Closed leandrojmp closed 10 months ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Thanks @leandrojmp - we have enough data here to make updates to our pipeline. We've added this issue to our backlog and @piyush-elastic will be in touch if we have any questions when we work on the update.
@leandrojmp Secure Email integration update (v1.18) also includes support for these logs too.
Hello,
On the integration for Cisco Secure Email Gateway we need to use the value of the field
email.message_id
to be able to correlate multiple events, however there are a lot of log messages in the fieldcisco_secure_email_gateway.log.message
that currently are not being parsed to extract this information and this impacts or analysis.For example, messages with information for DKIM and DMARC are not being parsed and there are a lot of useful information there.
This is a sample of some messages related to the same email message id that are not being parsed to extract the value for the field
email.message_id
.None of those messages are being parsed.
As a quick workaround I'm using the following processor on the custom pipeline to catch all the majority of them:
But there are more information that could be extracted from those messages.