Skip to content

Commit

Permalink
[cisco_ise] - update package-spec to 2.10.0 (#7597)
Browse files Browse the repository at this point in the history 
* [cisco_ise] - update package-spec to 2.10.0

- Update package-spec to 2.10.0
- Ensure host.ip is an array

[git-generate]
go run github.com/andrewkroh/go-examples/ecs-update@latest -ecs-version=8.9.0 -ecs-git-ref=v8.9.0 -format-version=2.10.0 packages/cisco_ise
  • Loading branch information
@taylor-swanson
taylor-swanson committed Aug 30, 2023
1 parent 8559e4b commit 0a013e8
Show file tree
Hide file tree
Showing 7 changed files with 208 additions and 179 deletions.
5 changes: 5 additions & 0 deletions packages/cisco_ise/changelog.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.13.0"
changes:
- description: Update package-spec to 2.10.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/7597
- version: "1.12.0"
changes:
- description: Add support for filestream input.
Expand Down
20 changes: 15 additions & 5 deletions ...g/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,9 @@
]
},
"host": {
"ip": "81.2.69.143"
"ip": [
"81.2.69.143"
]
},
"log": {
"level": "notice",
Expand Down Expand Up @@ -130,7 +132,9 @@
]
},
"host": {
"ip": "81.2.69.143"
"ip": [
"81.2.69.143"
]
},
"log": {
"level": "notice",
Expand Down Expand Up @@ -751,7 +755,9 @@
},
"host": {
"hostname": "isehost",
"ip": "81.2.69.143"
"ip": [
"81.2.69.143"
]
},
"log": {
"level": "notice",
Expand Down Expand Up @@ -1141,7 +1147,9 @@
},
"host": {
"hostname": "isehost",
"ip": "81.2.69.143"
"ip": [
"81.2.69.143"
]
},
"log": {
"level": "notice",
Expand Down Expand Up @@ -1325,7 +1333,9 @@
},
"host": {
"hostname": "isehost",
"ip": "172.16.17.255"
"ip": [
"172.16.17.255"
]
},
"log": {
"level": "notice",
Expand Down
4 changes: 3 additions & 1 deletion ..._ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,9 @@
]
},
"host": {
"ip": "81.2.69.143"
"ip": [
"81.2.69.143"
]
},
"log": {
"level": "notice",
Expand Down
4 changes: 4 additions & 0 deletions packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ processors:
- pipeline:
name: '{{ IngestPipeline "pipeline_identity_stores_diagnostics" }}'
if: ctx.cisco_ise?.log?.category?.name == "CISE_Identity_Stores_Diagnostics"
- set:
field: host.ip
value: ['{{{host.ip}}}']
if: ctx.host?.ip instanceof String
- convert:
field: cisco_ise.log.log_details.ConfigVersionId
target_field: cisco_ise.log.config_version.id
Expand Down
175 changes: 90 additions & 85 deletions packages/cisco_ise/data_stream/log/sample_event.json
View file
Original file line number Diff line number Diff line change
@@ -1,184 +1,189 @@
{
"@timestamp": "2020-02-21T19:13:08.328Z",
"@timestamp": "2020-04-27T11:11:47.028-08:00",
"agent": {
"ephemeral_id": "88645c33-21f7-47a1-a1e6-b4a53f32ec43",
"id": "94011a8e-8b26-4bce-a627-d54316798b52",
"ephemeral_id": "86f518cd-51e3-4798-9fa5-e8947dc5d209",
"id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.6.0"
"version": "8.9.1"
},
"cisco_ise": {
"log": {
"acct": {
"request": {
"flags": "Stop"
"authentic": "RADIUS",
"session": {
"id": "00000000/d4:ca:6d:14:87:3b/20879"
},
"status": {
"type": "Start"
}
},
"acs": {
"session": {
"id": "ldnnacpsn1/359344348/952729"
"id": "hijk.xyz.com/176956368/1092777"
}
},
