[pfSense] Firewall ICMPv6 message parsing error

[pcollardez]

Hi,

In the pfsense 1.19.1 integration, the firewall ingest pipeline cannot properly parse the network.transport field if it contains a dash.

For example, the following message will trigger a parse error :

<134>Jan 1 02:21:39 firewall.opnsense.net filterlog[97530]: 32,,,1535324496a,igb0,match,pass,in,6,0x0,0x00000,255,ipv6-icmp,58,16,fe80::f19:1faf:8:5010,ff02::2,datalength=16

The default parsing rule for network.transport is %{WORD}

https://github.com/elastic/integrations/blob/9e3ecf27b8bf39d5a0948d9b029a909883c8c209/packages/pfsense/data_stream/log/elasticsearch/ingest_pipeline/firewall.yml#L15

It may be should be : [0-9a-zA-Z-]+

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)