Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Filebeat] Threatintel compatibility updates (#27323)
* First pass on updating filebeat threatintel logic for ECS 1.11 This only covers modules starting with an a; the rest will follow shortly. In general, these changes address the following goals: * preference for indicator.url.domain, and deprecation of indicator.domain * moving from event.reference to indicator.reference * Move remaining modules from indicator.domain -> indicator.url.domain Along with conditional checks to ensure we're not overwriting the relevant uri_parts data from earlier in the pipeline. * Update indicator.reference in relevant modules * Fix missing prefix in target field * linting and apply new testfiles * Run `make update` in filebeat * fixing duplicate fields * mage fmt update * linting Co-authored-by: Marius Iversen <[email protected]>
- Loading branch information