Skip to content

Commit 677d25f

Browse files
marc-grmarc-gr
committed
Apply suggestions
1 parent a8469b0 commit 677d25f

File tree

2 files changed

+39
-33
lines changed

2 files changed

+39
-33
lines changed

packages/fortinet/data_stream/firewall/_dev/test/pipeline/test-fortinet.log-expected.json

Lines changed: 32 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@
9494
}
9595
},
9696
"event": {
97-
"ingested": "2021-02-15T14:30:34.439570747Z",
97+
"ingested": "2021-02-17T08:56:26.460124300Z",
9898
"code": "0316013056",
9999
"timezone": "-0500",
100100
"kind": "event",
@@ -194,7 +194,7 @@
194194
},
195195
"event": {
196196
"duration": 0,
197-
"ingested": "2021-02-15T14:30:34.439573695Z",
197+
"ingested": "2021-02-17T08:56:26.460137200Z",
198198
"code": "0000000013",
199199
"kind": "event",
200200
"module": "fortinet",
@@ -305,7 +305,7 @@
305305
}
306306
},
307307
"event": {
308-
"ingested": "2021-02-15T14:30:34.439574761Z",
308+
"ingested": "2021-02-17T08:56:26.460142600Z",
309309
"code": "0317013312",
310310
"timezone": "-0500",
311311
"kind": "event",
@@ -423,7 +423,7 @@
423423
}
424424
},
425425
"event": {
426-
"ingested": "2021-02-15T14:30:34.439575731Z",
426+
"ingested": "2021-02-17T08:56:26.460150200Z",
427427
"code": "1059028704",
428428
"timezone": "-0400",
429429
"kind": "event",
@@ -541,7 +541,7 @@
541541
}
542542
},
543543
"event": {
544-
"ingested": "2021-02-15T14:30:34.439576713Z",
544+
"ingested": "2021-02-17T08:56:26.460159800Z",
545545
"code": "1059028704",
546546
"timezone": "-0400",
547547
"kind": "event",
@@ -646,7 +646,7 @@
646646
}
647647
},
648648
"event": {
649-
"ingested": "2021-02-15T14:30:34.439577669Z",
649+
"ingested": "2021-02-17T08:56:26.460163800Z",
650650
"code": "1501054802",
651651
"timezone": "-0500",
652652
"kind": "event",
@@ -754,7 +754,7 @@
754754
}
755755
},
756756
"event": {
757-
"ingested": "2021-02-15T14:30:34.439578612Z",
757+
"ingested": "2021-02-17T08:56:26.460167900Z",
758758
"code": "1501054802",
759759
"timezone": "-0500",
760760
"kind": "event",
@@ -864,7 +864,7 @@
864864
}
865865
},
866866
"event": {
867-
"ingested": "2021-02-15T14:30:34.439579559Z",
867+
"ingested": "2021-02-17T08:56:26.460172500Z",
868868
"code": "1059028704",
869869
"timezone": "-0500",
870870
"kind": "event",
@@ -969,7 +969,7 @@
969969
}
970970
},
971971
"event": {
972-
"ingested": "2021-02-15T14:30:34.439580505Z",
972+
"ingested": "2021-02-17T08:56:26.460178100Z",
973973
"code": "1501054802",
974974
"timezone": "-0500",
975975
"kind": "event",
@@ -1068,7 +1068,7 @@
10681068
}
10691069
},
10701070
"event": {
1071-
"ingested": "2021-02-15T14:30:34.439581481Z",
1071+
"ingested": "2021-02-17T08:56:26.460182600Z",
10721072
"code": "1500054000",
10731073
"timezone": "-0500",
10741074
"kind": "event",
@@ -1166,7 +1166,7 @@
11661166
}
11671167
},
11681168
"event": {
1169-
"ingested": "2021-02-15T14:30:34.439584022Z",
1169+
"ingested": "2021-02-17T08:56:26.460186500Z",
11701170
"code": "1700062001",
11711171
"timezone": "-0400",
11721172
"kind": "event",
@@ -1222,7 +1222,7 @@
12221222
"ip": "10.10.10.10"
12231223
},
12241224
"event": {
1225-
"ingested": "2021-02-15T14:30:34.439585208Z",
1225+
"ingested": "2021-02-17T08:56:26.460193600Z",
12261226
"code": "0102043014",
12271227
"timezone": "-0500",
12281228
"kind": "event",
@@ -1314,7 +1314,7 @@
13141314
}
13151315
},
13161316
"event": {
1317-
"ingested": "2021-02-15T14:30:34.439586185Z",
1317+
"ingested": "2021-02-17T08:56:26.460204900Z",
13181318
"code": "0101037124",
13191319
"timezone": "-0500",
13201320
"kind": "event",
@@ -1411,7 +1411,7 @@
14111411
}
14121412
},
14131413
"event": {
1414-
"ingested": "2021-02-15T14:30:34.439587130Z",
1414+
"ingested": "2021-02-17T08:56:26.460215400Z",
14151415
"code": "0101037127",
14161416
"timezone": "-0500",
14171417
"kind": "event",
@@ -1461,7 +1461,7 @@
14611461
"description": "System performance statistics"
14621462
},
14631463
"event": {
1464-
"ingested": "2021-02-15T14:30:34.439588084Z",
1464+
"ingested": "2021-02-17T08:56:26.460224200Z",
14651465
"code": "0100040704",
14661466
"timezone": "-0300",
14671467
"kind": "event",
@@ -1517,7 +1517,7 @@
15171517
"ip": "10.10.10.10"
15181518
},
15191519
"event": {
1520-
"ingested": "2021-02-15T14:30:34.439589048Z",
1520+
"ingested": "2021-02-17T08:56:26.460228600Z",
15211521
"code": "0102043039",
15221522
"timezone": "-0500",
15231523
"kind": "event",
@@ -1610,7 +1610,7 @@
16101610
}
16111611
},
16121612
"event": {
1613-
"ingested": "2021-02-15T14:30:34.439590116Z",
1613+
"ingested": "2021-02-17T08:56:26.460235600Z",
16141614
"code": "0101037127",
16151615
"timezone": "-0500",
16161616
"kind": "event",
@@ -1650,7 +1650,7 @@
16501650
"description": "FortiSandbox AV database updated"
16511651
},
16521652
"event": {
1653-
"ingested": "2021-02-15T14:30:34.439605945Z",
1653+
"ingested": "2021-02-17T08:56:26.460247Z",
16541654
"code": "0100041006",
16551655
"timezone": "-0300",
16561656
"kind": "event",
@@ -1702,7 +1702,7 @@
17021702
}
17031703
},
17041704
"event": {
1705-
"ingested": "2021-02-15T14:30:34.439606854Z",
1705+
"ingested": "2021-02-17T08:56:26.460258300Z",
17061706
"code": "0107045057",
17071707
"timezone": "-0500",
17081708
"kind": "event",
@@ -1761,7 +1761,7 @@
17611761
"description": "SSL VPN new connection"
17621762
},
17631763
"event": {
1764-
"ingested": "2021-02-15T14:30:34.439607758Z",
1764+
"ingested": "2021-02-17T08:56:26.460269100Z",
17651765
"code": "0101039943",
17661766
"timezone": "-0500",
17671767
"kind": "event",
@@ -1840,7 +1840,7 @@
18401840
}
18411841
},
18421842
"event": {
1843-
"ingested": "2021-02-15T14:30:34.439608665Z",
1843+
"ingested": "2021-02-17T08:56:26.460278200Z",
18441844
"code": "0101039947",
18451845
"timezone": "-0500",
18461846
"kind": "event",
@@ -1894,7 +1894,7 @@
18941894
"ip": "192.168.1.1"
18951895
},
18961896
"event": {
1897-
"ingested": "2021-02-15T14:30:34.439609563Z",
1897+
"ingested": "2021-02-17T08:56:26.460350400Z",
18981898
"code": "0102043015",
18991899
"timezone": "-0300",
19001900
"kind": "event",
@@ -1937,7 +1937,7 @@
19371937
"description": "FortiCloud server connected"
19381938
},
19391939
"event": {
1940-
"ingested": "2021-02-15T14:30:34.439610464Z",
1940+
"ingested": "2021-02-17T08:56:26.460360100Z",
19411941
"code": "0100022915",
19421942
"timezone": "-0500",
19431943
"kind": "event",
@@ -1973,7 +1973,7 @@
19731973
"description": "FortiCloud server disconnected"
19741974
},
19751975
"event": {
1976-
"ingested": "2021-02-15T14:30:34.439611474Z",
1976+
"ingested": "2021-02-17T08:56:26.460373800Z",
19771977
"code": "0100022913",
19781978
"timezone": "-0500",
19791979
"kind": "event",
@@ -2062,7 +2062,7 @@
20622062
}
20632063
},
20642064
"event": {
2065-
"ingested": "2021-02-15T14:30:34.439612383Z",
2065+
"ingested": "2021-02-17T08:56:26.460383700Z",
20662066
"code": "0000000011",
20672067
"timezone": "-0500",
20682068
"kind": "event",
@@ -2191,7 +2191,7 @@
21912191
},
21922192
"event": {
21932193
"duration": 5462000000000,
2194-
"ingested": "2021-02-15T14:30:34.439613279Z",
2194+
"ingested": "2021-02-17T08:56:26.460391200Z",
21952195
"code": "0000000020",
21962196
"timezone": "-0500",
21972197
"kind": "event",
@@ -2286,7 +2286,6 @@
22862286
"@timestamp": "2020-04-23T12:11:48.000-05:00",
22872287
"related": {
22882288
"ip": [
2289-
"2001:4860:4860::8888",
22902289
"2001:4860:4860::8888"
22912290
]
22922291
},
@@ -2305,7 +2304,7 @@
23052304
},
23062305
"event": {
23072306
"duration": 42000000000,
2308-
"ingested": "2021-02-15T14:30:34.439614189Z",
2307+
"ingested": "2021-02-17T08:56:26.460396300Z",
23092308
"code": "0001000014",
23102309
"timezone": "-0500",
23112310
"kind": "event",
@@ -2416,7 +2415,7 @@
24162415
},
24172416
"event": {
24182417
"duration": 20000000000,
2419-
"ingested": "2021-02-15T14:30:34.439615090Z",
2418+
"ingested": "2021-02-17T08:56:26.460403100Z",
24202419
"code": "0001000014",
24212420
"timezone": "-0400",
24222421
"kind": "event",
@@ -2507,7 +2506,7 @@
25072506
}
25082507
},
25092508
"event": {
2510-
"ingested": "2021-02-15T14:30:34.439615998Z",
2509+
"ingested": "2021-02-17T08:56:26.460407800Z",
25112510
"code": "0000000011",
25122511
"timezone": "-0500",
25132512
"kind": "event",
@@ -2659,7 +2658,7 @@
26592658
},
26602659
"event": {
26612660
"duration": 126000000000,
2662-
"ingested": "2021-02-15T14:30:34.439616899Z",
2661+
"ingested": "2021-02-17T08:56:26.460412600Z",
26632662
"code": "0000000013",
26642663
"timezone": "-0500",
26652664
"kind": "event",
@@ -2772,7 +2771,7 @@
27722771
}
27732772
},
27742773
"event": {
2775-
"ingested": "2021-02-15T14:30:34.439617804Z",
2774+
"ingested": "2021-02-17T08:56:26.460417700Z",
27762775
"code": "1059028704",
27772776
"kind": "event",
27782777
"module": "fortinet",
@@ -2854,7 +2853,7 @@
28542853
}
28552854
},
28562855
"event": {
2857-
"ingested": "2021-02-15T14:30:34.439618711Z",
2856+
"ingested": "2021-02-17T08:56:26.460469400Z",
28582857
"code": "0101037127",
28592858
"kind": "event",
28602859
"module": "fortinet",

