elasticmachine
commented
3 days ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
Open btrieger opened 3 days ago
elasticmachine
commented
3 days ago Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
btrieger
commented
7 hours ago @efd6 should it also be mapped to source.domain and destination.domain? as the address is a domain
Integration Name
VMware Carbon Black Cloud [carbon_black_cloud]
Dataset Name
endpoint_event
Integration Version
2.5.4
Agent Version
8.15.2
Agent Output Type
elasticsearch
Elasticsearch Version
8.15.1
OS Version and Architecture
Ubuntu 20.04 x86_64
Software/API Version
No response
Error Message
No response
Event Original
No response
What did you do?
I configured the integration to pull data from aws s3 or sqs.
What did you see?
I am observing that the source.address field is not mapped properly. source.address is always set regardless of netconn_inbound being true or false.
What did you expect to see?
I expect destination.address to be set when netconn_inbound is false and source.address to be set when it is true. Similar to how source.ip and destination.ip are set
Anything else?
No response