Skip to content

Commit

Permalink
Merge branch 'master' into 27608-fix-elastic-agent-build
Browse files Browse the repository at this point in the history 
* master:
  Forward port 7.14.1 changelog to master  (elastic#27687)
  Addressing multiple dashboard issues: deps loading once, field conversion, etc. (elastic#27669)
  Remove adaptive queue sizes from agent's spec files (elastic#27653)
  Osquerybeat: Improve testability and unit test coverage (elastic#27591)
  Osquerybeat: lockdown flagsfile, prevent global defaults (elastic#27611)
  Import the references of dashboard assets using the Saved Objects API (elastic#27647)
  Fix bug with override path in cgroups (elastic#27620)
  Allow Kibana client to authorize with Elasticsearch API key (elastic#27540)
  Filebeat auditd: Fix Top Exec Commands dashboard visualization (elastic#27638)
  [elastic-agent] Fix docker tar.gz generation for complete image (elastic#27621)
  Follow up changes in dashboards in mage check && fix minor issue (elastic#27553)
  [Heartbeat] Fix bug where `enabled: false` is ignored. (elastic#27615)
  Support kube_state_metrics v2.0.0 (elastic#27552)
  • Loading branch information
@mdelapenya
mdelapenya committed Sep 1, 2021
2 parents 21754c9 + 8da1b9c commit 2337d09
Show file tree
Hide file tree
Showing 2,272 changed files with 218,937 additions and 2,676 deletions.
29 changes: 29 additions & 0 deletions CHANGELOG.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,35 @@
=== Beats version 8.0.0-alpha1

Changes will be described in a later alpha / beta.
[[release-notes-7.14.1]]
=== Beats version 7.14.1
https://github.com/elastic/beats/compare/v7.14.0...v7.14.1[View commits]

==== Bugfixes

*Affecting all Beats*

- Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]

*Filebeat*

- Convert the o365 module's `client.port` and `source.port` to numbers (from strings) in events. {pull}22939[22939]
- Fix the Snyk module to work with the new API changes. {pull}27358[27358]
- Fix a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]

*Metricbeat*

- Change `server_status_path` default setting to `nginx_status` for the `nginx` module. {pull}26642[26642]
- Change `startTime` and `endTime` of `GetMetricData` API in cloudwatch metricset to be only one collection period apart. {pull}27327[27327]
- Fix cloudwatch metricset collecting duplicate data points. {pull}27248[27248]
- Add percent formatters to system/process. {pull}27374[27374]
- Fix instance machineType reporting in compute metricset of GCP module. {pull}27363[27363]

==== Added

*Filebeat*

- Update Elasticsearch module's ingest pipeline for parsing new deprecation logs. {issue}26857[26857] {pull}26880[26880]

[[release-notes-7.14.0]]
=== Beats version 7.14.0
Expand Down
44 changes: 5 additions & 39 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add state_job metricset to Kubernetes module{pull}26479[26479]
- Bump AWS SDK version to v0.24.0 for WebIdentity authentication flow {issue}19393[19393] {pull}27126[27126]
- Add Linux pressure metricset {pull}27355[27355]
- Add support for kube-state-metrics v2.0.0 {pull}27552[27552]

*Packetbeat*

Expand Down Expand Up @@ -199,9 +200,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
as gauges (rather than counters). {pull}22877[22877]
- Improve `perfmon` metricset performance. {pull}26886[26886]
- Preserve annotations in a kubernetes namespace metadata {pull}27045[27045]
- Allow conditional processing in `decode_xml` and `decode_xml_wineventlog`. {pull}27159[27159]
- Fix build constraint that caused issues with doc builds. {pull}27381[27381]
- Do not try to load ILM policy if `check_exists` is `false`. {pull}27508[27508] {issue}26322[26322]
- Fix bug with cgroups hierarchy override path in cgroups {pull}27620[27620]
- Beat `setup kibana` command may use the elasticsearch API key defined in `output.elasticsearch.api_key`. {issue}24015[24015] {pull}27540[27540]

*Auditbeat*

Expand Down Expand Up @@ -302,6 +304,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fixes the Snyk module to work with the new API changes. {pull}27358[27358]
- Fixes a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
- Update indentation for azure filebeat configuration. {pull}26604[26604]
- Auditd: Fix Top Exec Commands dashboard visualization. {pull}27638[27638]

