Open jamiehynds opened 8 months ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
@jamiehynds AFAICS there is no data from the Infoblox BloxOne API that we hit that corresponds to this.
The documentation linked above also mentions "Security Policy Hit" log messages, but we have no example of that. Can you reach out to the user to ask if they have examples of these as well?
There is a field infoblox_nios.log.dns.message which contains further informations about RPZ, not being currently mapped within our integration (v1.19.4). Can we adjust our pipeline to correctly parse/map that field. More information on the structure here.
Unsure if the same event is produced by Infoblox BloxOne, if it is, we should aim to update that integration pipeline too.
Custom pipeline shared by a user: