Skip to content

Commit 3e069a1

Browse files
sodhikirti07sodhikirti07
authored
[Network Beaconing Identification] Add destination.ip filter to beaconing transform (#15672)
1 parent 40a5084 commit 3e069a1

File tree

3 files changed

+11
-4
lines changed

3 files changed

+11
-4
lines changed

packages/beaconing/changelog.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
- version: "1.3.3"
2+
changes:
3+
- description: Update documentation on configuring data view for dashboards
4+
type: bugfix
5+
link: https://github.com/elastic/integrations/pull/15672
16
- version: "1.3.2"
27
changes:
38
- description: Update documentation on configuring data view for dashboards

packages/beaconing/elasticsearch/transform/pivot_transform/transform.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
dest:
2-
index: ml_beaconing-1.3.2
3-
pipeline: 1.3.2-ml_beaconing_ingest_pipeline
2+
index: ml_beaconing-1.3.3
3+
pipeline: 1.3.3-ml_beaconing_ingest_pipeline
44
aliases:
55
- alias: ml_beaconing.latest
66
move_on_creation: true
@@ -358,6 +358,8 @@ source:
358358
- term:
359359
'event.category':
360360
value: network
361+
- exists:
362+
field: destination.ip
361363
- term:
362364
'event.action':
363365
value: disconnect_received
@@ -385,5 +387,5 @@ sync:
385387
delay: 120s
386388
field: "@timestamp"
387389
_meta:
388-
fleet_transform_version: 1.2.3
390+
fleet_transform_version: 1.2.4
389391
run_as_kibana_system: false

packages/beaconing/manifest.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
format_version: 3.0.0
22
name: beaconing
33
title: "Network Beaconing Identification"
4-
version: 1.3.2
4+
version: 1.3.3
55
source:
66
license: "Elastic-2.0"
77
description: "Package to identify beaconing activity in your network events."

0 commit comments

Comments
 (0)