': 'Sales'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_201_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 18.704
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '83.57.233.151', 'fileset.name': 'audit', 'network.type': 'ipv4', 'tags': ['forwarded'], 'o365.audit.AzureActiveDirectoryEventType': 1, 'o365.audit.ObjectId': 'Not Available', 'o365.audit.ResultStatus': 'Success', 'o365.audit.UserKey': '1003200096971F55@testsiem.onmicrosoft.com', 'o365.audit.ActorIpAddress': '83.57.233.151', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'Update application.', 'o365.audit.ClientIP': '83.57.233.151', 'o365.audit.ExtendedProperties.teamName': 'MSODS.', 'o365.audit.ExtendedProperties.actorObjectClass': 'User', 'o365.audit.ExtendedProperties.env_cloud_deploymentUnit': 'R5', 'o365.audit.ExtendedProperties.targetName': 'siem', 'o365.audit.ExtendedProperties.env_appId': 'restdirectoryservice', 'o365.audit.ExtendedProperties.env_osVer': '', 'o365.audit.ExtendedProperties.env_iKey': 'ikey', 'o365.audit.ExtendedProperties.actorObjectId': '755e500a-6c03-46b0-b53b-282f23374e3b', 'o365.audit.ExtendedProperties.env_time': '2020-02-09T15:33:26.1037807Z', 'o365.audit.ExtendedProperties.env_cloud_role': 'restdirectoryservice', 'o365.audit.ExtendedProperties.env_name': '#Ifx.AuditSchema#IfxMsods.AuditCommonEvent', 'o365.audit.ExtendedProperties.env_appVer': '1.0.11737.0', 'o365.audit.ExtendedProperties.targetObjectId': '08d8bb01-c269-4a92-9929-a1a89b729512', 'o365.audit.ExtendedProperties.env_cloud_ver': '1.0', 'o365.audit.ExtendedProperties.env_cloud_roleInstance': 'AM5RRDSR556', 'o365.audit.ExtendedProperties.correlationId': '528b5206-f6de-4c1f-86db-5f750a9960c9', 'o365.audit.ExtendedProperties.env_cv': '##ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1_00000000-0000-0000-0000-000000000000_ba86b8f0-5f6f-4a47-b90a-c1fca908a5d1', 'o365.audit.ExtendedProperties.resultType': 'Success', 'o365.audit.ExtendedProperties.auditEventCategory': 'ApplicationManagement', 'o365.audit.ExtendedProperties.actorUPN': 'asr@testsiem.onmicrosoft.com', 'o365.audit.ExtendedProperties.env_popSample': '0', 'o365.audit.ExtendedProperties.env_seqNum': '38438635', 'o365.audit.ExtendedProperties.targetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ExtendedProperties.env_cloud_name': 'MSO-AM5R', 'o365.audit.ExtendedProperties.env_ver': '2.1', 'o365.audit.ExtendedProperties.env_cloud_roleVer': '1.0.11737.0', 'o365.audit.ExtendedProperties.env_os': '', 'o365.audit.ExtendedProperties.targetIncludedUpdatedProperties': '["RequiredResourceAccess"]', 'o365.audit.ExtendedProperties.additionalDetails': '{"User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0"}', 'o365.audit.ExtendedProperties.version': '2', 'o365.audit.ExtendedProperties.extendedAuditEventCategory': 'Application', 'o365.audit.ExtendedProperties.actorAppID': '18ed3507-a475-4ccb-b669-d66bc9f2a36e', 'o365.audit.ExtendedProperties.actorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.ExtendedProperties.env_cloud_environment': 'PROD', 'o365.audit.ExtendedProperties.env_epoch': '31CXC', 'o365.audit.ExtendedProperties.env_flags': '257', 'o365.audit.ExtendedProperties.actorPUID': '1003200096971F55', 'o365.audit.ExtendedProperties.nCloud': '', 'o365.audit.Workload': 'AzureActiveDirectory', 'o365.audit.Target': [{'Type': 2, 'ID': 'Application_08d8bb01-c269-4a92-9929-a1a89b729512'}, {'Type': 2, 'ID': '08d8bb01-c269-4a92-9929-a1a89b729512'}, {'Type': 2, 'ID': 'Application'}, {'Type': 1, 'ID': 'siem'}], 'o365.audit.RecordType': 8, 'o365.audit.ModifiedProperties.Included_Updated_Properties.OldValue': '', 'o365.audit.ModifiedProperties.Included_Updated_Properties.NewValue': 'RequiredResourceAccess', 'o365.audit.Version': 1, 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.SupportTicketId': '', 'o365.audit.TargetContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Actor': [{'Type': 5, 'ID': 'asr@testsiem.onmicrosoft.com'}, {'Type': 3, 'ID': '1003200096971F55'}, {'Type': 2, 'ID': '18ed3507-a475-4ccb-b669-d66bc9f2a36e'}, {'Type': 2, 'ID': 'User_755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 2, 'ID': '755e500a-6c03-46b0-b53b-282f23374e3b'}, {'Type': 2, 'ID': 'User'}], 'o365.audit.CreationTime': '2020-02-09T15:33:26', 'o365.audit.Id': '8f6eb24b-6e61-4ee2-a376-31368c300613', 'o365.audit.UserType': 0, 'o365.audit.ActorContextId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'input.type': 'log', '@timestamp': '2020-02-09T15:33:26.000Z', 'related.ip': '83.57.233.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '83.57.233.151', 'client.ip': '83.57.233.151', 'event.code': 'AzureActiveDirectory', 'event.provider': 'AzureActiveDirectory', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'Update application.', 'event.id': '8f6eb24b-6e61-4ee2-a376-31368c300613', 'event.type': 'info', 'event.category': 'web', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_203_o365 – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.029
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 3965, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'ES-B', 'source.geo.city_name': 'Barcelona', 'source.geo.country_iso_code': 'ES', 'source.geo.country_name': 'Spain', 'source.geo.region_name': 'Barcelona', 'source.geo.location.lon': 2.1611, 'source.geo.location.lat': 41.3891, 'source.as.number': 3352, 'source.as.organization.name': 'Telefonica De Espana', 'source.ip': '79.159.10.151', 'fileset.name': 'audit', 'tags': ['forwarded'], 'network.type': 'ipv4', 'o365.audit.Site': 'd5180cfc-3479-44d6-b410-8c985ac894e3', 'o365.audit.ObjectId': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com//personal/asr_testsiem_onmicrosoft_com/Sharing Links', 'o365.audit.ItemType': 'List', 'o365.audit.UserKey': 'i:0h.f|membership|1003200096971f55@live.com', 'o365.audit.SiteUrl': 'https://testsiem-my.sharepoint.com/personal/asr_testsiem_onmicrosoft_com', 'o365.audit.OrganizationId': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'o365.audit.Operation': 'SharingInheritanceBroken', 'o365.audit.ClientIP': '79.159.10.151', 'o365.audit.EventData': 'FalseFalse', 'o365.audit.Workload': 'OneDrive', 'o365.audit.SourceRelativeUrl': 'Sharing Links', 'o365.audit.EventSource': 'SharePoint', 'o365.audit.ListId': 'b108938d-3546-4359-925d-a1b54b4db8c2', 'o365.audit.RecordType': 14, 'o365.audit.Version': 1, 'o365.audit.WebId': '8c5c94bb-8396-470c-87d7-8999f440cd30', 'o365.audit.UserId': 'asr@testsiem.onmicrosoft.com', 'o365.audit.CreationTime': '2020-02-14T18:25:45', 'o365.audit.UserAgent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'o365.audit.Id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'o365.audit.CorrelationId': 'fe71359f-005f-9000-7cb1-ccf5124703db', 'o365.audit.UserType': 0, 'input.type': 'log', '@timestamp': '2020-02-14T18:25:45.000Z', 'related.ip': '79.159.10.151', 'related.user': 'asr', 'service.type': 'o365', 'organization.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'host.name': 'testsiem.onmicrosoft.com', 'host.id': 'b86ab9d4-fcf1-4b11-8a06-7a8f91b47fbd', 'client.address': '79.159.10.151', 'client.ip': '79.159.10.151', 'event.code': 'SharePointSharingOperation', 'event.provider': 'OneDrive', 'event.kind': 'event', 'event.module': 'o365', 'event.action': 'SharingInheritanceBroken', 'event.id': 'dd162cd7-5df5-4fef-078a-08d7b17b4e95', 'event.category': 'web', 'event.type': 'info', 'event.dataset': 'o365.audit', 'event.outcome': 'success', 'user.domain': 'testsiem.onmicrosoft.com', 'user.name': 'asr', 'user.id': 'asr@testsiem.onmicrosoft.com', 'user_agent.original': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '10.14', 'user_agent.os.full': 'Mac OS X 10.14', 'user_agent.name': 'Firefox', 'user_agent.device.name': 'Mac', 'user_agent.version': '73.0.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_206_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.452
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 7530, 'log.logger': 'projects/foo/logs/cloudaudit.googleapis.com%2Factivity', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'RU-MOW', 'source.geo.city_name': 'Moscow', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.region_name': 'Moscow', 'source.geo.location.lon': 37.6172, 'source.geo.location.lat': 55.7527, 'source.ip': '1.2.3.4', 'fileset.name': 'audit', 'tags': ['forwarded'], 'cloud.project.id': 'foo', 'input.type': 'log', '@timestamp': '2020-08-05T21:59:26.456Z', 'service.name': 'compute.googleapis.com', 'service.type': 'googlecloud', 'event.kind': 'event', 'event.module': 'googlecloud', 'event.action': 'v1.compute.images.insert', 'event.id': 'v2spcwdzmc2', 'event.dataset': 'googlecloud.audit', 'event.outcome': 'success', 'googlecloud.audit.request.name': 'windows-server-2016-v20200805', 'googlecloud.audit.request.proto_name': 'type.googleapis.com/compute.images.insert', 'googlecloud.audit.authentication_info.principal_email': 'user@mycompany.com', 'googlecloud.audit.method_name': 'v1.compute.images.insert', 'googlecloud.audit.request_metadata.caller_ip': '1.2.3.4', 'googlecloud.audit.request_metadata.caller_supplied_user_agent': 'google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)', 'googlecloud.audit.response.proto_name': 'type.googleapis.com/operation', 'googlecloud.audit.response.status': 'RUNNING', 'googlecloud.audit.service_name': 'compute.googleapis.com', 'googlecloud.audit.authorization_info': [{'permission': 'compute.images.create', 'resource_attributes': {'service': 'compute', 'name': 'projects/foo/global/images/windows-server-2016-v20200805', 'type': 'compute.images'}, 'granted': True}], 'googlecloud.audit.type': 'type.googleapis.com/google.cloud.audit.AuditLog', 'googlecloud.audit.resource_name': 'projects/foo/global/images/windows-server-2016-v20200805', 'googlecloud.audit.resource_location.current_locations': ['eu'], 'user.email': 'user@mycompany.com', 'user_agent.original': 'google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)', 'user_agent.os.name': 'Mac OS X', 'user_agent.os.version': '19.6.0', 'user_agent.os.full': 'Mac OS X 19.6.0', 'user_agent.name': 'Other', 'user_agent.device.name': 'Mac'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_208_googlecloud – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.239
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'log.logger': 'projects/test-beats/logs/compute.googleapis.com%2Ffirewall', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15169, 'destination.as.organization.name': 'Google LLC', 'destination.address': '8.8.8.8', 'destination.port': 53, 'destination.ip': '8.8.8.8', 'rule.name': 'network:default/firewall:adrian-test-1', 'source.address': '10.128.0.16', 'source.port': 60094, 'source.domain': 'adrian-test', 'source.ip': '10.128.0.16', 'fileset.name': 'firewall', 'tags': ['forwarded'], 'network.community_id': '1:iiDdIEXnxwSiz/hJbVnseQ4SZVE=', 'network.name': 'default', 'network.transport': 'udp', 'network.type': 'ipv4', 'network.iana_number': 17, 'network.direction': 'outbound', 'input.type': 'log', '@timestamp': '2019-11-12T12:35:17.214Z', 'related.ip': ['10.128.0.16', '8.8.8.8'], 'service.type': 'googlecloud', 'event.kind': 'event', 'event.module': 'googlecloud', 'event.action': 'firewall-rule', 'event.id': '4zuj4nfn4llkb', 'event.category': 'network', 'event.type': ['connection', 'denied'], 'event.dataset': 'googlecloud.firewall', 'googlecloud.firewall.rule_details.destination_range': ['8.8.8.0/24'], 'googlecloud.firewall.rule_details.ip_port_info': [{'ip_protocol': 'ALL'}], 'googlecloud.firewall.rule_details.action': 'DENY', 'googlecloud.firewall.rule_details.target_tag': ['adrian-test'], 'googlecloud.firewall.rule_details.priority': 1000, 'googlecloud.firewall.rule_details.direction': 'EGRESS', 'googlecloud.source.instance.project_id': 'test-beats', 'googlecloud.source.instance.zone': 'us-central1-a', 'googlecloud.source.instance.region': 'us-central1', 'googlecloud.source.vpc.vpc_name': 'default', 'googlecloud.source.vpc.project_id': 'test-beats', 'googlecloud.source.vpc.subnetwork_name': 'default'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_217_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.543
