New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cisco_meraki: handle blocked ARP packet, auth and port messages #7771
Conversation
db74b7a
to
215ca81
Compare
🌐 Coverage report
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
LGTM |
@LaZyDK Are you happy with the subtype? I was also wondering whether we should be retaining the fact that it's a ARP packet that's being blocked somewhere other than in the |
If you want to follow the current format then Do you want some more log lines that are not normalized? |
I just found something that could be optimized in the Meraki integrations. |
@LaZyDK Added your new events and changed the subtype. That optimisation is worth considering, please open an issue for it. |
packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json
Outdated
Show resolved
Hide resolved
You don't have to implement my suggestions. I will add it to another PR to be reviewed later on. |
0a850be
to
66c7bea
Compare
Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki |
2 similar comments
Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki |
Package cisco_meraki - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=cisco_meraki |
What does this PR do?
See title.
Checklist
changelog.yml
file.Author's Checklist
How to test this PR locally
Related issues
Screenshots