diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 121373617a2..b3f46dcfc8d 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.21.0" + changes: + - description: Global Category corrections, and a packet event correction + type: bugfix + link: https://github.com/elastic/integrations/pull/15853 - version: "1.20.0" changes: - description: Preserve event.original on pipeline error. diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json index d04c99c826e..89dcc5aeddf 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json @@ -2120,7 +2120,7 @@ "app": "49177", "appName": "General HTTPS", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -2226,7 +2226,7 @@ "app": "7927", "code": "29", "dpi": "true", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2" } }, @@ -2344,7 +2344,7 @@ "app": "7927", "code": "15", "dpi": "true", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2" } }, @@ -2454,7 +2454,7 @@ "app": "7927", "code": "27", "dpi": "true", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2" } }, @@ -2569,7 +2569,7 @@ "app": "5147", "code": "27", "dpi": "true", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2" } }, @@ -2684,7 +2684,7 @@ "app": "49202", "appName": "General UDP", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -2765,7 +2765,7 @@ }, "sonicwall": { "firewall": { - "event_group_category": "Log", + "event_group_category": "Security Services", "gcat": "3", "ipscat": "ICMP Echo Reply", "ipspri": "3", @@ -2881,7 +2881,7 @@ "appid": "2900", "code": "64", "dpi": "true", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2", "ipscat": "N/A" } @@ -3082,7 +3082,7 @@ "app": "49330", "appName": "Service iMesh", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -3185,7 +3185,7 @@ "app": "49330", "appName": "Service iMesh", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -3290,7 +3290,7 @@ "app": "49169", "appName": "General DNS", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "sslvpnc" } diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json index 6284c120218..dae58495935 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json @@ -64,7 +64,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -147,7 +147,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -231,7 +231,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -310,7 +310,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, diff --git a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json index f32563683a3..b468f43b152 100644 --- a/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json +++ b/packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-sonicos70-aws.log-expected.json @@ -478,13 +478,13 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -599,7 +599,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -705,7 +705,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -782,7 +782,7 @@ "sonicwall": { "firewall": { "auditId": "34", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2", "oldValue": "WARNING", "sess": "API", @@ -872,7 +872,7 @@ "sonicwall": { "firewall": { "auditId": "35", - "event_group_category": "System", + "event_group_category": "Log", "gcat": "2", "oldValue": "ALERT", "sess": "API", @@ -983,7 +983,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -1094,7 +1094,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -1201,7 +1201,7 @@ "firewall": { "app": "42", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -1299,7 +1299,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -1391,15 +1391,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -1497,7 +1497,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -1589,15 +1589,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -1695,7 +1695,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -1787,15 +1787,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -1910,7 +1910,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2016,7 +2016,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2122,7 +2122,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2228,7 +2228,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2334,7 +2334,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2440,7 +2440,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2529,7 +2529,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2621,15 +2621,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -2736,7 +2736,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2847,7 +2847,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -2966,7 +2966,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3072,7 +3072,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3170,7 +3170,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3281,7 +3281,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3383,7 +3383,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3475,15 +3475,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -3598,7 +3598,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3704,7 +3704,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3793,7 +3793,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -3885,15 +3885,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -4008,7 +4008,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4114,7 +4114,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4212,7 +4212,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4323,7 +4323,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4430,7 +4430,7 @@ "firewall": { "app": "42", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -4528,7 +4528,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4620,15 +4620,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -4726,7 +4726,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -4818,15 +4818,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -4941,7 +4941,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5047,7 +5047,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5153,7 +5153,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5259,7 +5259,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5348,7 +5348,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5440,15 +5440,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -5563,7 +5563,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5669,7 +5669,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5758,7 +5758,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -5850,15 +5850,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -5965,7 +5965,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6076,7 +6076,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6195,7 +6195,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6301,7 +6301,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6399,7 +6399,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6510,7 +6510,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6612,7 +6612,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6704,15 +6704,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -6827,7 +6827,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -6933,7 +6933,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7022,7 +7022,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7114,15 +7114,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -7220,7 +7220,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7312,15 +7312,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -7435,7 +7435,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7541,7 +7541,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7647,7 +7647,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7753,7 +7753,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7842,7 +7842,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -7934,15 +7934,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -8057,7 +8057,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8163,7 +8163,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8252,7 +8252,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8344,15 +8344,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -8459,7 +8459,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8570,7 +8570,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8681,7 +8681,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8800,7 +8800,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -8906,7 +8906,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -9004,7 +9004,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -9103,7 +9103,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -9188,14 +9188,14 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", - "gcat": "6", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "event_group_category": "Network", + "gcat": "6" } }, "source": { @@ -9299,7 +9299,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -9404,7 +9404,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -9503,7 +9503,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -9602,7 +9602,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -9704,7 +9704,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -9802,7 +9802,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -9894,15 +9894,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -10000,7 +10000,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10092,15 +10092,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -10215,7 +10215,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10321,7 +10321,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10427,7 +10427,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10533,7 +10533,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10622,7 +10622,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10714,15 +10714,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -10837,7 +10837,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -10943,7 +10943,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11032,7 +11032,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11124,15 +11124,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -11239,7 +11239,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11350,7 +11350,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11469,7 +11469,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11575,7 +11575,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11673,7 +11673,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11780,7 +11780,7 @@ "firewall": { "app": "42", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -11887,7 +11887,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -11989,7 +11989,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -12081,15 +12081,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -12204,7 +12204,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -12310,7 +12310,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -12408,7 +12408,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -12511,7 +12511,7 @@ "firewall": { "app": "9", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -12593,7 +12593,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -12683,7 +12683,7 @@ "firewall": { "app": "9", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -12765,7 +12765,7 @@ "sonicwall": { "firewall": { "app": "9", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -12859,7 +12859,7 @@ "firewall": { "app": "42", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -12957,7 +12957,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13049,15 +13049,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -13155,7 +13155,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13247,15 +13247,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -13370,7 +13370,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13476,7 +13476,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13582,7 +13582,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13688,7 +13688,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -13783,7 +13783,7 @@ "firewall": { "app": "9", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -13878,7 +13878,7 @@ "firewall": { "app": "9", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6" } }, @@ -13967,7 +13967,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14059,15 +14059,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -14165,7 +14165,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14257,15 +14257,15 @@ ] }, "rule": { - "id": "15 (WAN->WAN)" + "id": "15 (WAN->WAN)", + "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" }, "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", - "sess": "Web", - "uuid": "18d4ad2b-4fa2-a827-0700-0040103ce114" + "sess": "Web" } }, "source": { @@ -14380,7 +14380,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14486,7 +14486,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14584,7 +14584,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14695,7 +14695,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14814,7 +14814,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -14920,7 +14920,7 @@ "sonicwall": { "firewall": { "app": "12", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } @@ -15018,7 +15018,7 @@ "firewall": { "app": "12", "dpi": "false", - "event_group_category": "Firewall Settings", + "event_group_category": "Network", "gcat": "6", "sess": "Web" } diff --git a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 4346117d7ea..e2535d9db65 100644 --- a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -108,23 +108,27 @@ processors: - to: sonicwall.firewall.gcat - to: sonicwall.firewall.event_group_category map: - '1': Value - '2': System - '3': Log - '4': Security Services - '5': Users - '6': Firewall Settings - '7': Network - '8': VPN - '9': High Availability - '10': 3G/4G, Modem, and Module Firewall + '1': System + '2': Log + '3': Security Services + '4': Users + '5': Firewall Settings + '6': Network + '7': VPN + '8': High Availability + '9': WWAN Modem + '10': Firewall '11': Wireless '12': VoIP '13': SSL VPN '14': Anti-Spam '15': WAN Acceleration - '16': SD-WAN - '17': Multi-Tenancy + '16': Object + '17': SD-WAN + '18': Multi-Instance + '19': Unified Policy Engine + '20': WireGuard + '21': Cloud Secure Edge id: - to: observer.name m: @@ -167,6 +171,8 @@ processors: - to: destination.packets rule: - to: rule.id + uuid: + - to: rule.uuid sent: - to: source.bytes spkt: @@ -947,7 +953,7 @@ processors: "1315": config-delete # 1315,Network,NAT Policy,---,INFO,---,NAT Policy Delete,NAT policy deleted # TCP - "36": connection-end # 36,Network,TCP,TCP,NOTICE,7209,TCP Packets Dropped,TCP connection dropped + "36": packet-dropped # 36,Network,TCP,TCP,NOTICE,7209,TCP Packets Dropped,TCP connection dropped "48": packet-dropped # 48,Network,TCP,Debug,DEBUG,7218,Out of Order Packets Dropped,Out-of-order command packet dropped "173": connection-denied # 173,Network,TCP,LAN TCP,NOTICE,7222,LAN TCP Deny,TCP connection from LAN denied "181": packet-dropped # 181,Network,TCP,Debug,DEBUG,7005,TCP FIN Drop,TCP FIN packet dropped diff --git a/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml b/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml index b13c2d26f16..f850bc34ea5 100644 --- a/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml +++ b/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml @@ -86,6 +86,8 @@ external: ecs - name: rule.name external: ecs +- name: rule.uuid + external: ecs - name: source.address external: ecs - name: source.bytes diff --git a/packages/sonicwall_firewall/docs/README.md b/packages/sonicwall_firewall/docs/README.md index bdb0894e421..c1bc9081e45 100644 --- a/packages/sonicwall_firewall/docs/README.md +++ b/packages/sonicwall_firewall/docs/README.md @@ -270,6 +270,7 @@ An example event for `log` looks as following: | related.user | All the user names or other user identifiers seen on the event. | keyword | | rule.id | A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. | keyword | | rule.name | The name of the rule or signature generating the event. | keyword | +| rule.uuid | A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. | keyword | | sonicwall.firewall.Category | Category of CFS blocked content. | keyword | | sonicwall.firewall.af_polid | Displays the Application Filter Policy ID. | keyword | | sonicwall.firewall.app | Numeric application ID. | keyword | diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index da5ac5fddbb..621cdbad6b2 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.20.0" +version: "1.21.0" description: "Integration for SonicWall firewall logs" type: integration categories: