elasticmachine
commented
4 years ago Pinging @elastic/siem (Team:SIEM)
Closed crisdarocha closed 9 months ago
elasticmachine
commented
4 years ago Pinging @elastic/siem (Team:SIEM)
botelastic[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
elasticmachine
commented
3 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
botelastic[bot]
commented
2 years ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!
abraxxa
commented
2 years ago It‘s still relevant for us.
botelastic[bot]
commented
1 year ago Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!
abraxxa
commented
9 months ago 👍🏻
Describe the enhancement: In the Filebeat NetFlow module,
FW_EVENTare numeric codes that are mapped tonetflow.firewall_event.From the Cisco documentation, we have the meaning of the codes:
It would be great to have a new field, ECS compliant, that stores the "translated" human readable value for the
FW_EVENT.Describe a specific use case for the enhancement or feature: Numeric codes are great for programatic analysis, but don't say much when humans try to understand the event lines. Enriching the data at pipeline level would add value to the analysis.