From 25aeea385d58abc17c564e819f5fbfe22d30f334 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 10 Feb 2021 11:32:43 +0100 Subject: [PATCH] Upgrade panw module to ecs 1.8 (#23931) --- CHANGELOG.next.asciidoc | 1 + .../module/panw/panos/config/input.yml | 2 +- .../module/panw/panos/ingest/pipeline.yml | 12 + .../test/pan_inc_other.log-expected.json | 2 - .../test/pan_inc_threat.log-expected.json | 200 ------------ .../test/pan_inc_traffic.log-expected.json | 197 ------------ .../panw/panos/test/threat.log-expected.json | 228 +++++-------- .../panw/panos/test/traffic.log-expected.json | 300 ++++++------------ 8 files changed, 190 insertions(+), 752 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index eb39f855b1e..317f9a63ded 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -839,6 +839,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847] - Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927] - Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920] +- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931] *Heartbeat* diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 3d3f0be207f..8fa5bd12958 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -209,4 +209,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.8.0 diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 3bf76a0c5c1..42d2f4ff9c1 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -385,21 +385,25 @@ processors: - append: if: 'ctx?.source?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.ip}}' - append: if: 'ctx?.destination?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.ip}}' - append: if: 'ctx?.source?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{source.nat.ip}}' - append: if: 'ctx?.destination?.nat?.ip != null' field: related.ip + allow_duplicates: false value: - '{{destination.nat.ip}}' @@ -528,43 +532,51 @@ processors: - append: field: related.user + allow_duplicates: false value: "{{client.user.name}}" if: "ctx?.client?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{source.user.name}}" if: "ctx?.source?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{server.user.name}}" if: "ctx?.server?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{destination.user.name}}" if: "ctx?.destination?.user?.name != null" - append: field: related.user + allow_duplicates: false value: "{{url.username}}" if: "ctx?.url?.username != null && ctx?.url?.username != ''" allow_duplicates: false - append: field: related.hash + allow_duplicates: false value: "{{panw.panos.file.hash}}" if: "ctx?.panw?.panos?.file?.hash != null" - append: field: related.hosts + allow_duplicates: false value: "{{observer.hostname}}" if: "ctx?.observer?.hostname != null && ctx.observer?.hostname != ''" allow_duplicates: false - append: field: related.hosts + allow_duplicates: false value: "{{url.domain}}" if: "ctx?.url?.domain != null && ctx.url?.domain != ''" allow_duplicates: false diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index 54a45d4465e..a6777dca5e6 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -803,11 +803,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index cf6c021da90..10ea226c1ee 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -75,11 +75,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -278,11 +274,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -380,11 +374,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -482,11 +474,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -584,11 +574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -686,11 +674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -787,11 +773,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -888,11 +872,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -989,11 +971,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1091,11 +1071,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1191,11 +1169,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1292,11 +1268,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1393,11 +1367,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1495,11 +1467,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1596,11 +1566,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1693,11 +1661,9 @@ "related.ip": [ "192.168.0.2", "78.159.99.224", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1795,11 +1761,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1895,11 +1859,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1995,11 +1957,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2096,11 +2056,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2196,11 +2154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2294,11 +2250,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2389,11 +2343,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2484,11 +2436,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2579,11 +2529,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2674,11 +2622,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2769,11 +2715,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2864,11 +2808,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2959,11 +2901,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3054,11 +2994,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3149,11 +3087,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3244,11 +3180,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3338,11 +3272,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.167", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3436,11 +3368,9 @@ "related.ip": [ "192.168.0.2", "202.31.187.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3534,11 +3464,9 @@ "related.ip": [ "192.168.0.2", "89.111.176.67", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3634,11 +3562,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3732,11 +3658,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3829,11 +3753,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3929,11 +3851,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4026,11 +3946,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4124,11 +4042,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4221,11 +4137,9 @@ "related.ip": [ "192.168.0.2", "89.108.64.156", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4307,11 +4221,9 @@ "related.ip": [ "204.232.231.46", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4413,11 +4325,9 @@ "related.ip": [ "192.168.0.2", "216.8.179.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4509,11 +4419,9 @@ "related.ip": [ "192.168.0.2", "69.43.161.154", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4605,11 +4513,9 @@ "related.ip": [ "192.168.0.2", "208.91.196.252", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4702,11 +4608,9 @@ "related.ip": [ "192.168.0.2", "208.73.210.29", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4801,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4900,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5000,11 +4900,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5100,11 +4998,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5200,11 +5096,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5289,11 +5183,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5395,11 +5287,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5484,11 +5374,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5579,11 +5467,9 @@ "related.ip": [ "122.226.169.183", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5684,11 +5570,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5773,11 +5657,9 @@ "related.ip": [ "109.201.131.15", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5865,11 +5747,9 @@ "related.ip": [ "91.209.163.202", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5968,11 +5848,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6065,11 +5943,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6162,11 +6038,9 @@ "related.ip": [ "192.168.0.2", "213.180.199.61", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6251,11 +6125,9 @@ "related.ip": [ "173.236.179.57", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6357,11 +6229,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6456,11 +6326,9 @@ "related.ip": [ "192.168.0.6", "207.46.140.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6541,11 +6409,9 @@ "related.ip": [ "65.54.161.34", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6636,11 +6502,9 @@ "related.ip": [ "65.55.5.231", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6741,11 +6605,9 @@ "related.ip": [ "192.168.0.6", "65.54.71.11", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6825,11 +6687,9 @@ "related.ip": [ "74.125.239.17", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -6924,11 +6784,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7008,11 +6866,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7100,11 +6956,9 @@ "related.ip": [ "188.190.124.75", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -7194,11 +7048,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7285,11 +7137,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7376,11 +7226,9 @@ "related.ip": [ "74.125.239.3", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7467,11 +7315,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7566,11 +7412,9 @@ "related.ip": [ "192.168.0.2", "74.125.239.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7650,11 +7494,9 @@ "related.ip": [ "74.125.224.193", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7742,11 +7584,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7833,11 +7673,9 @@ "related.ip": [ "208.80.154.225", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -7925,11 +7763,9 @@ "related.ip": [ "208.80.154.234", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8017,11 +7853,9 @@ "related.ip": [ "65.54.75.25", "192.168.0.6", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8111,11 +7945,9 @@ "related.ip": [ "74.125.224.206", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8202,11 +8034,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8294,11 +8124,9 @@ "related.ip": [ "207.178.96.34", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -8388,11 +8216,9 @@ "related.ip": [ "74.125.224.195", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8479,11 +8305,9 @@ "related.ip": [ "74.125.239.20", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8571,11 +8395,9 @@ "related.ip": [ "66.152.109.24", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8665,11 +8487,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8764,11 +8584,9 @@ "related.ip": [ "192.168.0.2", "74.125.224.201", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8848,11 +8666,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -8939,11 +8755,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "picard", "picard" ], "rule.name": "rule1", @@ -9038,11 +8852,9 @@ "related.ip": [ "192.168.0.2", "208.85.40.48", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9122,11 +8934,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9213,11 +9023,9 @@ "related.ip": [ "74.125.224.201", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9304,11 +9112,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9395,11 +9201,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9487,11 +9291,9 @@ "related.ip": [ "74.125.224.198", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", @@ -9578,11 +9380,9 @@ "related.ip": [ "74.125.224.200", "192.168.0.2", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "jordy", "jordy" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index 44f7a7790ab..a4ae1b157d9 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -77,11 +77,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -176,11 +174,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -275,11 +271,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -377,11 +371,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -479,11 +471,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -578,11 +568,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -677,11 +665,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -779,11 +765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -881,11 +865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -983,11 +965,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1085,11 +1065,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1187,11 +1165,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1289,11 +1265,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1391,11 +1365,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1493,11 +1465,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1595,11 +1565,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1697,11 +1665,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1799,11 +1765,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -1901,11 +1865,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2000,11 +1962,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2099,11 +2059,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2201,11 +2159,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2300,11 +2256,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2402,11 +2356,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2504,11 +2456,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2606,11 +2556,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2705,11 +2653,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2804,11 +2750,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -2906,11 +2850,9 @@ "related.ip": [ "192.168.0.2", "98.149.55.63", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3008,11 +2950,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3107,11 +3047,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3209,11 +3147,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3311,11 +3247,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3410,11 +3344,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3509,11 +3441,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3611,11 +3541,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3713,11 +3641,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3812,11 +3738,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -3911,11 +3835,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4008,7 +3930,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4102,11 +4023,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4202,7 +4121,6 @@ "related.ip": [ "192.168.0.100", "50.19.102.116", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4299,11 +4217,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.19", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4401,11 +4317,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.24", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4498,7 +4412,6 @@ "related.ip": [ "192.168.0.100", "8.8.8.8", - "0.0.0.0", "0.0.0.0" ], "rule.name": "rule1", @@ -4595,11 +4508,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4694,11 +4605,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4796,11 +4705,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4895,11 +4802,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -4994,11 +4899,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5093,11 +4996,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5192,11 +5093,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5291,11 +5190,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5393,11 +5290,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5495,11 +5390,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5594,11 +5487,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5696,11 +5587,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5795,11 +5684,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5894,11 +5781,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -5996,11 +5881,9 @@ "related.ip": [ "192.168.0.2", "65.55.223.31", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6098,11 +5981,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6197,11 +6078,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6296,11 +6175,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6395,11 +6272,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6494,11 +6369,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6593,11 +6466,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6692,11 +6563,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6794,11 +6663,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6893,11 +6760,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -6995,11 +6860,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7094,11 +6957,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7193,11 +7054,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7295,11 +7154,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7394,11 +7251,9 @@ "related.ip": [ "192.168.0.2", "8.5.1.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7493,11 +7348,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7592,11 +7445,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7694,11 +7545,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7786,11 +7635,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7888,11 +7735,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -7990,11 +7835,9 @@ "related.ip": [ "192.168.0.2", "212.48.10.58", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8082,11 +7925,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8174,11 +8015,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8276,11 +8115,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8375,11 +8212,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8474,11 +8309,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8576,11 +8409,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8675,11 +8506,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8767,11 +8596,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8866,11 +8693,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -8968,11 +8793,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9067,11 +8890,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9166,11 +8987,9 @@ "related.ip": [ "192.168.0.2", "205.171.2.25", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9265,11 +9084,9 @@ "related.ip": [ "192.168.0.2", "62.211.68.12", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9367,11 +9184,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9469,11 +9284,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9571,11 +9384,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9663,11 +9474,9 @@ "related.ip": [ "192.168.0.2", "192.168.0.1", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9765,11 +9574,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9867,11 +9674,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", @@ -9969,11 +9774,9 @@ "related.ip": [ "192.168.0.2", "204.232.231.46", - "0.0.0.0", "0.0.0.0" ], "related.user": [ - "crusher", "crusher" ], "rule.name": "rule1", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index d03e24e00c7..0d9b9000a97 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -81,8 +81,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -186,8 +185,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -291,8 +289,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -396,8 +393,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -501,8 +497,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -606,8 +601,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -711,8 +705,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -816,8 +809,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -921,8 +913,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1026,8 +1017,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1131,8 +1121,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1236,8 +1225,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1341,8 +1329,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1446,8 +1433,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1551,8 +1537,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1656,8 +1641,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1761,8 +1745,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1866,8 +1849,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -1971,8 +1953,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2076,8 +2057,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2181,8 +2161,7 @@ "related.ip": [ "192.168.15.224", "23.72.137.131", - "192.168.1.63", - "23.72.137.131" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.137.131", @@ -2286,8 +2265,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2391,8 +2369,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2496,8 +2473,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2601,8 +2577,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2706,8 +2681,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2811,8 +2785,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -2916,8 +2889,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3021,8 +2993,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3126,8 +3097,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3231,8 +3201,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3336,8 +3305,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3441,8 +3409,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3546,8 +3513,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3651,8 +3617,7 @@ "related.ip": [ "192.168.15.224", "152.195.55.192", - "192.168.1.63", - "152.195.55.192" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "152.195.55.192", @@ -3756,8 +3721,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "151.101.2.2", @@ -3864,8 +3828,7 @@ "related.ip": [ "192.168.15.224", "54.192.7.152", - "192.168.1.63", - "54.192.7.