Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[cisco_meraki] Replace rsa2elk pipeline and add webhook input (#2897)
* Update data stream and pipeline for webhook based integration * Add support for syslog (log) and webhook (events) - Log: Add pipeline tests for syslog flow, ipflow logs; Add sample_events for webhook system tests - Log: Add support for airmarshal events - Log: Add support for security_event ids_alerted - Log: Add support for security_event security_filtering_file_scanned type - Log: Add support for security_event security_filtering_disposition_change - Log: Add support for site-to-site vpn event type - Log: Anonymise test data - Log: Add support for vpn_connectivity_change and refactor field groups - Log: Add support for dhcp lease and no offers - Log: Add support for client_vpn_connect log messages - Log: Add support for urls type - Log: Add pipeline for ids-alerts - Log: Add system tests - Log: Update README; Disable webhook events by default; only enable syslog UDP by default - Log: Script to create event.category, type and action - Log: Add dashboards and screenshots - Log: Convert timestamp to date format in threat.indicator.last_seen - Log: Change dissect to grok for airmarshal events - Events: pipeline for top-level fields and event handling - Events: support for alert types - Events: support for all documented event types - Logs: Fixes, add support for subtypes - Logs: Add support for dfs_event, 8021x_auth, multiple_dhcp_servers_detected - Logs: use templating to avoid copying code Co-authored-by: Andrew Kroh <[email protected]>
- Loading branch information