Skip to content

aws vpcflow integration should properly set event.type #5478

Closed
#13099
Closed
aws vpcflow integration should properly set event.type#5478
#13099
Assignees
brijesh-elastic
Labels
Integration:awsAWSTeam:SDE-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]mapping/pipeline issue
@gsjlusky

Description

@gsjlusky
gsjlusky
opened on Mar 8, 2023

For aws vpcflow integration with aws.vpcflow.action:REJECT, I only see event.outcome:failure. It should set event.type based on aws.vpcflow.action.

aws.vpcflow.action can be ACCEPT or REJECT according to https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

@jamiehynds

Metadata

Metadata

Assignees

Labels

Integration:awsAWSTeam:SDE-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]Team:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]mapping/pipeline issue

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions