-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
network_traffic: fix mapping for tls.detailed.{client,server}_certificate_chain #6856
Conversation
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that we know the fields that should be present here, I'm think we should declare them in the mapping. WDYT?
type: flattened | ||
description: Chain of trust for the server certificate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type: flattened | |
description: Chain of trust for the server certificate. | |
type: group | |
description: Chain of trust for the server certificate. | |
fields: &certificate_object | |
- name: alternative_names | |
type: keyword | |
description: Subject alternative names (SANs) in the certificate. | |
- name: issuer | |
type: group | |
description: Issuer certificate metadata. | |
fields: &x509_attributes | |
- name: common_name | |
type: keyword | |
- name: country | |
type: keyword | |
- name: distinguished_name | |
type: keyword | |
- name: locality | |
type: keyword | |
- name: organization | |
type: keyword | |
- name: organizational_unit | |
type: keyword | |
- name: postal_code | |
type: keyword | |
- name: serial_number | |
type: keyword | |
- name: state_or_province | |
type: keyword | |
- name: street_address | |
type: keyword | |
- name: subject | |
type: group | |
description: Subject certificate metadata. | |
fields: *x509_attributes | |
- name: not_after | |
type: date | |
description: End of the validity period (inclusive). | |
- name: not_before | |
type: date | |
description: Start of the validity period (inclusive). | |
- name: public_key_algorithm | |
type: keyword | |
description: Public key algorithm (e.g. RSA, DSA, ECDSA, Ed25519). | |
- name: public_key_size | |
type: long | |
description: Number of bits in the public key. | |
- name: serial_number | |
type: keyword | |
description: Base 10 representation of the certificate serial number. | |
- name: signature_algorithm | |
type: keyword | |
description: Signature algorithm (e.g. SHA256-RSA). | |
- name: version_number | |
type: keyword | |
description: The x509 certificate version. Version 3 is the latest and most common. |
type: flattened | ||
description: Chain of trust for the client certificate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
type: flattened | |
description: Chain of trust for the client certificate. | |
type: group | |
description: Chain of trust for the client certificate. | |
fields: *certificate_object |
81e382d
to
f3e18ee
Compare
Package network_traffic - 1.19.2 containing this change is available at https://epr.elastic.co/search?package=network_traffic |
What does this PR do?
See title.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots