Filebeat panw module field additions to mirror the corresponding integration, specifically add panw.panos.application.{sub_category,category,technology}

wasserman commented 1 year ago

Describe the enhancement: Filebeat 7.x and 8.x is lacking the main fields in https://applipedia.paloaltonetworks.com/ that could be useful for writing Watcher, detections, dashboards, etc.

Describe a specific use case for the enhancement or feature:

These fields are not available in the csv parsing that is defined in /usr/share/filebeat/module/panw/panos/config/input.yml

You can add the following under TRAFFIC:

panw.panos.application.sub_category: 105  
panw.panos.application.category: 106 
panw.panos.application.technology: 107

The following under THREAT:

panw.panos.application.sub_category: 111 
panw.panos.application.category: 112 
panw.panos.application.technology: 113

Then any corresponding mappings required.

Include any additional fields/mappings from threat, traffic, etc. so Filebeat can be compatible with the Elastic Agent panw integration.

Thank you!

elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

elasticmachine commented 7 months ago

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

elastic / beats

Filebeat panw module field additions to mirror the corresponding integration, specifically add panw.panos.application.{sub_category,category,technology} #36159