"airespace": {
"wlan": {
"id": 1
}
},
"authen_method": "TacacsPlus",
"avpair": {
"priv_lvl": 15,
"start_time": "2020-03-26T01:17:12.000Z",
"task_id": "2962",
"timezone": "GMT"
"allowed_protocol": {
"matched": {
"rule": "Default"
}
},
"called_station": {
"id": "00-24-97-69-7a-c0"
},
"calling_station": {
"id": "d4-ca-6d-14-87-3b"
},
"category": {
"name": "CISE_TACACS_Accounting"
"name": "CISE_RADIUS_Accounting"
},
"cmdset": "[ CmdAV=show mac-address-table \u003ccr\u003e ]",
"class": "CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772",
"config_version": {
"id": 1829
"id": 33
},
"cpm": {
"session": {
"id": "81.2.69.144Accounting306034364"
"id": "0a222bc0000000d123e111f0"
}
},
"device": {
"type": [
"Device Type#All Device Types#Routers",
"Device Type#All Device Types#Routers"
]
"event": {
"timestamp": "2014-01-10T07:59:55.000Z"
},
"ipsec": [
"IPSEC#Is IPSEC Device",
"IPSEC#Is IPSEC Device"
],
"location": [
"Location#All Locations#EMEA",
"Location#All Locations#EMEA"
],
"message": {
"code": "3300",
"description": "Tacacs-Accounting: TACACS+ Accounting with Command",
"id": "0000000001"
"framed": {
"ip": "81.2.69.145"
},
"model": {
"name": "Unknown"
"location": "Location#All Locations#SJC#WNBU",
"message": {
"code": "3000",
"description": "Radius-Accounting: RADIUS Accounting start request",
"id": "0000070618"
},
"nas": {
"identifier": "Acme_fe:56:00",
"ip": "81.2.69.145",
"port": {
"number": 13,
"type": "Wireless - IEEE 802.11"
}
},
"network": {
"device": {
"groups": [
"Location#All Locations#EMEA",
"Device Type#All Device Types#Routers",
"IPSEC#Is IPSEC Device"
"Location#All Locations#SJC#WNBU",
"Device Type#All Device Types#Wireless#WLC"
],
"name": "wlnwan1",
"profile": [
"Cisco",
"Cisco"
]
"name": "WNBU-WLC1"
}
},
"port": "tty10",
"privilege": {
"level": 15
},
"request": {
"latency": 1
},
"response": {
"AcctReply-Status": "Success"
"latency": 6
},
"segment": {
"number": 0,
"total": 4
"total": 1
},
"selected": {
"access": {
"service": "Device Admin - TACACS"
"service": "Default Network Access"
}
},
"service": {
"argument": "shell",
"name": "Login"
},
"software": {
"version": "Unknown"
},
"step": [
"13006",
"11004",
"11017",
"15049",
"15008",
"15048",
"13035"
"15048",
"15048",
"15004",
"15006",
"11005"
],
"type": "Accounting"
"tunnel": {
"medium": {
"type": "(tag=0) 802"
},
"private": {
"group_id": "(tag=0) 70"
},
"type": "(tag=0) VLAN"
}
}
},
"client": {
"ip": "81.2.69.144"
"ip": "81.2.69.145"
},
"data_stream": {
"dataset": "cisco_ise.log",
"namespace": "ep",
"type": "logs"
},
"destination": {
"ip": "81.2.69.144"
},
"ecs": {
"version": "8.9.0"
},
"elastic_agent": {
"id": "94011a8e-8b26-4bce-a627-d54316798b52",
"snapshot": true,
"version": "8.6.0"
"id": "5607d6f4-6e45-4c33-a087-2e07de5f0082",
"snapshot": false,
"version": "8.9.1"
},
"event": {
"action": "tacacs-accounting",
"action": "radius-accounting",
"agent_id_status": "verified",
"category": [
"configuration"
],
"dataset": "cisco_ise.log",
"ingested": "2023-01-13T12:14:37Z",
"ingested": "2023-08-29T17:11:24Z",
"kind": "event",
"sequence": 18415781,
"timezone": "+00:00",
"original": "\u003c182\u003eApr 27 11:11:47 hijk.xyz.com CISE_RADIUS_Accounting 0000070618 1 0 2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=81.2.69.145, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC",
"sequence": 91827141,
"timezone": "-08:00",
"type": [
"info"
]
},
"host": {
"hostname": "cisco-ise-host"
"hostname": "hijk.xyz.com"
},
"input": {
"type": "udp"
"type": "filestream"
},
"log": {
"level": "notice",
"source": {
"address": "172.27.0.4:59237"
"file": {
"path": "/tmp/service_logs/log.log"
},
"level": "notice",
"offset": 44899,
"syslog": {
"priority": 182,
"severity": {
"name": "notice"
}
}
},
"message": "2020-02-21 19:13:08.328 +00:00 0018415781 3300 NOTICE Tacacs-Accounting: TACACS+ Accounting with Command, ConfigVersionId=1829, Device IP Address=81.2.69.144, CmdSet=[ CmdAV=show mac-address-table \u003ccr\u003e ], RequestLatency=1, NetworkDeviceName=wlnwan1, Type=Accounting, Privilege-Level=15, Service=Login, User=psxvne, Port=tty10, Remote-Address=81.2.69.144, Authen-Method=TacacsPlus, AVPair=task_id=2962, AVPair=timezone=GMT, AVPair=start_time=1585185432, AVPair=priv-lvl=15, AcctRequest-Flags=Stop, Service-Argument=shell, AcsSessionID=ldnnacpsn1/359344348/952729, SelectedAccessService=Device Admin - TACACS, Step=13006, Step=15049, Step=15008, Step=15048, Step=13035, NetworkDeviceGroups=Location#All Locations#EMEA, NetworkDeviceGroups=Device Type#All Device Types#Routers, NetworkDeviceGroups=IPSEC#Is IPSEC Device, CPMSessionID=81.2.69.144Accounting306034364, Model Name=Unknown, Software Version=Unknown, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }, Network Device Profile=Cisco, Location=Location#All Locations#EMEA, Device Type=Device Type#All Device Types#Routers, IPSEC=IPSEC#Is IPSEC Device, Response={AcctReply-Status=Success; }",
"message": "2020-04-27 11:11:47.028075 -08:00 0091827141 3000 NOTICE Radius-Accounting: RADIUS Accounting start request, ConfigVersionId=33, Device IP Address=81.2.69.145, RequestLatency=6, NetworkDeviceName=WNBU-WLC1, User-Name=nisehorrrrn, NAS-IP-Address=81.2.69.145, NAS-Port=13, Framed-IP-Address=81.2.69.145, Class=CACS:0a2025060001794f52cfa877:hijk.xyz.com/176956368/1092772, Called-Station-ID=00-24-97-69-7a-c0, Calling-Station-ID=d4-ca-6d-14-87-3b, NAS-Identifier=Acme_fe:56:00, Acct-Status-Type=Start, Acct-Session-Id=00000000/d4:ca:6d:14:87:3b/20879, Acct-Authentic=RADIUS, Event-Timestamp=1389340795, NAS-Port-Type=Wireless - IEEE 802.11, Tunnel-Type=(tag=0) VLAN, Tunnel-Medium-Type=(tag=0) 802, Tunnel-Private-Group-ID=(tag=0) 70, Airespace-Wlan-Id=1, AcsSessionID=hijk.xyz.com/176956368/1092777, SelectedAccessService=Default Network Access, Step=11004, Step=11017, Step=15049, Step=15008, Step=15048, Step=15048, Step=15048, Step=15004, Step=15006, Step=11005, NetworkDeviceGroups=Location#All Locations#SJC#WNBU, NetworkDeviceGroups=Device Type#All Device Types#Wireless#WLC, CPMSessionID=0a222bc0000000d123e111f0, AllowedProtocolMatchedRule=Default, Location=Location#All Locations#SJC#WNBU, Device Type=Device Type#All Device Types#Wireless#WLC",
"related": {
"hosts": [
"cisco-ise-host"
"hijk.xyz.com"
],
"ip": [
"81.2.69.144"
"81.2.69.145"
],
"user": [
"psxvne"
"nisehorrrrn"
]
},
"tags": [
"preserve_original_event",
"forwarded",
"cisco_ise-log"
],
"user": {
"name": "psxvne"
"name": "nisehorrrrn"
}
}

0 comments on commit 0a013e8

Please sign in to comment.