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 4, 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'GB-BKM', 'source.geo.city_name': 'Farnham Royal', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.region_name': 'Buckinghamshire', 'source.geo.location.lon': -0.6167, 'source.geo.location.lat': 51.5333, 'source.as.number': 8426, 'source.as.organization.name': 'Claranet Ltd', 'source.ip': '81.171.241.231', 'fileset.name': 'signinlogs', 'message': "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", 'tags': ['forwarded'], 'geo.city_name': 'Champs-Sur-Marne', 'geo.country_iso_code': 'FR', 'geo.country_name': 'Seine-Et-Marne', 'geo.location.lon': 2.12341234, 'geo.location.lat': 48.12341234, 'cloud.provider': 'azure', 'input.type': 'log', '@timestamp': '2019-10-18T09:45:48.072Z', 'service.type': 'azure', 'event.duration': 0, 'event.kind': 'event', 'event.module': 'azure', 'event.action': 'Sign-in activity', 'event.category': ['authentication'], 'event.type': ['info'], 'event.dataset': 'azure.signinlogs', 'event.outcome': 'failure', 'user.full_name': 'Test LTest', 'user.domain': 'elastic.co', 'user.name': 'test', 'user.id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.tenant_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.result_type': '50140', 'azure.signinlogs.result_description': "This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.", 'azure.signinlogs.operation_version': '1.0', 'azure.signinlogs.result_signature': 'None', 'azure.signinlogs.operation_name': 'Sign-in activity', 'azure.signinlogs.identity': 'Test LTest', 'azure.signinlogs.category': 'SignInLogs', 'azure.signinlogs.properties.risk_level_aggregated': 'none', 'azure.signinlogs.properties.client_app_used': 'Browser', 'azure.signinlogs.properties.is_interactive': False, 'azure.signinlogs.properties.service_principal_id': '', 'azure.signinlogs.properties.created_at': '2019-10-18T04:45:48.0729893-05:00', 'azure.signinlogs.properties.app_display_name': 'Office 365', 'azure.signinlogs.properties.risk_level_during_signin': 'none', 'azure.signinlogs.properties.ip_address': '81.171.241.231', 'azure.signinlogs.properties.device_detail.device_id': '', 'azure.signinlogs.properties.device_detail.browser': 'Chrome 77.0.3865', 'azure.signinlogs.properties.device_detail.operating_system': 'MacOs', 'azure.signinlogs.properties.risk_detail': 'none', 'azure.signinlogs.properties.token_issuer_name': '', 'azure.signinlogs.properties.risk_state': 'none', 'azure.signinlogs.properties.user_principal_name': 'test@elastic.co', 'azure.signinlogs.properties.token_issuer_type': 'AzureAD', 'azure.signinlogs.properties.processing_time_ms': 239, 'azure.signinlogs.properties.original_request_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.properties.user_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.properties.conditional_access_status': 'notApplied', 'azure.signinlogs.properties.correlation_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.properties.id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.properties.user_display_name': 'Test LTest', 'azure.signinlogs.properties.app_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.signinlogs.properties.status.error_code': 50140, 'azure.resource.provider': 'Microsoft.aadiam', 'azure.resource.id': '/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam', 'azure.correlation_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_219_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.106
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'Information', 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'GB', 'source.geo.country_name': 'United Kingdom', 'source.geo.location.lon': -0.1224, 'source.geo.location.lat': 51.4964, 'source.ip': '51.251.141.41', 'fileset.name': 'activitylogs', 'tags': ['forwarded'], 'geo.continent_name': 'Europe', 'geo.country_iso_code': 'GB', 'geo.country_name': 'United Kingdom', 'geo.location.lon': -0.1224, 'geo.location.lat': 51.4964, 'cloud.provider': 'azure', 'input.type': 'log', '@timestamp': '2019-10-24T00:13:46.355Z', 'service.type': 'azure', 'event.duration': 0, 'event.kind': 'event', 'event.module': 'azure', 'event.action': 'MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION', 'event.type': ['change'], 'event.dataset': 'azure.activitylogs', 'azure.subscription_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.resource.provider': 'MICROSOFT.EVENTHUB', 'azure.resource.namespace': 'AZURELSEVENTS', 'azure.resource.id': '/SUBSCRIPTIONS/8a4de8b5-095c-47d0-a96f-a75130c61d53/RESOURCEGROUPS/SA-HEMA/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/AZURELSEVENTS/AUTHORIZATIONRULES/ROOTMANAGESHAREDACCESSKEY', 'azure.resource.authorization_rule': 'ROOTMANAGESHAREDACCESSKEY', 'azure.resource.group': 'SA-HEMA', 'azure.correlation_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.operation_name': 'MICROSOFT.EVENTHUB/NAMESPACES/AUTHORIZATIONRULES/LISTKEYS/ACTION', 'azure.activitylogs.result_type': 'Start', 'azure.activitylogs.identity.authorization.evidence.role_definition_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.authorization.evidence.role': 'Azure EventGrid Service BuiltIn Role', 'azure.activitylogs.identity.authorization.evidence.role_assignment_scope': '/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.authorization.evidence.role_assignment_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.authorization.evidence.principal_type': 'ServicePrincipal', 'azure.activitylogs.identity.authorization.evidence.principal_id': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.authorization.scope': '/subscriptions/8a4de8b5-095c-47d0-a96f-a75130c61d53/resourceGroups/sa-hem/providers/Microsoft.EventHub/namespaces/azurelsevents/authorizationRules/RootManageSharedAccessKey', 'azure.activitylogs.identity.authorization.action': 'Microsoft.EventHub/namespaces/authorizationRules/listKeys/action', 'azure.activitylogs.identity.claims.ver': '1.0', 'azure.activitylogs.identity.claims.aio': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.claims.iss': 'https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/', 'azure.activitylogs.identity.claims.uti': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/identityprovider': 'https://sts.windows.net/8a4de8b5-095c-47d0-a96f-a75130c61d53/', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/nameidentifier': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.claims.aud': 'https://management.core.windows.net/', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/tenantid': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.claims.nbf': '1571875726', 'azure.activitylogs.identity.claims.appidacr': '2', 'azure.activitylogs.identity.claims.appid': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.identity.claims.exp': '1571904826', 'azure.activitylogs.identity.claims.iat': '1571875726', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/objectidentifier': '8a4de8b5-095c-47d0-a96f-a75130c61d53', 'azure.activitylogs.category': 'Action', 'azure.activitylogs.event_category': 'Administrative', 'azure.activitylogs.result_signature': 'Started.'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_220_azure – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.711
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['geo.country_name']]}, full object: {'log.offset': 0, 'log.level': 'Information', 'source.geo.continent_name': 'Asia', 'source.geo.country_iso_code': 'JP', 'source.geo.country_name': 'Japan', 'source.geo.location.lon': 139.69, 'source.geo.location.lat': 35.69, 'source.as.number': 2516, 'source.as.organization.name': 'KDDI CORPORATION', 'source.ip': '111.111.111.11', 'fileset.name': 'activitylogs', 'tags': ['forwarded'], 'geo.continent_name': 'Asia', 'geo.country_iso_code': 'JP', 'geo.country_name': 'Japan', 'geo.location.lon': 139.69, 'geo.location.lat': 35.69, 'cloud.provider': 'azure', 'input.type': 'log', '@timestamp': '2015-01-21T22:14:26.979Z', 'service.type': 'azure', 'event.duration': -1468967296, 'event.kind': 'event', 'event.module': 'azure', 'event.action': 'microsoft.support/supporttickets/write', 'event.type': ['change'], 'event.dataset': 'azure.activitylogs', 'event.outcome': 'success', 'user.full_name': 'John Smith', 'user.domain': 'contoso.com', 'user.name': 'admin', 'azure.resource.provider': 'microsoft.support/supporttickets/115012112305841', 'azure.resource.id': '/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841', 'azure.correlation_id': 'c776f9f4-36e5-4e0e-809b-c9b3c3fb62a8', 'azure.activitylogs.result_type': 'Success', 'azure.activitylogs.event_category': 'Administrative', 'azure.activitylogs.result_signature': 'Succeeded.Created', 'azure.activitylogs.operation_name': 'microsoft.support/supporttickets/write', 'azure.activitylogs.identity.authorization.evidence.role': 'Subscription Admin', 'azure.activitylogs.identity.authorization.scope': '/subscriptions/s1/resourceGroups/MSSupportGroup/providers/microsoft.support/supporttickets/115012112305841', 'azure.activitylogs.identity.authorization.action': 'microsoft.support/supporttickets/write', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/claims/authnmethodsreferences': 'pwd', 'azure.activitylogs.identity.claims.ver': '1.0', 'azure.activitylogs.identity.claims.iss': 'https://sts.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/', 'azure.activitylogs.identity.claims.groups': 'cacfe77c-e058-4712-83qw-f9b08849fd60,7f71d11d-4c41-4b23-99d2-d32ce7aa621c,31522864-0578-4ea0-9gdc-e66cc564d18c', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/upn': 'admin@contoso.com', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/nameidentifier': '9vckmEGF7zDKk1YzIY8k0t1_EAPaXoeHyPRn6f413zM', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/surname': 'Smith', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/scope': 'user_impersonation', 'azure.activitylogs.identity.claims.aud': 'https://management.core.windows.net/', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/tenantid': '1e8d8218-c5e7-4578-9acc-9abbd5d23315 ', 'azure.activitylogs.identity.claims.nbf': '1421876371', 'azure.activitylogs.identity.claims.puid': '20030000801A118C', 'azure.activitylogs.identity.claims.appidacr': '2', 'azure.activitylogs.identity.claims.appid': 'c44b4083-3bq0-49c1-b47d-974e53cbdf3c', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/claims/authnclassreference': '1', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/givenname': 'John', 'azure.activitylogs.identity.claims.exp': '1421880271', 'azure.activitylogs.identity.claims.http://schemas_xmlsoap_org/ws/2005/05/identity/claims/name': ' admin@contoso.com', 'azure.activitylogs.identity.claims.iat': '1421876371', 'azure.activitylogs.identity.claims.http://schemas_microsoft_com/identity/claims/objectidentifier': '2468adf0-8211-44e3-95xq-85137af64708', 'azure.activitylogs.identity.claims_initiated_by_user.schema': 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims', 'azure.activitylogs.identity.claims_initiated_by_user.surname': 'Smith', 'azure.activitylogs.identity.claims_initiated_by_user.givenname': 'John', 'azure.activitylogs.identity.claims_initiated_by_user.name': ' admin@contoso.com', 'azure.activitylogs.identity.claims_initiated_by_user.fullname': 'John Smith', 'azure.activitylogs.category': 'Write', 'azure.activitylogs.properties.status_code': 'Created', 'azure.activitylogs.properties.service_request_id': '50d5cddb-8ca0-47ad-9b80-6cde2207f97c'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_222_suricata – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.852
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-MA', 'destination.geo.city_name': 'Norwell', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Massachusetts', 'destination.geo.location.lon': -70.8217, 'destination.geo.location.lat': 42.1596, 'destination.as.number': 15133, 'destination.as.organization.name': 'MCI Communications Services, Inc. d/b/a Verizon Business', 'destination.address': '93.184.216.34', 'destination.port': 80, 'destination.bytes': 1654, 'destination.ip': '93.184.216.34', 'destination.domain': 'example.net', 'destination.packets': 3, 'rule.name': 'ET POLICY curl User-Agent Outbound', 'rule.id': '2013028', 'rule.category': 'Attempted Information Leak', 'source.address': '192.168.1.146', 'source.port': 32858, 'source.bytes': 347, 'source.ip': '192.168.1.146', 'source.packets': 4, 'network.community_id': '1:Tx1T2pcsxn4KDSlkBTi/5q9tZuo=', 'network.protocol': 'http', 'network.bytes': 2001, 'network.transport': 'tcp', 'network.packets': 7, 'related.hosts': ['example.net'], 'related.ip': ['192.168.1.146', '93.184.216.34'], 'event.severity': 2, 'event.original': '{"timestamp":"2018-10-03T14:42:44.836744+0000","flow_id":2191386088856669,"in_iface":"enp0s3","event_type":"alert","src_ip":"192.168.1.146","src_port":32858,"dest_ip":"93.184.216.34","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"example.net","url":"\/","http_user_agent":"curl\/7.58.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1121},"app_proto":"http","flow":{"pkts_toserver":4,"pkts_toclient":3,"bytes_toserver":347,"bytes_toclient":1654,"start":"2018-10-03T14:42:44.613469+0000"}}', 'event.kind': 'alert', 'event.module': 'suricata', 'event.start': '2018-10-03T14:42:44.613Z', 'event.category': ['network', 'intrusion_detection'], 'event.type': ['allowed'], 'event.dataset': 'suricata.eve', 'user_agent.original': 'curl/7.58.0', 'user_agent.name': 'curl', 'user_agent.device.name': 'Other', 'user_agent.version': '7.58.0', 'fileset.name': 'eve', 'message': 'Attempted Information Leak', 'url.path': '/', 'url.original': '/', 'url.domain': 'example.net', 'tags': ['suricata'], 'input.type': 'log', '@timestamp': '2018-10-03T14:42:44.836Z', 'service.type': 'suricata', 'http.request.method': 'GET', 'http.response.status_code': 200, 'http.response.body.bytes': 1121, 'suricata.eve.in_iface': 'enp0s3', 'suricata.eve.event_type': 'alert', 'suricata.eve.alert.signature_id': 2013028, 'suricata.eve.alert.rev': 4, 'suricata.eve.alert.gid': 1, 'suricata.eve.alert.signature': 'ET POLICY curl User-Agent Outbound', 'suricata.eve.alert.category': 'Attempted Information Leak', 'suricata.eve.flow_id': 2191386088856669, 'suricata.eve.http.protocol': 'HTTP/1.1', 'suricata.eve.http.http_content_type': 'text/html', 'suricata.eve.tx_id': 0} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_223_suricata – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.103
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 4683, 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 714, 'destination.as.organization.name': 'Apple Inc.', 'destination.address': '17.142.164.13', 'destination.port': 443, 'destination.ip': '17.142.164.13', 'destination.domain': 'p33-btmmdns.icloud.com', 'source.address': '192.168.86.85', 'source.port': 56187, 'source.ip': '192.168.86.85', 'fileset.name': 'eve', 'tags': ['suricata'], 'network.community_id': '1:u67AuA4ybOaspT7mp9OZ3jWvnKw=', 'network.protocol': 'tls', 'network.transport': 'tcp', 'input.type': 'log', '@timestamp': '2018-07-05T19:51:50.666Z', 'file.x509.not_after': '2019-03-29T17:54:31.000Z', 'file.x509.subject.country': 'US', 'file.x509.subject.state_or_province': 'California', 'file.x509.subject.organization': 'Apple Inc.', 'file.x509.subject.common_name': '.icloud.com', 'file.x509.subject.organizational_unit': 'management:idms.group.506364', 'file.x509.not_before': '2017-02-27T17:54:31.000Z', 'file.x509.serial_number': '5C9CE1097887F807', 'file.x509.issuer.country': 'US', 'file.x509.issuer.organization': 'Apple Inc.', 'file.x509.issuer.common_name': 'Apple IST CA 2 - G1', 'file.x509.issuer.organizational_unit': 'Certification Authority', 'related.ip': ['192.168.86.85', '17.142.164.13'], 'related.hash': ['6AFFACA65F8A05E7A98C7629B908C769ADDC7247'], 'service.type': 'suricata', 'tls.server.not_after': '2019-03-29T17:54:31.000Z', 'tls.server.subject': 'CN=.icloud.com, OU=management:idms.group.506364, O=Apple Inc., ST=California, C=US', 'tls.server.not_before': '2017-02-27T17:54:31.000Z', 'tls.server.issuer': 'CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US', 'tls.server.hash.sha1': '6AFFACA65F8A05E7A98C7629B908C769ADDC7247', 'tls.client.server_name': 'p33-btmmdns.icloud.com', 'tls.version': '1.2', 'tls.version_protocol': 'tls', 'suricata.eve.in_iface': 'en0', 'suricata.eve.event_type': 'tls', 'suricata.eve.flow_id': 89751777876473, 'suricata.eve.tls.notbefore': '2017-02-27T17:54:31', 'suricata.eve.tls.serial': '5C:9C:E1:09:78:87:F8:07', 'suricata.eve.tls.subject': 'CN=.icloud.com, OU=management:idms.group.506364, O=Apple Inc., ST=California, C=US', 'suricata.eve.tls.issuerdn': 'CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US', 'suricata.eve.tls.notafter': '2019-03-29T17:54:31', 'suricata.eve.tls.fingerprint': '6a:ff:ac:a6:5f:8a:05:e7:a9:8c:76:29:b9:08:c7:69:ad:dc:72:47', 'suricata.eve.tls.version': 'TLS 1.2', 'suricata.eve.tls.sni': 'p33-btmmdns.icloud.com', 'event.original': '{"timestamp":"2018-07-05T15:51:50.666597-0400","flow_id":89751777876473,"in_iface":"en0","event_type":"tls","src_ip":"192.168.86.85","src_port":56187,"dest_ip":"17.142.164.13","dest_port":443,"proto":"TCP","tls":{"subject":"CN=.icloud.com, OU=management:idms.group.506364, O=Apple Inc., ST=California, C=US","issuerdn":"CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US","serial":"5C:9C:E1:09:78:87:F8:07","fingerprint":"6a:ff:ac:a6:5f:8a:05:e7:a9:8c:76:29:b9:08:c7:69:ad:dc:72:47","sni":"p33-btmmdns.icloud.com.","version":"TLS 1.2","notbefore":"2017-02-27T17:54:31","notafter":"2019-03-29T17:54:31"}}', 'event.kind': 'event', 'event.module': 'suricata', 'event.category': ['network'], 'event.type': ['protocol'], 'event.dataset': 'suricata.eve'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_228_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.354
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 443, 'server.ip': '182.79.221.19', 'log.offset': 0, 'log.level': 'informational', 'destination.geo.continent_name': 'Asia', 'destination.geo.country_iso_code': 'IN', 'destination.geo.country_name': 'India', 'destination.geo.location.lon': 77.0, 'destination.geo.location.lat': 20.0, 'destination.as.number': 9498, 'destination.as.organization.name': 'BHARTI Airtel Ltd.', 'destination.port': 443, 'destination.ip': '182.79.221.19', 'source.port': 9444, 'source.ip': '10.198.47.71', 'source.user.name': 'jsmith', 'source.user.group.name': 'Open Group', 'fileset.name': 'xg', 'url.domain': 'r8---sn-ci5gup-qxas.googlevideo.com', 'url.full': 'https://r8---sn-ci5gup-qxas.googlevideo.com/', 'tags': ['sophos-xg', 'forwarded'], 'network.transport': 'tcp', 'input.type': 'log', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': 'C44310050024-P29PUA', 'observer.type': 'firewall', '@timestamp': '2017-01-31T14:03:33.000-02:00', 'related.ip': ['10.198.47.71', '182.79.221.19'], 'related.user': ['jsmith'], 'sophos.xg.device_name': 'CR750iNG-XP', 'sophos.xg.log_type': 'Content Filtering', 'sophos.xg.iap': '1', 'sophos.xg.fw_rule_id': '2', 'sophos.xg.log_component': 'HTTP', 'sophos.xg.log_subtype': 'Allowed', 'sophos.xg.category_type': 'Unproductive', 'sophos.xg.message_id': '16001', 'sophos.xg.priority': 'Information', 'sophos.xg.category': 'Entertainment', 'sophos.xg.device': 'SFW', 'service.type': 'sophos', 'host.name': 'firewall.localgroup.local', 'client.port': 9444, 'client.ip': '10.198.47.71', 'event.severity': '6', 'event.original': 'device="SFW" date=2017-01-31 time=14:03:33 timezone="IST" device_name="CR750iNG-XP" device_id=C44310050024-P29PUA log_id=050901616001 log_type="Content Filtering" log_component="HTTP" log_subtype="Allowed" status="" priority=Information fw_rule_id=2 user_name="jsmith" user_gp="Open Group" iap=1 category="Entertainment" category_type="Unproductive" url="https://r8---sn-ci5gup-qxas.googlevideo.com/" contenttype="" override_token="" httpresponsecode="" src_ip=10.198.47.71 dst_ip=182.79.221.19 protocol="TCP" src_port=9444 dst_port=443 sent_bytes=0 recv_bytes=319007 domain=r8---sn-ci5gup-qxas.googlevideo.com exceptions= activityname="" reason=""', 'event.code': '050901616001', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'sophos', 'event.action': 'allowed', 'event.category': ['network'], 'event.type': ['allowed', 'connection'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_229_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.989
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'server.bytes': 5669, 'server.ip': '185.8.209.207', 'log.offset': 0, 'log.level': 'informational', 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'CH-VD', 'destination.geo.city_name': 'Saint-Prex', 'destination.geo.country_iso_code': 'CH', 'destination.geo.country_name': 'Switzerland', 'destination.geo.region_name': 'Vaud', 'destination.geo.location.lon': 6.4599, 'destination.geo.location.lat': 46.4796, 'destination.as.number': 199567, 'destination.as.organization.name': 'Fr. Sauter AG', 'destination.bytes': 401, 'destination.ip': '185.8.209.207', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'PL-22', 'source.geo.city_name': 'Gdynia', 'source.geo.country_iso_code': 'PL', 'source.geo.country_name': 'Poland', 'source.geo.region_name': 'Pomerania', 'source.geo.location.lon': 18.5403, 'source.geo.location.lat': 54.5055, 'source.as.number': 6830, 'source.as.organization.name': 'Liberty Global B.V.', 'source.bytes': 1419, 'source.ip': '89.68.140.204', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123456', 'observer.type': 'firewall', 'related.ip': ['89.68.140.204', '185.8.209.207'], 'host.name': 'my_fancy_host', 'client.bytes': 1419, 'client.ip': '89.68.140.204', 'event.severity': '6', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:46 timezone="CEST" device_name="XG230" device_id=1234567890123456 log_id=075000617071 log_type="WAF" log_component="Web Application Firewall" priority=Information user_name="-" server=webmail.elasticuser.com sourceip=89.68.140.204 localip=185.8.209.207 ws_protocol="HTTP/1.1" url=/mapi/nspi/ querystring=?