diff --git a/packages/sonicwall_firewall/changelog.yml b/packages/sonicwall_firewall/changelog.yml index 414aef5d2d6..0405623e6f6 100644 --- a/packages/sonicwall_firewall/changelog.yml +++ b/packages/sonicwall_firewall/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.19.3" + changes: + - description: Global Category corrections, and a packet event correction + type: enhancement,bugfix + link: https://github.com/elastic/integrations/pull/15853 - version: "1.19.2" changes: - description: Generate processor tags and normalize error handler. diff --git a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 186cd52c79d..3a0692fb681 100644 --- a/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/sonicwall_firewall/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -108,23 +108,27 @@ processors: - to: sonicwall.firewall.gcat - to: sonicwall.firewall.event_group_category map: - '1': Value - '2': System - '3': Log - '4': Security Services - '5': Users - '6': Firewall Settings - '7': Network - '8': VPN - '9': High Availability - '10': 3G/4G, Modem, and Module Firewall + '1': System + '2': Log + '3': Security Services + '4': Users + '5': Firewall Settings + '6': Network + '7': VPN + '8': High Availability + '9': WWAN Modem + '10': Firewall '11': Wireless '12': VoIP '13': SSL VPN '14': Anti-Spam '15': WAN Acceleration - '16': SD-WAN - '17': Multi-Tenancy + '16': Object + '17': SD-WAN + '18': Multi-Instance + '19': Unified Policy Engine + '20': WireGuard + '21': Cloud Secure Edge id: - to: observer.name m: @@ -167,6 +171,8 @@ processors: - to: destination.packets rule: - to: rule.id + uuid: + - to: rule.uuid sent: - to: source.bytes spkt: @@ -947,7 +953,7 @@ processors: "1315": config-delete # 1315,Network,NAT Policy,---,INFO,---,NAT Policy Delete,NAT policy deleted # TCP - "36": connection-end # 36,Network,TCP,TCP,NOTICE,7209,TCP Packets Dropped,TCP connection dropped + "36": packet-dropped # 36,Network,TCP,TCP,NOTICE,7209,TCP Packets Dropped,TCP connection dropped "48": packet-dropped # 48,Network,TCP,Debug,DEBUG,7218,Out of Order Packets Dropped,Out-of-order command packet dropped "173": connection-denied # 173,Network,TCP,LAN TCP,NOTICE,7222,LAN TCP Deny,TCP connection from LAN denied "181": packet-dropped # 181,Network,TCP,Debug,DEBUG,7005,TCP FIN Drop,TCP FIN packet dropped diff --git a/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml b/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml index b13c2d26f16..f850bc34ea5 100644 --- a/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml +++ b/packages/sonicwall_firewall/data_stream/log/fields/ecs.yml @@ -86,6 +86,8 @@ external: ecs - name: rule.name external: ecs +- name: rule.uuid + external: ecs - name: source.address external: ecs - name: source.bytes diff --git a/packages/sonicwall_firewall/manifest.yml b/packages/sonicwall_firewall/manifest.yml index ef21cc8cac0..ef20c345aad 100644 --- a/packages/sonicwall_firewall/manifest.yml +++ b/packages/sonicwall_firewall/manifest.yml @@ -1,7 +1,7 @@ format_version: "3.0.3" name: sonicwall_firewall title: "SonicWall Firewall" -version: "1.19.2" +version: "1.19.3" description: "Integration for SonicWall firewall logs" type: integration categories: