Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat module Fortinet-FortiManager - add ECS authentication fields for SIEM #35176

Closed
leweafan opened this issue Apr 23, 2023 · 3 comments
Closed

Filebeat module Fortinet-FortiManager - add ECS authentication fields for SIEM #35176

leweafan opened this issue Apr 23, 2023 · 3 comments
Labels
Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution

Comments

@leweafan
Copy link
Contributor

Describe the enhancement:

There are event.action = "auth-logon/auth-logout" in expected test files but ECS fields important for SIEM like
event.category missing and event.action should be renamed to be ECS compliant.

Successful authentication message should have fields:

  • event.category = "authentication"
  • event.action = "logged-in"
  • event.outcome = "success"

Failed authentication message should have fields:

  • event.category = "authentication"
  • event.action = "logon-failed"
  • event.outcome = "failure"

Describe a specific use case for the enhancement or feature:
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 23, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 24, 2023
@norrietaylor norrietaylor added Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution and removed Team:Security-External Integrations labels Jan 31, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@taylor-swanson
Copy link
Contributor

taylor-swanson commented Mar 6, 2024
edited
Loading

Closing issue as the Fortinet Fortimanager fileset was deprecated in 8.12.0.

We recommend moving to the Fortinet FortiManager Logs Elastic integration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@narph @leweafan @elasticmachine @taylor-swanson @norrietaylor