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com cookie="MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsxYNAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDoAitM4bv3XCA==;MapiSequence=10-GtgsIA==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7PxcrL" referer=- method=POST httpstatus=401 reason="-" extra="-" contenttype="-" useragent="Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.4954; Pro)" host=89.68.140.204 responsetime=11199 bytessent=5669 bytesrcv=1419 fw_rule_id=79', 'event.code': '075000617071', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'sophos', 'event.action': 'denied', 'event.category': ['intrusion_detection', 'network'], 'event.type': ['denied', 'connection'], 'event.dataset': 'sophos.xg', 'user_agent.original': 'Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.4954; Pro)', 'fileset.name': 'xg', 'url.full': '/mapi/nspi/', 'tags': ['sophos-xg', 'forwarded'], 'input.type': 'log', '@timestamp': '2020-05-18T14:38:46.000-02:00', 'sophos.xg.server': 'webmail.elasticuser.com', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'WAF', 'sophos.xg.host': '89.68.140.204', 'sophos.xg.responsetime': '11199', 'sophos.xg.fw_rule_id': '79', 'sophos.xg.log_component': 'Web Application Firewall', 'sophos.xg.cookie': 'MapiContext=MAPIAAAAAPaw98Xx0uDQ4tL/z/rX59b2x/LI+8z2x/+lhrKGtIO7jbmBsxYNAAAAAAAA;MapiRouting=UlVNOjdmNWY0OGE3LTM5OWItNDc4Yi04ZDgwLWFmZTRmMzAyZTViMDoAitM4bv3XCA==;MapiSequence=10-GtgsIA==;X-BackEndCookie=642ea57c-90ab-4571-8e05-c6997b2256f8=u56Lnp2ejJqByZrHyZ7Mys7Sm8zJnNLLnM3J0sbJxsvSnZzIxs2ans+ezMrLgYHNz83P0s/J0s3Pq87Pxc7PxcrL', 'sophos.xg.querystring': '?MailboxId=642ea57c-90ab-4571-8e05-c6997b2256f8@elastic.user.com', 'sophos.xg.message_id': '17071', 'sophos.xg.priority': 'Information', 'sophos.xg.device': 'SFW', 'service.type': 'sophos', 'http.request.method': 'POST', 'http.version': 'HTTP/1.1'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_230_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.931
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 80, 'server.ip': '46.161.30.47', 'log.offset': 0, 'log.level': 'warning', 'destination.geo.continent_name': 'Europe', 'destination.geo.country_iso_code': 'RU', 'destination.geo.country_name': 'Russia', 'destination.geo.location.lon': 37.6068, 'destination.geo.location.lat': 55.7386, 'destination.as.number': 44050, 'destination.as.organization.name': 'Petersburg Internet Network ltd.', 'destination.port': 80, 'destination.ip': '46.161.30.47', 'source.port': 22623, 'source.ip': '10.198.47.71', 'source.user.name': 'jsmith', 'fileset.name': 'xg', 'url.original': '46.161.30.47', 'tags': ['sophos-xg', 'forwarded'], 'network.transport': 'tcp', 'input.type': 'log', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': 'C44310050024-P29PUA', 'observer.type': 'firewall', '@timestamp': '2017-01-31T18:44:31.000-02:00', 'related.ip': ['10.198.47.71', '46.161.30.47'], 'related.user': ['jsmith'], 'sophos.xg.device_name': 'CR750iNG-XP', 'sophos.xg.log_type': 'ATP', 'sophos.xg.log_component': 'Firewall', 'sophos.xg.log_subtype': 'Drop', 'sophos.xg.message_id': '18010', 'sophos.xg.priority': 'Warning', 'sophos.xg.threatname': 'C2/Generic-A', 'sophos.xg.eventtype': 'Standard', 'sophos.xg.device': 'SFW', 'service.type': 'sophos', 'host.name': 'firewall.localgroup.local', 'client.port': 22623, 'client.ip': '10.198.47.71', 'event.severity': '4', 'event.original': 'device="SFW" date=2017-01-31 time=18:44:31 timezone="IST" device_name="CR750iNG-XP" device_id=C44310050024-P29PUA log_id=086304418010 log_type="ATP" log_component="Firewall" log_subtype="Drop" priority=Warning user_name="jsmith" protocol="TCP" src_port=22623 dst_port=80 sourceip=10.198.47.71 destinationip=46.161.30.47 url=46.161.30.47 threatname=C2/Generic-A eventid=C366ACFB-7A6F-4870-B359-A6CFDA8C85F7 eventtype="Standard" login_user="" process_user="" ep_uuid= execution_path=""', 'event.code': '086304418010', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'sophos', 'event.type': ['denied', 'connection'], 'event.action': 'drop', 'event.id': 'C366ACFB-7A6F-4870-B359-A6CFDA8C85F7', 'event.category': ['intrusion_detection', 'network'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_231_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.721
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'server.ip': '214.167.51.66', 'log.offset': 597, 'log.level': 'warning', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 721, 'destination.as.organization.name': 'DoD Network Information Center', 'destination.ip': '214.167.51.66', 'source.geo.continent_name': 'Europe', 'source.geo.region_iso_code': 'PL-28', 'source.geo.city_name': 'Elblag', 'source.geo.country_iso_code': 'PL', 'source.geo.country_name': 'Poland', 'source.geo.region_name': 'Warmia-Masuria', 'source.geo.location.lon': 19.4195, 'source.geo.location.lat': 54.172, 'source.as.number': 5617, 'source.as.organization.name': 'Orange Polska Spolka Akcyjna', 'source.ip': '83.20.132.250', 'source.user.name': 'elastic.user@elastic.test.com', 'fileset.name': 'xg', 'message': 'location-1 - IKE message retransmission timed out (Remote: 83.20.132.250)', 'tags': ['sophos-xg', 'forwarded'], 'input.type': 'log', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123456', 'observer.type': 'firewall', '@timestamp': '2020-05-18T14:38:58.000-02:00', 'related.ip': ['83.20.132.250', '214.167.51.66'], 'related.user': ['elastic.user@elastic.test.com'], 'sophos.xg.log_component': 'IPSec', 'sophos.xg.log_subtype': 'System', 'sophos.xg.connectionname': 'Location-1', 'sophos.xg.remotenetwork': '10.84.234.5/32', 'sophos.xg.message_id': '18055', 'sophos.xg.priority': 'Warning', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'Event', 'sophos.xg.localnetwork': '172.17.32.0/19', 'sophos.xg.connectiontype': '0', 'sophos.xg.device': 'SFW', 'sophos.xg.status': 'Failed', 'service.type': 'sophos', 'host.name': 'my_fancy_host', 'client.ip': '83.20.132.250', 'event.severity': '4', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:58 timezone="CEST" device_name="XG230" device_id=1234567890123456 log_id=062511418055 log_type="Event" log_component="IPSec" log_subtype="System" status="Failed" priority=Warning user_name="elastic.user@elastic.test.com" connectionname="Location-1" connectiontype="0" localinterfaceip=214.167.51.66 localgateway="" localnetwork="172.17.32.0/19" remoteinterfaceip=83.20.132.250 remotenetwork="10.84.234.5/32" message="location-1 - IKE message retransmission timed out (Remote: 83.20.132.250)"', 'event.code': '062511418055', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'sophos', 'event.dataset': 'sophos.xg'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_233_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.985
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'server.nat.port': 0, 'server.port': 80, 'server.bytes': 606, 'server.ip': '91.228.167.86', 'server.packets': 5, 'log.offset': 0, 'log.level': 'informational', 'destination.nat.port': 0, 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'SK-BL', 'destination.geo.city_name': 'Bratislava', 'destination.geo.country_iso_code': 'SK', 'destination.geo.country_name': 'Slovakia', 'destination.geo.region_name': 'Bratislava', 'destination.geo.location.lon': 17.1078, 'destination.geo.location.lat': 48.15, 'destination.as.number': 50881, 'destination.as.organization.name': 'ESET, spol. s r.o.', 'destination.port': 80, 'destination.bytes': 606, 'destination.ip': '91.228.167.86', 'destination.packets': 5, 'rule.ruleset': '1', 'rule.id': '21', 'source.nat.port': 0, 'source.nat.ip': '213.167.51.66', 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'RU', 'source.geo.country_name': 'Russia', 'source.geo.location.lon': 37.6068, 'source.geo.location.lat': 55.7386, 'source.as.number': 8905, 'source.as.organization.name': 'Digit One LLC', 'source.port': 62841, 'source.bytes': 459, 'source.ip': '172.17.34.15', 'source.mac': '00:00:00:00:00:00', 'source.packets': 6, 'fileset.name': 'xg', 'tags': ['sophos-xg', 'forwarded'], 'network.protocol': 'http', 'network.bytes': 1065, 'network.transport': 'tcp', 'network.packets': 11, 'network.direction': 'outbound', 'input.type': 'log', 'observer.ingress.zone': 'LAN', 'observer.ingress.interface.name': 'Port1', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123456', 'observer.type': 'firewall', 'observer.egress.zone': 'WAN', 'observer.egress.interface.name': 'Port2', '@timestamp': '2020-05-18T14:38:37.000-02:00', 'related.ip': ['172.17.34.15', '91.228.167.86', '213.167.51.66'], 'sophos.xg.ips_policy_id': '0', 'sophos.xg.src_country_code': 'R1', 'sophos.xg.appfilter_policy_id': '0', 'sophos.xg.appresolvedby': 'Signature', 'sophos.xg.priority': 'Information', 'sophos.xg.application_technology': 'Browser Based', 'sophos.xg.device': 'SFW', 'sophos.xg.status': 'Allow', 'sophos.xg.dst_country_code': 'SVK', 'sophos.xg.app_is_cloud': '0', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'Firewall', 'sophos.xg.application_risk': '1', 'sophos.xg.iap': '0', 'sophos.xg.application_category': 'General Internet', 'sophos.xg.log_component': 'Firewall Rule', 'sophos.xg.hb_health': 'No Heartbeat', 'sophos.xg.log_subtype': 'Allowed', 'sophos.xg.message_id': '00001', 'sophos.xg.connevent': 'Stop', 'sophos.xg.connid': '1617925280', 'service.type': 'sophos', 'host.name': 'my_fancy_host', 'client.nat.port': 0, 'client.port': 62841, 'client.bytes': 459, 'client.ip': '172.17.34.15', 'client.mac': '00:00:00:00:00:00', 'client.packets': 6, 'event.severity': '6', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:37 timezone="CEST" device_name="XG230" device_id=1234567890123456 log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=11 fw_rule_id=21 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application="HTTP" application_risk=1 application_technology="Browser Based" application_category="General Internet" in_interface="Port1" out_interface="Port2" src_mac=00:00:00:00:00:00 src_ip=172.17.34.15 src_country_code=R1 dst_ip=91.228.167.86 dst_country_code=SVK protocol="TCP" src_port=62841 dst_port=80 sent_pkts=6 recv_pkts=5 sent_bytes=459 recv_bytes=606 tran_src_ip=213.167.51.66 tran_src_port=0 tran_dst_ip="" tran_dst_port=0 srczonetype="LAN" srczone="LAN" dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Stop" connid="1617925280" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0', 'event.code': '010101600001', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'sophos', 'event.start': '2020-05-18T14:38:37.000-02:00', 'event.type': ['end', 'allowed', 'connection'], 'event.duration': 11000000000, 'event.action': 'allowed', 'event.end': '2020-05-18T14:38:48.000-02:00', 'event.category': ['network'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_234_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.185
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 80, 'server.bytes': 1616, 'server.ip': '13.226.155.93', 'log.offset': 0, 'log.level': 'critical', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-WA', 'destination.geo.city_name': 'Seattle', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Washington', 'destination.geo.location.lon': -122.3451, 'destination.geo.location.lat': 47.6348, 'destination.as.number': 16509, 'destination.as.organization.name': 'Amazon.com, Inc.', 'destination.port': 80, 'destination.bytes': 1616, 'destination.ip': '13.226.155.93', 'rule.id': '2', 'source.port': 57695, 'source.bytes': 550, 'source.ip': '172.16.34.24', 'network.transport': 'TCP', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123457', 'observer.type': 'firewall', 'related.ip': ['172.16.34.24', '13.226.155.93'], 'host.name': 'some_other_host.local', 'client.port': 57695, 'client.bytes': 550, 'client.ip': '172.16.34.24', 'event.severity': '2', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:33 timezone="CEST" device_name="XG230" device_id=1234567890123457 log_id=030906208001 log_type="Anti-Virus" log_component="HTTP" log_subtype="Virus" status="" priority=Critical fw_rule_id=2 user_name="" iap=13 av_policy_name="" virus="Sandstorm" url="http://sophostest.com/Sandstorm/SBTestFile1.pdf" domainname="sophostest.com" src_ip=172.16.34.24 src_country_code=R1 dst_ip=13.226.155.93 dst_country_code=USA protocol="TCP" src_port=57695 dst_port=80 sent_bytes=550 recv_bytes=1616 user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" status_code=403', 'event.code': '030906208001', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'sophos', 'event.action': 'Virus', 'event.category': ['malware', 'network'], 'event.type': ['info', 'denied', 'connection'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success', 'user_agent.original': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36', 'fileset.name': 'xg', 'url.original': 'http://sophostest.com/Sandstorm/SBTestFile1.pdf', 'url.domain': 'sophostest.com', 'tags': ['sophos-xg', 'forwarded'], 'input.type': 'log', '@timestamp': '2020-05-18T14:38:33.000-02:00', 'sophos.xg.dst_country_code': 'USA', 'sophos.xg.virus': 'Sandstorm', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'Anti-Virus', 'sophos.xg.src_country_code': 'R1', 'sophos.xg.iap': '13', 'sophos.xg.log_component': 'HTTP', 'sophos.xg.log_subtype': 'Virus', 'sophos.xg.message_id': '08001', 'sophos.xg.priority': 'Critical', 'sophos.xg.device': 'SFW', 'service.type': 'sophos', 'http.response.status_code': 403} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_235_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.974
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name']]}, full object: {'server.port': 80, 'server.ip': '172.16.68.20', 'log.offset': 0, 'log.level': 'warning', 'destination.port': 80, 'destination.ip': '172.16.68.20', 'rule.name': 'SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack', 'rule.id': '1881', 'rule.category': 'access to a potentially vulnerable web application', 'source.geo.continent_name': 'Europe', 'source.geo.country_iso_code': 'RO', 'source.geo.country_name': 'Romania', 'source.geo.location.lon': 25.0, 'source.geo.location.lat': 46.0, 'source.as.number': 28684, 'source.as.organization.name': 'Bestnet Service SRL', 'source.port': 41528, 'source.ip': '89.40.182.58', 'fileset.name': 'xg', 'tags': ['sophos-xg', 'forwarded'], 'network.transport': 'TCP', 'input.type': 'log', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123456', 'observer.type': 'firewall', '@timestamp': '2020-05-18T14:38:54.000-02:00', 'related.ip': ['89.40.182.58', '172.16.68.20'], 'sophos.xg.dst_country_code': 'R1', 'sophos.xg.idp_policy_id': '7', 'sophos.xg.platform': 'BSD,Linux,Mac,Other,Solaris,Unix,Windows', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'IDP', 'sophos.xg.src_country_code': 'ROU', 'sophos.xg.fw_rule_id': '25', 'sophos.xg.log_component': 'Signatures', 'sophos.xg.log_subtype': 'Drop', 'sophos.xg.message_id': '07002', 'sophos.xg.rule_priority': '2', 'sophos.xg.priority': 'Warning', 'sophos.xg.target': 'Server', 'sophos.xg.category': 'server-webapp', 'sophos.xg.device': 'SFW', 'service.type': 'sophos', 'host.name': 'my_fancy_host', 'client.port': 41528, 'client.ip': '89.40.182.58', 'event.severity': '4', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:54 timezone="CEST" device_name="XG230" device_id=1234567890123456 log_id=020804407002 log_type="IDP" log_component="Signatures" log_subtype="Drop" priority=Warning idp_policy_id=7 fw_rule_id=25 user_name="" signature_id=1881 signature_msg="SERVER-WEBAPP bad HTTP 1.1 request - potential worm attack" classification="access to a potentially vulnerable web application" rule_priority=2 src_ip=89.40.182.58 src_country_code=ROU dst_ip=172.16.68.20 dst_country_code=R1 protocol="TCP" src_port=41528 dst_port=80 platform="BSD,Linux,Mac,Other,Solaris,Unix,Windows" category="server-webapp" target="Server"', 'event.code': '020804407002', 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'sophos', 'event.action': 'drop', 'event.category': ['intrusion_detection', 'network'], 'event.type': ['denied', 'connection'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_236_sophos – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 4.347
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]}, full object: {'server.port': 25, 'server.bytes': 0, 'server.ip': '185.8.209.194', 'log.offset': 748, 'log.level': 'informational', 'destination.geo.continent_name': 'Europe', 'destination.geo.region_iso_code': 'CH-VD', 'destination.geo.city_name': 'Saint-Prex', 'destination.geo.country_iso_code': 'CH', 'destination.geo.country_name': 'Switzerland', 'destination.geo.region_name': 'Vaud', 'destination.geo.location.lon': 6.4599, 'destination.geo.location.lat': 46.4796, 'destination.as.number': 199567, 'destination.as.organization.name': 'Fr. Sauter AG', 'destination.port': 25, 'destination.bytes': 0, 'destination.ip': '185.8.209.194', 'destination.user.email': 'info@pelasticuser.com', 'source.geo.continent_name': 'North America', 'source.geo.region_iso_code': 'US-FL', 'source.geo.city_name': 'Miami', 'source.geo.country_iso_code': 'US', 'source.geo.country_name': 'United States', 'source.geo.region_name': 'Florida', 'source.geo.location.lon': -80.1826, 'source.geo.location.lat': 25.7806, 'source.as.number': 199524, 'source.as.organization.name': 'G-Core Labs S.A.', 'source.port': 52742, 'source.bytes': 0, 'source.ip': '92.38.133.63', 'source.domain': 'constant-big.email', 'source.user.email': 'telekommunikation@constant-big.email', 'fileset.name': 'xg', 'tags': ['sophos-xg', 'forwarded'], 'network.transport': 'TCP', 'input.type': 'log', 'observer.product': 'XG', 'observer.vendor': 'Sophos', 'observer.serial_number': '1234567890123457', 'observer.type': 'firewall', '@timestamp': '2020-05-18T14:38:49.000-02:00', 'sophos.xg.reason': 'Mail is Clean.', 'sophos.xg.dst_country_code': 'DEU', 'sophos.xg.av_policy_name': 'Default', 'sophos.xg.spamaction': 'Accept', 'sophos.xg.mailsize': '13371', 'sophos.xg.quarantine_reason': 'Other', 'sophos.xg.device_name': 'XG230', 'sophos.xg.log_type': 'Anti-Spam', 'sophos.xg.src_country_code': 'USA', 'sophos.xg.mailid': '<MzQ4NzU1ODA4Mw==.70c409993fe53cb7c5e32c9974adf8ff@constant-big', 'sophos.xg.fw_rule_id': '22', 'sophos.xg.log_component': 'SMTP', 'sophos.xg.log_subtype': 'Clean', 'sophos.xg.message_id': '13003', 'sophos.xg.priority': 'Information', 'sophos.xg.device': 'SFW', 'sophos.xg.email_subject': 'Telefonservice statt Anrufbeantworter', 'service.type': 'sophos', 'host.name': 'some_other_host.local', 'client.port': 52742, 'client.bytes': 0, 'client.ip': '92.38.133.63', 'event.severity': '6', 'event.original': 'device="SFW" date=2020-05-18 time=14:38:49 timezone="CEST" device_name="XG230" device_id=1234567890123457 log_id=041105613003 log_type="Anti-Spam" log_component="SMTP" log_subtype="Clean" status="" priority=Information fw_rule_id=22 user_name="" av_policy_name="Default" from_email_address="telekommunikation@constant-big.email" to_email_address="info@pelasticuser.com" email_subject="Telefonservice statt Anrufbeantworter" mailid="<MzQ4NzU1ODA4Mw==.70c409993fe53cb7c5e32c9974adf8ff@constant-big" mailsize=13371 spamaction="Accept" reason="Mail is Clean." src_domainname="constant-big.email" dst_domainname="" src_ip=92.38.133.63 src_country_code=USA dst_ip=185.8.209.194 dst_country_code=DEU protocol="TCP" src_port=52742 dst_port=25 sent_bytes=0 recv_bytes=0 quarantine_reason="Other"', 'event.code': '041105613003', 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'sophos', 'event.action': 'Clean', 'event.category': ['network'], 'event.type': ['allowed', 'connection'], 'event.dataset': 'sophos.xg', 'event.outcome': 'success'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['source.geo.country_name'], root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_237_misp – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 3.629
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-PA', 'destination.geo.city_name': 'State College', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Pennsylvania', 'destination.geo.location.lon': -77.8618, 'destination.geo.location.lat': 40.7957, 'destination.ip': '98.235.162.24', 'rule.description': 'Tor exit nodes feed', 'rule.id': '1', 'rule.category': 'Network activity', 'rule.uuid': '58dcfe62-ed84-4e5e-b293-4991950d210f', 'misp.threat_indicator.attack_pattern': "[destination:ip = '98.235.162.24']", 'misp.threat_indicator.feed': 'misp', 'misp.threat_indicator.attack_pattern_kql': 'destination.ip: "98.235.162.24"', 'misp.threat_indicator.description': 'Tor exit nodes feed', 'misp.threat_indicator.id': '58dcfe62-ed84-4e5e-b293-4991950d210f', 'misp.threat_indicator.type': 'ip-dst', 'fileset.name': 'threat', 'message': '98.235.162.24', 'input.type': 'log', '@timestamp': '2017-03-30T12:54:26.000Z', 'service.type': 'misp', 'event.kind': 'event', 'event.module': 'misp', 'event.id': '5d2cb906-eff4-40f0-9f1d-10eb7d6a0c26', 'event.category': 'threat-intel', 'event.type': 'indicator', 'event.dataset': 'misp.threat'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_238_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.821
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 80, 'server.ip': '204.232.231.46', 'log.original': 'Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,THREAT,url,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:58,25149,1,59309,80,0,0,0x208000,tcp,alert,"lorexx.cn/loader.exe",(9999),not-resolved,informational,client-to-server,0,0x0,192.168.0.0-192.168.255.255,United States,0,text/html', 'log.offset': 0, 'log.level': 'informational', 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-FL', 'destination.geo.city_name': 'Fort Lauderdale', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.name': 'United States', 'destination.geo.region_name': 'Florida', 'destination.geo.location.lon': -80.1749, 'destination.geo.location.lat': 26.1792, 'destination.as.number': 27357, 'destination.as.organization.name': 'Rackspace Hosting', 'destination.address': '204.232.231.46', 'destination.port': 80, 'destination.ip': '204.232.231.46', 'rule.name': 'rule1', 'source.geo.name': '192.168.0.0-192.168.255.255', 'source.address': '192.168.0.2', 'source.port': 59309, 'source.ip': '192.168.0.2', 'source.user.name': 'crusher', 'panw.panos.sub_type': 'url', 'panw.panos.flow_id': '25149', 'panw.panos.ruleset': 'rule1', 'panw.panos.destination.nat.port': 0, 'panw.panos.destination.nat.ip': '0.0.0.0', 'panw.panos.destination.zone': 'untrust', 'panw.panos.destination.interface': 'ethernet1/1', 'panw.panos.action': 'alert', 'panw.panos.source.nat.port': 0, 'panw.panos.source.nat.ip': '0.0.0.0', 'panw.panos.source.zone': 'trust', 'panw.panos.source.interface': 'ethernet1/2', 'panw.panos.threat.resource': 'lorexx.cn/loader.exe', 'panw.panos.threat.name': 'URL-filtering', 'panw.panos.threat.id': '9999', 'panw.panos.type': 'THREAT', 'panw.panos.url.category': 'not-resolved', 'network.community_id': '1:mY2EPMYo0US42k87/2uTzjo/rGA=', 'network.application': 'web-browsing', 'network.transport': 'tcp', 'network.direction': 'inbound', 'observer.ingress.zone': 'trust', 'observer.ingress.interface.name': 'ethernet1/2', 'observer.product': 'PAN-OS', 'observer.vendor': 'Palo Alto Networks', 'observer.serial_number': '01606001116', 'observer.type': 'firewall', 'observer.egress.zone': 'untrust', 'observer.egress.interface.name': 'ethernet1/1', 'related.ip': ['192.168.0.2', '204.232.231.46', '0.0.0.0', '0.0.0.0'], 'related.user': ['crusher', 'crusher'], 'client.port': 59309, 'client.ip': '192.168.0.2', 'client.user.name': 'crusher', 'event.severity': 5, 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'panw', 'event.action': 'url_filtering', 'event.category': ['security_threat', 'intrusion_detection', 'network'], 'event.type': ['allowed'], 'event.dataset': 'panw.panos', 'event.outcome': 'success', 'fileset.name': 'panos', 'url.original': 'lorexx.cn/loader.exe', 'tags': ['pan-os', 'forwarded'], 'labels.captive_portal': True, 'labels.container_page': True, 'input.type': 'log', '@timestamp': '2012-04-10T04:39:56.000-02:00', 'service.type': 'panw'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_239_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 8.749
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.nat.port': 443, 'server.nat.ip': '152.195.55.192', 'server.port': 443, 'server.ip': '152.195.55.192', 'log.original': 'Nov 30 16:44:36 PA-220 1,2018/11/30 16:44:36,012801096514,THREAT,url,2049,2018/11/30 16:44:36,192.168.15.224,152.195.55.192,192.168.1.63,152.195.55.192,new_outbound_from_trust,,,ssl,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:44:36,28191,1,52984,443,37679,443,0x403000,tcp,block-url,"consent.cmp.oath.com/",(9999),business-and-economy,informational,client-to-server,7726,0x2000000000000000,192.168.0.0-192.168.255.255,United States,0,,0,,,0,,,,,,,,0,0,0,0,0,,PA-220,,,,,0,,0,,N/A,unknown,AppThreat-0-0,0x0,0,4294967295,', 'log.offset': 0, 'log.level': 'informational', 'destination.nat.port': 443, 'destination.nat.ip': '152.195.55.192', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 15133, 'destination.as.organization.name': 'MCI Communications Services, Inc. d/b/a Verizon Business', 'destination.address': '152.195.55.192', 'destination.port': 443, 'destination.ip': '152.195.55.192', 'rule.name': 'new_outbound_from_trust', 'source.nat.port': 37679, 'source.nat.ip': '192.168.1.63', 'source.geo.name': '192.168.0.0-192.168.255.255', 'source.address': '192.168.15.224', 'source.port': 52984, 'source.ip': '192.168.15.224', 'panw.panos.sub_type': 'url', 'panw.panos.flow_id': '28191', 'panw.panos.ruleset': 'new_outbound_from_trust', 'panw.panos.destination.nat.port': 443, 'panw.panos.destination.nat.ip': '152.195.55.192', 'panw.panos.destination.zone': 'untrust', 'panw.panos.destination.interface': 'ethernet1/1', 'panw.panos.action': 'block-url', 'panw.panos.threat.resource': 'consent.cmp.oath.com/', 'panw.panos.threat.name': 'URL-filtering', 'panw.panos.threat.id': '9999', 'panw.panos.source.nat.port': 37679, 'panw.panos.source.nat.ip': '192.168.1.63', 'panw.panos.source.zone': 'trust', 'panw.panos.source.interface': 'ethernet1/2', 'panw.panos.type': 'THREAT', 'panw.panos.url.category': 'business-and-economy', 'panw.panos.network.nat.community_id': '1:qjpdroY6VaRSEUbSXzSWtUX00kc=', 'network.community_id': ['1:mDxnuNGkonQEEYcMT0Dur/FCt/I=', '1:qjpdroY6VaRSEUbSXzSWtUX00kc='], 'network.application': 'ssl', 'network.transport': 'tcp', 'network.direction': 'inbound', 'observer.ingress.zone': 'trust', 'observer.ingress.interface.name': 'ethernet1/2', 'observer.hostname': 'PA-220', 'observer.product': 'PAN-OS', 'observer.vendor': 'Palo Alto Networks', 'observer.serial_number': '012801096514', 'observer.type': 'firewall', 'observer.egress.zone': 'untrust', 'observer.egress.interface.name': 'ethernet1/1', 'related.hosts': ['PA-220'], 'related.ip': ['192.168.15.224', '152.195.55.192', '192.168.1.63', '152.195.55.192'], 'client.nat.port': 37679, 'client.nat.ip': '192.168.1.63', 'client.port': 52984, 'client.ip': '192.168.15.224', 'event.severity': 5, 'event.timezone': '-02:00', 'event.kind': 'alert', 'event.module': 'panw', 'event.action': 'url_filtering', 'event.category': ['security_threat', 'intrusion_detection', 'network'], 'event.type': ['denied'], 'event.dataset': 'panw.panos', 'event.outcome': 'success', 'fileset.name': 'panos', 'url.original': 'consent.cmp.oath.com/', 'tags': ['pan-os', 'forwarded'], 'labels.nat_translated': True, 'labels.temporary_match': True, 'input.type': 'log', '@timestamp': '2018-11-30T16:44:36.000-02:00', 'service.type': 'panw'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_240_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.359
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 80, 'server.bytes': 0, 'server.ip': '204.232.231.46', 'server.packets': 0, 'log.original': 'Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,11449,1,59324,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:59,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0', 'log.offset': 0, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-FL', 'destination.geo.city_name': 'Fort Lauderdale', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Florida', 'destination.geo.location.lon': -80.1749, 'destination.geo.location.lat': 26.1792, 'destination.as.number': 27357, 'destination.as.organization.name': 'Rackspace Hosting', 'destination.address': '204.232.231.46', 'destination.port': 80, 'destination.bytes': 0, 'destination.ip': '204.232.231.46', 'destination.packets': 0, 'rule.name': 'rule1', 'source.address': '192.168.0.2', 'source.port': 59324, 'source.bytes': 78, 'source.ip': '192.168.0.2', 'source.user.name': 'crusher', 'source.packets': 1, 'panw.panos.sequence_number': 0, 'panw.panos.sub_type': 'start', 'panw.panos.flow_id': '11449', 'panw.panos.destination.nat.port': 0, 'panw.panos.destination.nat.ip': '0.0.0.0', 'panw.panos.destination.zone': 'untrust', 'panw.panos.destination.interface': 'ethernet1/1', 'panw.panos.ruleset': 'rule1', 'panw.panos.action': 'allow', 'panw.panos.source.nat.port': 0, 'panw.panos.source.nat.ip': '0.0.0.0', 'panw.panos.source.zone': 'trust', 'panw.panos.source.interface': 'ethernet1/2', 'panw.panos.type': 'TRAFFIC', 'panw.panos.url.category': 'any', 'network.community_id': '1:MaqerLAYuvMg6JWjWKmIMO6QJ6s=', 'network.application': 'web-browsing', 'network.bytes': 78, 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 1, 'network.direction': 'outbound', 'observer.ingress.zone': 'trust', 'observer.ingress.interface.name': 'ethernet1/2', 'observer.product': 'PAN-OS', 'observer.vendor': 'Palo Alto Networks', 'observer.serial_number': '01606001116', 'observer.type': 'firewall', 'observer.egress.zone': 'untrust', 'observer.egress.interface.name': 'ethernet1/1', 'related.ip': ['192.168.0.2', '204.232.231.46', '0.0.0.0', '0.0.0.0'], 'related.user': ['crusher', 'crusher'], 'client.port': 59324, 'client.bytes': 78, 'client.ip': '192.168.0.2', 'client.user.name': 'crusher', 'client.packets': 1, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'panw', 'event.start': '2012-04-10T04:39:59.000-02:00', 'event.type': ['allowed', 'start', 'connection'], 'event.duration': 0, 'event.action': 'flow_started', 'event.end': '2012-04-10T04:39:59.000-02:00', 'event.category': ['network_traffic', 'network'], 'event.dataset': 'panw.panos', 'event.outcome': 'success', 'fileset.name': 'panos', 'tags': ['pan-os', 'forwarded'], 'labels.captive_portal': True, 'input.type': 'log', '@timestamp': '2012-04-10T04:39:58.000-02:00', 'service.type': 'panw'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_241_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 10.531
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.nat.port': 443, 'server.nat.ip': '184.51.253.152', 'server.port': 443, 'server.bytes': 5976, 'server.ip': '184.51.253.152', 'server.packets': 20, 'log.original': 'Nov 30 16:09:08 PA-220 1,2018/11/30 16:09:07,012801096514,TRAFFIC,end,2049,2018/11/30 16:09:07,192.168.15.207,184.51.253.152,192.168.1.63,184.51.253.152,new_outbound_from_trust,,,apple-maps,vsys1,trust,untrust,ethernet1/2,ethernet1/1,send_to_mac,2018/11/30 16:09:07,22751,1,55113,443,16418,443,0x400053,tcp,allow,7734,1758,5976,36,2018/11/30 15:59:04,586,computer-and-internet-info,0,32091112,0x0,192.168.0.0-192.168.255.255,United States,0,16,20,tcp-fin,0,0,0,0,,PA-220,from-policy,,,0,,0,,N/A,0,0,0,0', 'log.offset': 0, 'destination.nat.port': 443, 'destination.nat.ip': '184.51.253.152', 'destination.geo.continent_name': 'North America', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.location.lon': -97.822, 'destination.geo.location.lat': 37.751, 'destination.as.number': 16625, 'destination.as.organization.name': 'Akamai Technologies, Inc.', 'destination.address': '184.51.253.152', 'destination.port': 443, 'destination.bytes': 5976, 'destination.ip': '184.51.253.152', 'destination.packets': 20, 'rule.name': 'new_outbound_from_trust', 'source.nat.port': 16418, 'source.nat.ip': '192.168.1.63', 'source.address': '192.168.15.207', 'source.port': 55113, 'source.bytes': 1758, 'source.ip': '192.168.15.207', 'source.packets': 16, 'panw.panos.sequence_number': 32091112, 'panw.panos.sub_type': 'end', 'panw.panos.flow_id': '22751', 'panw.panos.ruleset': 'new_outbound_from_trust', 'panw.panos.destination.nat.port': 443, 'panw.panos.destination.nat.ip': '184.51.253.152', 'panw.panos.destination.zone': 'untrust', 'panw.panos.destination.interface': 'ethernet1/1', 'panw.panos.action': 'allow', 'panw.panos.endreason': 'tcp-fin', 'panw.panos.source.nat.port': 16418, 'panw.panos.source.nat.ip': '192.168.1.63', 'panw.panos.source.zone': 'trust', 'panw.panos.source.interface': 'ethernet1/2', 'panw.panos.type': 'TRAFFIC', 'panw.panos.url.category': 'computer-and-internet-info', 'panw.panos.network.nat.community_id': '1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU=', 'network.community_id': ['1:MhgXJlTEvCKgoyqMC+Xo7qMVGqc=', '1:D1fZ8H3SfYS5p3yDzVdiwbnGJlU='], 'network.application': 'apple-maps', 'network.bytes': 7734, 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 36, 'network.direction': 'outbound', 'observer.ingress.zone': 'trust', 'observer.ingress.interface.name': 'ethernet1/2', 'observer.hostname': 'PA-220', 'observer.product': 'PAN-OS', 'observer.vendor': 'Palo Alto Networks', 'observer.serial_number': '012801096514', 'observer.type': 'firewall', 'observer.egress.zone': 'untrust', 'observer.egress.interface.name': 'ethernet1/1', 'related.hosts': ['PA-220'], 'related.ip': ['192.168.15.207', '184.51.253.152', '192.168.1.63', '184.51.253.152'], 'client.nat.port': 16418, 'client.nat.ip': '192.168.1.63', 'client.port': 55113, 'client.bytes': 1758, 'client.ip': '192.168.15.207', 'client.packets': 16, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'panw', 'event.start': '2018-11-30T15:59:04.000-02:00', 'event.type': ['allowed', 'end', 'connection'], 'event.duration': 586000000000, 'event.action': 'flow_terminated', 'event.end': '2018-11-30T16:08:50.000-02:00', 'event.category': ['network_traffic', 'network'], 'event.dataset': 'panw.panos', 'event.outcome': 'success', 'fileset.name': 'panos', 'tags': ['pan-os', 'forwarded'], 'labels.nat_translated': True, 'input.type': 'log', '@timestamp': '2018-11-30T16:09:07.000-02:00', 'service.type': 'panw'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

