From 47eb4c22fe94359077a258cd5779dcb437839866 Mon Sep 17 00:00:00 2001
From: Adrian Serrano <adrisr83@gmail.com>
Date: Wed, 15 Jan 2020 00:43:32 +0100
Subject: [PATCH] Fix use of wrong fields in Cisco ASA dashboard (#15553)

This dashboard wasn't updated after a couple of fields were renamed.

Fixes: #15420
(cherry picked from commit 9d70efde031fc964b43b24b12622d3f688acdd54)
---
 CHANGELOG.next.asciidoc                                      | 5 +++++
 .../cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json   | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 9c5d720558a..7fdae7ebf7f 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -71,6 +71,11 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix SSL config in input.yml for Filebeat httpjson input in the MISP module. {pull}14767[14767]
 - Check content-type when creating new reader in s3 input. {pull}15252[15252] {issue}15225[15225]
 - Fix session reset detection and a crash in Netflow input. {pull}14904[14904]
+- Handle errors in handleS3Objects function and add more debug messages for s3 input. {pull}15545[15545]
+- netflow: Allow for options templates without scope fields. {pull}15449[15449]
+- netflow: Fix bytes/packets counters on some devices (NSEL and Netstream). {pull}15449[15449]
+- netflow: Fix compatibility with some Cisco devices by changing the field `class_id` from short to long. {pull}15449[15449]
+- Fixed dashboard for Cisco ASA Firewall. {issue}15420[15420] {pull}15553[15553]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json b/x-pack/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json
index 5d50368c9f2..7a585fbf501 100644
--- a/x-pack/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json
+++ b/x-pack/filebeat/module/cisco/_meta/kibana/7/dashboard/Filebeat-Cisco-ASA.json
@@ -764,7 +764,7 @@
               "id": "2",
               "params": {
                 "customLabel": "ACL ID",
-                "field": "cisco.asa.list_id",
+                "field": "cisco.asa.rule_name",
                 "missingBucket": false,
                 "missingBucketLabel": "Missing",
                 "order": "desc",
@@ -878,7 +878,7 @@
               "params": {
                 "aggregate": "concat",
                 "customLabel": "Sample message",
-                "field": "log.original",
+                "field": "event.original",
                 "size": 1,
                 "sortField": "@timestamp",
                 "sortOrder": "desc"