packages/fortinet/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -341,30 +341,37 @@ processors:
341341
field: related.ip
342342
value: "{{source.ip}}"
343343
if: "ctx.source?.ip != null"
344+
allow_duplicates: false
344345
- append:
345346
field: related.ip
346347
value: "{{destination.ip}}"
347348
if: "ctx.destination?.ip != null"
349+
allow_duplicates: false
348350
- append:
349351
field: related.user
350352
value: "{{source.user.name}}"
351353
if: "ctx.source?.user?.name != null"
354+
allow_duplicates: false
352355
- append:
353356
field: related.user
354357
value: "{{destination.user.name}}"
355358
if: "ctx.destination?.user?.name != null"
359+
allow_duplicates: false
356360
- append:
357361
field: related.hosts
358362
value: "{{destination.address}}"
359363
if: "ctx.destination?.address != null"
364+
allow_duplicates: false
360365
- append:
361366
field: related.hosts
362367
value: "{{source.address}}"
363368
if: "ctx.source?.address != null"
369+
allow_duplicates: false
364370
- append:
365371
field: related.hosts
366372
value: "{{dns.question.name}}"
367373
if: "ctx.dns?.question?.name != null"
374+
allow_duplicates: false
368375
- script:
369376
lang: painless
370377
source: |

0 commit comments

Comments
 (0)