*Heartbeat*

Expand Down Expand Up @@ -407,12 +410,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Remove io.time from windows {pull}22237[22237]
- Change vsphere.datastore.capacity.used.pct value to betweeen 0 and 1. {pull}23148[23148]
- Allow metric prefix override per service in gcp module. {pull}26960[26960]
- Change `server_status_path` default setting to `nginx_status` for the `nginx` module. {pull}26642[26642]
- Fix cloudwatch metricset collecting duplicate data points. {pull}27327[27327]
- Fix cloudwatch metricset collecting duplicate data points. {pull}27248[27248]
- Fix flaky test TestAddCounterInvalidArgWhenQueryClosed. {issue}27312[27312] {pull}27313[27313]
- Add percent formatters to system/process {pull}27374[27374]
- Fix instance machineType reporting in compute metricset of GCP module {pull}27363[27363]
- Update metrics configuration and dashboards after changes in the Azure Monitor {pull}27520[27520]

*Packetbeat*
Expand Down Expand Up @@ -729,46 +726,15 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Add Google Workspace module and mark Gsuite module as deprecated {pull}22950[22950]
- Mark m365 defender, defender atp, okta and google workspace modules as GA {pull}23113[23113]
- Added `alternative_host` option to google pubsub input {pull}23215[23215]
- Update PanOS module to parse Global Protect & User ID logs. {issue}24722[24722] {issue}24724[24724] {pull}24927[24927]
- Add HMAC signature validation support for http_endpoint input. {pull}24918[24918]
- Add new grok pattern for iptables module for Ubiquiti UDM {issue}25615[25615] {pull}25616[25616]
- Add multiline support to aws-s3 input. {issue}25249[25249] {pull}25710[25710] {pull}25873[25873]
- Add monitoring metrics to the `aws-s3` input. {pull}25711[25711]
- Added `network.direction` fields to Zeek and Suricata modules using the `add_network_direction` processor {pull}24620[24620]
- Add Content-Type override to aws-s3 input. {issue}25697[25697] {pull}25772[25772]
- In Cisco Umbrella fileset add users from cisco.umbrella.identities to related.user. {pull}25776[25776]
- Add fingerprint processor to generate fixed ids for `google_workspace` events. {pull}25841[25841]
- Update PanOS module to parse HIP Match logs. {issue}24350[24350] {pull}25686[25686]
- Support MongoDB 4.4 in filebeat's MongoDB module. {issue}20501[20501] {pull}24774[24774]
- Enhance GCP module to populate orchestrator.* fields for GKE / K8S logs {pull}25368[25368]
- Add log_group_name_prefix config into aws-cloudwatch input. {pull}26187[26187]
- Move Filebeat azure module to GA. {pull}26114[26114] {pull}26168[26168]
- http_endpoint: Support multiple documents in a single request by POSTing an array or NDJSON format. {pull}25764[25764]
- Make `filestream` input GA. {pull}26127[26127]
- Add new `parser` to `filestream` input: `container`. {pull}26115[26115]
- Add support for ISO8601 timestamps in Zeek fileset {pull}25564[25564]
- Add possibility to include headers in resulting docs and preserve the original event in http_endpoint input {pull}26279[26279]
- Add `preserve_original_event` option to `o365audit` input. {pull}26273[26273]
- Add `log.flags` to events created by the `aws-s3` input. {pull}26267[26267]
- Add `include_s3_metadata` config option to the `aws-s3` input for including object metadata in events. {pull}26267[26267]
- RFC 5424 and UNIX socket support in the Syslog input are now GA {pull}26293[26293]
- Update grok patterns for HA Proxy module {issue}25827[25827] {pull}25835[25835]
- Update PanOS module's date processor formats to parse `strict_date_optional_time_nanos`. {issue}26033[26033] {pull}26158[26158]
- Update Okta module to parse additional fields to `okta.debug_context.debug_data`. {issue}25689[25689] {pull}25818[25818]
- Added dataset `anomalithreatstream` to the `threatintel` module to ingest indicators from Anomali ThreatStream {pull}26350[26350]
- Add `uri_parts` and `user_agent` ingest processors to `aws.elb` module. {issue}26435[26435] {pull}26441[26441]
- Added dataset `recordedfuture` to the `threatintel` module to ingest indicators from Recorded Future Connect API {pull}26481[26481]
- Update `fortinet` ingest pipelines. {issue}22136[22136] {issue}25254[25254] {pull}24816[24816]
- Use default add_locale for fortinet.firewall {issue}20300[20300] {pull}26524[26524]
- Add new template functions and `value_type` parameter to `httpjson` transforms. {pull}26847[26847]
- Add support to merge registry updates in the filestream input across multiple ACKed batches in case of backpressure in the registry or disk. {pull}25976[25976]
- Add support to `decode_cef` for MAC addresses that do not contain separator characters. {issue}27050[27050] {pull}27109[27109]
- Update Elasticsearch module's ingest pipeline for parsing new deprecation logs {issue}26857[26857] {pull}26880[26880]
- Add new `hmac` template function for httpjson input {pull}27168[27168]
- Update `tags` and `threatintel.indicator.provider` fields in `threatintel.anomali` ingest pipeline {issue}24746[24746] {pull}27141[27141]
- Move AWS module and filesets to GA. {pull}27428[27428]
- update ecs.version to ECS 1.11.0. {pull}27107[27107]


*Heartbeat*

- Add mime type detection for http responses. {pull}22976[22976]
Expand Down
165 changes: 165 additions & 0 deletions ...beat/module/auditd/_meta/kibana/7/dashboard/693a5f40-c243-11e7-8692-232bd1143e8a-ecs.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
{
"attributes": {
"description": "Summary of socket related syscall events.",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": {
"filter": [],
"highlightAll": true,
"query": {
"language": "kuery",
"query": ""
},
"version": true
}
},
"optionsJSON": {
"darkTheme": false,
"useMargins": false
},
"panelsJSON": [
{
"embeddableConfig": {
"enhancements": {},
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
},
"gridData": {
"h": 16,
"i": "1",
"w": 24,
"x": 24,
"y": 12
},
"panelIndex": "1",
"panelRefName": "panel_1",
"type": "visualization",
"version": "7.3.0"
},
{
"embeddableConfig": {
"enhancements": {},
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
},
"gridData": {
"h": 20,
"i": "2",
"w": 24,
"x": 0,
"y": 28
},
"panelIndex": "2",
"panelRefName": "panel_2",
"type": "visualization",
"version": "7.3.0"
},
{
"embeddableConfig": {
"enhancements": {},
"vis": {
"params": {
"sort": {
"columnIndex": null,
"direction": null
}
}
}
},
"gridData": {
"h": 20,
"i": "3",
"w": 24,
"x": 24,
"y": 28
},
"panelIndex": "3",
"panelRefName": "panel_3",
"type": "visualization",
"version": "7.3.0"
},
{
"embeddableConfig": {
"enhancements": {}
},
"gridData": {
"h": 12,
"i": "4",
"w": 48,
"x": 0,
"y": 0
},
"panelIndex": "4",
"panelRefName": "panel_4",
"type": "visualization",
"version": "7.3.0"
},
{
"embeddableConfig": {
"enhancements": {}
},
"gridData": {
"h": 16,
"i": "5",
"w": 24,
"x": 0,
"y": 12
},
"panelIndex": "5",
"panelRefName": "panel_5",
"type": "visualization",
"version": "7.3.0"
}
],
"timeRestore": false,
"title": "[Auditbeat Auditd] Sockets ECS",
"version": 1
},
"coreMigrationVersion": "8.0.0",
"id": "693a5f40-c243-11e7-8692-232bd1143e8a-ecs",
"migrationVersion": {
"dashboard": "7.14.0"
},
"references": [
{
"id": "faf882f0-c242-11e7-8692-232bd1143e8a-ecs",
"name": "1:panel_1",
"type": "visualization"
},
{
"id": "ea483730-c246-11e7-8692-232bd1143e8a-ecs",
"name": "2:panel_2",
"type": "visualization"
},
{
"id": "ceb91de0-c250-11e7-8692-232bd1143e8a-ecs",
"name": "3:panel_3",
"type": "visualization"
},
{
"id": "b21e0c70-c252-11e7-8692-232bd1143e8a-ecs",
"name": "4:panel_4",
"type": "visualization"
},
{
"id": "a8e20450-c256-11e7-8692-232bd1143e8a-ecs",
"name": "5:panel_5",
"type": "visualization"
}
],
"type": "dashboard",
"updated_at": "2021-08-04T16:35:59.895Z",
"version": "WzQ5ODMsMV0="
}
Loading

0 comments on commit 2337d09

Please sign in to comment.