  • Name: Build&Test / x-pack/filebeat-build / test_fileset_file_242_panw – x-pack.filebeat.tests.system.test_xpack_modules.XPackTest

    • Age: 1
    • Duration: 5.939
    • Error Details: AssertionError: The following expected object doesn't match: Diff: {'dictionary_item_added': [root['destination.geo.country_name']]}, full object: {'server.port': 80, 'server.bytes': 0, 'server.ip': '204.232.231.46', 'server.packets': 0, 'log.original': 'Oct 30 09:46:17 1,2012/10/30 09:46:17,01606001116,TRAFFIC,start,1,2012/04/10 04:39:56,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:57,25149,1,59309,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:56,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0', 'log.offset': 5853, 'destination.geo.continent_name': 'North America', 'destination.geo.region_iso_code': 'US-FL', 'destination.geo.city_name': 'Fort Lauderdale', 'destination.geo.country_iso_code': 'US', 'destination.geo.country_name': 'United States', 'destination.geo.region_name': 'Florida', 'destination.geo.location.lon': -80.1749, 'destination.geo.location.lat': 26.1792, 'destination.as.number': 27357, 'destination.as.organization.name': 'Rackspace Hosting', 'destination.address': '204.232.231.46', 'destination.port': 80, 'destination.bytes': 0, 'destination.ip': '204.232.231.46', 'destination.packets': 0, 'rule.name': 'rule1', 'source.address': '192.168.0.2', 'source.port': 59309, 'source.bytes': 78, 'source.ip': '192.168.0.2', 'source.user.name': 'crusher', 'source.packets': 1, 'panw.panos.sequence_number': 0, 'panw.panos.sub_type': 'start', 'panw.panos.flow_id': '25149', 'panw.panos.ruleset': 'rule1', 'panw.panos.destination.nat.port': 0, 'panw.panos.destination.nat.ip': '0.0.0.0', 'panw.panos.destination.zone': 'untrust', 'panw.panos.destination.interface': 'ethernet1/1', 'panw.panos.action': 'allow', 'panw.panos.source.nat.port': 0, 'panw.panos.source.nat.ip': '0.0.0.0', 'panw.panos.source.zone': 'trust', 'panw.panos.source.interface': 'ethernet1/2', 'panw.panos.type': 'TRAFFIC', 'panw.panos.url.category': 'any', 'network.community_id': '1:mY2EPMYo0US42k87/2uTzjo/rGA=', 'network.application': 'web-browsing', 'network.bytes': 78, 'network.transport': 'tcp', 'network.type': 'ipv4', 'network.packets': 1, 'network.direction': 'outbound', 'observer.ingress.zone': 'trust', 'observer.ingress.interface.name': 'ethernet1/2', 'observer.product': 'PAN-OS', 'observer.vendor': 'Palo Alto Networks', 'observer.serial_number': '01606001116', 'observer.type': 'firewall', 'observer.egress.zone': 'untrust', 'observer.egress.interface.name': 'ethernet1/1', 'related.ip': ['192.168.0.2', '204.232.231.46', '0.0.0.0', '0.0.0.0'], 'related.user': ['crusher', 'crusher'], 'client.port': 59309, 'client.bytes': 78, 'client.ip': '192.168.0.2', 'client.user.name': 'crusher', 'client.packets': 1, 'event.timezone': '-02:00', 'event.kind': 'event', 'event.module': 'panw', 'event.start': '2012-04-10T04:39:56.000-02:00', 'event.type': ['allowed', 'start', 'connection'], 'event.duration': 0, 'event.action': 'flow_started', 'event.end': '2012-04-10T04:39:56.000-02:00', 'event.category': ['network_traffic', 'network'], 'event.dataset': 'panw.panos', 'event.outcome': 'success', 'fileset.name': 'panos', 'tags': ['pan-os', 'forwarded'], 'labels.captive_portal': True, 'input.type': 'log', '@timestamp': '2012-04-10T04:39:56.000-02:00', 'service.type': 'panw'} assert 1 == 0 + where 1 = len({'dictionary_item_added': [root['destination.geo.country_name']]})

Steps errors 1

Expand to view the steps failures

  • Name: mage build test

    • Description: mage build test

    • Duration: 38 min 33 sec

    • Start Time: 2020-10-07T17:32:25.409+0000

    • log

Log output

Expand to view the last 100 lines of log output 

[2020-10-07T18:10:00.000Z] Digest: sha256:b733d4a32c4da6a00a84df2ca32791bb03df95400243648d8c539e7b4cce329c
[2020-10-07T18:10:00.000Z] Status: Downloaded newer image for alpine:3.4
[2020-10-07T18:10:02.269Z] + python .ci/scripts/pre_archive_test.py
[2020-10-07T18:10:04.187Z] Copy ./x-pack/filebeat/build into build/x-pack/filebeat/build
[2020-10-07T18:10:04.210Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats/build
[2020-10-07T18:10:04.564Z] + rm -rf ve
[2020-10-07T18:10:04.564Z] + find . -type d -name vendor -exec rm -r {} ;
[2020-10-07T18:10:04.587Z] WARNING: Unknown parameter(s) found for class type 'hudson.tasks.junit.pipeline.JUnitResultsStep': id,stashedTestReports
[2020-10-07T18:10:04.590Z] Recording test results
[2020-10-07T18:10:06.669Z] Stashed 4 file(s)
[2020-10-07T18:10:07.037Z] + tar --version
[2020-10-07T18:10:07.396Z] + tar --exclude=test-build-artifacts-x-pack/filebeat-build.tgz -czf test-build-artifacts-x-pack/filebeat-build.tgz .
[2020-10-07T18:11:03.721Z] Archiving artifacts
[2020-10-07T18:11:39.082Z] + python .ci/scripts/search_system_tests.py
[2020-10-07T18:11:39.109Z] [INFO] system-tests='build/x-pack/filebeat/build/system-tests'. If no empty then let's create a tarball
[2020-10-07T18:11:39.445Z] + tar --version
[2020-10-07T18:11:39.791Z] + tar --exclude=x-pack-filebeat--system-tests-linux.tgz -czf x-pack-filebeat--system-tests-linux.tgz build/x-pack/filebeat/build/system-tests
[2020-10-07T18:12:06.419Z] Archiving artifacts
[2020-10-07T18:12:19.358Z] Client: Docker Engine - Community
[2020-10-07T18:12:19.358Z]  Version:           19.03.13
[2020-10-07T18:12:19.358Z]  API version:       1.40
[2020-10-07T18:12:19.359Z]  Go version:        go1.13.15
[2020-10-07T18:12:19.359Z]  Git commit:        4484c46d9d
[2020-10-07T18:12:19.359Z]  Built:             Wed Sep 16 17:02:36 2020
[2020-10-07T18:12:19.359Z]  OS/Arch:           linux/amd64
[2020-10-07T18:12:19.359Z]  Experimental:      false
[2020-10-07T18:12:19.359Z] 
[2020-10-07T18:12:19.359Z] Server: Docker Engine - Community
[2020-10-07T18:12:19.359Z]  Engine:
[2020-10-07T18:12:19.359Z]   Version:          19.03.13
[2020-10-07T18:12:19.359Z]   API version:      1.40 (minimum version 1.12)
[2020-10-07T18:12:19.359Z]   Go version:       go1.13.15
[2020-10-07T18:12:19.359Z]   Git commit:       4484c46d9d
[2020-10-07T18:12:19.359Z]   Built:            Wed Sep 16 17:01:06 2020
[2020-10-07T18:12:19.359Z]   OS/Arch:          linux/amd64
[2020-10-07T18:12:19.359Z]   Experimental:     false
[2020-10-07T18:12:19.359Z]  containerd:
[2020-10-07T18:12:19.359Z]   Version:          1.3.7
[2020-10-07T18:12:19.359Z]   GitCommit:        8fba4e9a7d01810a393d5d25a3621dc101981175
[2020-10-07T18:12:19.359Z]  runc:
[2020-10-07T18:12:19.359Z]   Version:          1.0.0-rc10
[2020-10-07T18:12:19.359Z]   GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
[2020-10-07T18:12:19.359Z]  docker-init:
[2020-10-07T18:12:19.359Z]   Version:          0.18.0
[2020-10-07T18:12:19.359Z]   GitCommit:        fec3683
[2020-10-07T18:12:25.440Z] Failed in branch x-pack/filebeat-build
[2020-10-07T18:12:30.529Z] [INFO] unstashV2: JOB_GCS_BUCKET is set. bucket param got precedency instead.
[2020-10-07T18:12:30.553Z] [INFO] unstashV2: JOB_GCS_CREDENTIALS is set. credentialsId param got precedency instead.
[2020-10-07T18:12:30.627Z] [Google Cloud Storage Plugin] Found 1 files to download from pattern: gs://beats-ci-temp/Beats/beats/PR-21654-1/source/source.tgz
[2020-10-07T18:12:30.646Z] [Google Cloud Storage Plugin] Downloading: Beats/beats/PR-21654-1/source/source.tgz to local path: /var/lib/jenkins/workspace/Beats_beats_PR-21654/source.tgz
[2020-10-07T18:12:56.440Z] + tar --version
[2020-10-07T18:12:56.771Z] + tar -xpf source.tgz
[2020-10-07T18:13:09.342Z] + rm source.tgz
[2020-10-07T18:13:09.481Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats
[2020-10-07T18:13:09.511Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats/lint-1602091272447
[2020-10-07T18:13:09.615Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats/x-pack-filebeat-windows-windows-2019-1602093129518
[2020-10-07T18:13:09.710Z] Running in /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats/x-pack-filebeat-build-1602094206134
[2020-10-07T18:13:10.143Z] + cat
[2020-10-07T18:13:10.144Z] + /usr/local/bin/runbld ./runbld-test-reports --job-name elastic+beats+pull-request
[2020-10-07T18:13:10.144Z] Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF8
[2020-10-07T18:13:16.736Z] runbld>>> runbld started
[2020-10-07T18:13:16.736Z] runbld>>> 1.6.12/f45d832f2ba0aa2722ab4ec1fda8ad140f027f8b
[2020-10-07T18:13:18.663Z] runbld>>> The following profiles matched the job 'elastic+beats+pull-request' in order of occurrence in the config (last value wins).
[2020-10-07T18:13:18.663Z] runbld>>> Matches in the system config:
[2020-10-07T18:13:18.663Z] runbld>>> - Matched ^elastic\+beats
[2020-10-07T18:13:18.663Z] runbld>>> - Matched ^elastic\+beats\+pull-request
[2020-10-07T18:13:19.604Z] runbld>>> Debug logging enabled.
[2020-10-07T18:13:19.604Z] runbld>>> Storing result
[2020-10-07T18:13:19.865Z] runbld>>> Store result: created {:total 2, :successful 2, :failed 0} 1
[2020-10-07T18:13:19.865Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201007181319-3CC7138E
[2020-10-07T18:13:19.865Z] runbld>>> Adding system facts.
[2020-10-07T18:13:21.249Z] runbld>>> Adding vcs info for the latest commit:  c4f3cd0aef962e81d2caddb4818fd4c0644443ab
[2020-10-07T18:13:21.249Z] runbld>>> >>>>>>>>>>>> SCRIPT EXECUTION BEGIN >>>>>>>>>>>>
[2020-10-07T18:13:21.249Z] runbld>>> Adding /usr/lib/jvm/java-8-openjdk-amd64/bin to the path.
[2020-10-07T18:13:21.249Z] Processing JUnit reports with runbld...
[2020-10-07T18:13:21.249Z] + echo 'Processing JUnit reports with runbld...'
[2020-10-07T18:13:21.510Z] runbld>>> <<<<<<<<<<<< SCRIPT EXECUTION END <<<<<<<<<<<<
[2020-10-07T18:13:21.510Z] runbld>>> DURATION: 21ms
[2020-10-07T18:13:21.510Z] runbld>>> STDOUT: 40 bytes
[2020-10-07T18:13:21.510Z] runbld>>> STDERR: 49 bytes
[2020-10-07T18:13:21.510Z] runbld>>> WRAPPED PROCESS: SUCCESS (0)
[2020-10-07T18:13:21.510Z] runbld>>> Searching for build metadata in /var/lib/jenkins/workspace/Beats_beats_PR-21654
[2020-10-07T18:13:22.452Z] runbld>>> Storing build metadata: 
[2020-10-07T18:13:22.452Z] runbld>>> Adding test report.
[2020-10-07T18:13:22.452Z] runbld>>> Searching for junit test output files with the pattern: TEST-.*\.xml$ in: /var/lib/jenkins/workspace/Beats_beats_PR-21654/src/github.com/elastic/beats
[2020-10-07T18:13:23.394Z] runbld>>> Found 6 test output files
[2020-10-07T18:13:24.777Z] runbld>>> Test output logs contained: Errors: 0 Failures: 84 Tests: 2206 Skipped: 244
[2020-10-07T18:13:24.777Z] runbld>>> Storing result
[2020-10-07T18:13:24.777Z] runbld>>> FAILURES: 84
[2020-10-07T18:13:42.888Z] runbld>>> Store result: updated {:total 2, :successful 2, :failed 0} 2
[2020-10-07T18:13:42.889Z] runbld>>> BUILD: https://c150076387b5421f9154dfbf536e5c60.us-west1.gcp.cloud.es.io:9243/build-1597739501209/t/20201007181319-3CC7138E
[2020-10-07T18:13:42.889Z] runbld>>> Email notification disabled by environment variable.
[2020-10-07T18:13:42.889Z] runbld>>> Slack notification disabled by environment variable.
[2020-10-07T18:13:47.366Z] Running on worker-1244230 in /var/lib/jenkins/workspace/Beats_beats_PR-21654
[2020-10-07T18:13:47.475Z] [INFO] getVaultSecret: Getting secrets
[2020-10-07T18:13:47.534Z] Masking supported pattern matches of $VAULT_ADDR or $VAULT_ROLE_ID or $VAULT_SECRET_ID
[2020-10-07T18:13:49.759Z] + chmod 755 generate-build-data.sh
[2020-10-07T18:13:49.759Z] + ./generate-build-data.sh https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21654/ https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21654/runs/1 FAILURE 4679764
[2020-10-07T18:13:49.759Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21654/runs/1/steps/?limit=10000 -o steps-info.json
[2020-10-07T18:13:52.077Z] INFO: curl https://beats-ci.elastic.co/blue/rest/organizations/jenkins/pipelines/Beats/beats/PR-21654/runs/1/tests/?status=FAILED -o tests-errors.json

@marc-gr marc-gr merged commit 979414e into elastic:7.x Oct 7, 2020
@marc-gr marc-gr deleted the backport_21643_7.x branch October 7, 2020 18:17
@andrewkroh
Copy link
Copy Markdown
Member

andrewkroh commented Oct 7, 2020

Merging as red because this is needed to unblock another #21526 in order to get to green.

@zube zube bot removed the [zube]: Done label Jan 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewkroh andrewkroh andrewkroh approved these changes

Assignees

No one assigned

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marc-gr @elasticmachine @andrewkroh