[Panw] Removing edge processing and adding some new common fields #772
Conversation
…lso adding in new test data and bumping version
P1llus added enhancement 
| "forwarded" | ||
| ], | ||
| "message": "Oct 30 09:46:12 1,2012/10/30 09:46:12,01606001116,TRAFFIC,start,1,2012/04/10 04:39:58,192.168.0.2,204.232.231.46,0.0.0.0,0.0.0.0,rule1,crusher,,web-browsing,vsys1,trust,untrust,ethernet1/2,ethernet1/1,forwardAll,2012/04/10 04:39:59,11449,1,59324,80,0,0,0x200000,tcp,allow,78,78,0,1,2012/04/10 04:39:59,0,any,0,0,0x0,192.168.0.0-192.168.255.255,United States,0,1,0", | ||
| "event": { |
There was a problem hiding this comment.
This event seems to not be parsed now, is this intentional?
There was a problem hiding this comment.
The reason it is removed, is because when running pipeline tests, it won't use the edge processing, so you had to prepare a raw document that had all the edge-processing applied.
This was now removed since there is no edge processing anymore. Please compare with the *-expected.json
| The old pipeline did not support all test messages, it only parses TRAFFIC and THREAT, I plan to add the rest of the logfile in a separate PR, as it would be too large for a single one. There is also a community PR ongoing to add parsing for more, which I also plan to implement here separately, so any testlogs that does not have TRAFFIC or THREAT type will not be handled at the moment, and that is the same behavior as before the removal of edge-processing. |
| Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
| jenkins run tests please |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
Trends 🧪 |
4 participants
What does this PR do?
This PR removes the edge processing from the package and bumping the version. It also restrict it to a new minimum version due to the addition of the community_id ingest pipeline processor requiring it.
The PR also adds some new fields to the package.
Checklist
changelog.ymlfile.Related issues