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.192.7.152", @@ -3972,8 +3935,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4080,8 +4042,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4188,8 +4149,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4296,8 +4256,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4404,8 +4363,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4512,8 +4470,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4620,8 +4577,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4728,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4836,8 +4791,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -4944,8 +4898,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5052,8 +5005,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5160,8 +5112,7 @@ "related.ip": [ "192.168.15.224", "52.4.120.175", - "192.168.1.63", - "52.4.120.175" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "52.4.120.175", @@ -5268,8 +5219,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.98", - "192.168.1.63", - "216.58.194.98" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "216.58.194.98", @@ -5373,8 +5323,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5478,8 +5427,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5583,8 +5531,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5688,8 +5635,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5793,8 +5739,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -5898,8 +5843,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6003,8 +5947,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6108,8 +6051,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6213,8 +6155,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6318,8 +6259,7 @@ "related.ip": [ "192.168.15.224", "23.72.145.245", - "192.168.1.63", - "23.72.145.245" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "23.72.145.245", @@ -6426,8 +6366,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6534,8 +6473,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6642,8 +6580,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6750,8 +6687,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6858,8 +6794,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -6966,8 +6901,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7074,8 +7008,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7182,8 +7115,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7290,8 +7222,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7398,8 +7329,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7506,8 +7436,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7614,8 +7543,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7722,8 +7650,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7830,8 +7757,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -7938,8 +7864,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", @@ -8046,8 +7971,7 @@ "related.ip": [ "192.168.15.224", "54.209.101.70", - "192.168.1.63", - "54.209.101.70" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.ip": "54.209.101.70", diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index 200e02370d3..a6877841bd3 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -86,8 +86,7 @@ "related.ip": [ "192.168.15.207", "184.51.253.152", - "192.168.1.63", - "184.51.253.152" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5976, @@ -196,8 +195,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -309,8 +307,7 @@ "related.ip": [ "192.168.15.207", "17.253.3.202", - "192.168.1.63", - "17.253.3.202" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1035, @@ -419,8 +416,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -532,8 +528,7 @@ "related.ip": [ "192.168.15.196", "216.58.194.99", - "192.168.1.63", - "216.58.194.99" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1613, @@ -642,8 +637,7 @@ "related.ip": [ "192.168.15.224", "209.234.224.22", - "192.168.1.63", - "209.234.224.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 21111, @@ -752,8 +746,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -862,8 +855,7 @@ "related.ip": [ "192.168.15.224", "172.217.2.238", - "192.168.1.63", - "172.217.2.238" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3732, @@ -972,8 +964,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1082,8 +1073,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 221, @@ -1192,8 +1182,7 @@ "related.ip": [ "192.168.15.207", "17.249.60.78", - "192.168.1.63", - "17.249.60.78" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5469, @@ -1302,8 +1291,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 224, @@ -1412,8 +1400,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 117, @@ -1522,8 +1509,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 307, @@ -1632,8 +1618,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 365, @@ -1742,8 +1727,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -1852,8 +1836,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 161, @@ -1962,8 +1945,7 @@ "related.ip": [ "192.168.15.224", "98.138.49.44", - "192.168.1.63", - "98.138.49.44" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7805, @@ -2072,8 +2054,7 @@ "related.ip": [ "192.168.15.224", "72.30.3.43", - "192.168.1.63", - "72.30.3.43" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6106, @@ -2182,8 +2163,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -2292,8 +2272,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 3245, @@ -2402,8 +2381,7 @@ "related.ip": [ "192.168.15.207", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -2515,8 +2493,7 @@ "related.ip": [ "192.168.15.224", "54.84.80.198", - "192.168.1.63", - "54.84.80.198" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 4537, @@ -2626,8 +2603,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -2736,8 +2712,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -2842,8 +2817,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -2949,8 +2923,7 @@ "related.ip": [ "192.168.15.224", "172.217.9.142", - "192.168.1.63", - "172.217.9.142" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1991, @@ -3059,8 +3032,7 @@ "related.ip": [ "192.168.15.224", "151.101.2.2", - "192.168.1.63", - "151.101.2.2" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 523, @@ -3172,8 +3144,7 @@ "related.ip": [ "192.168.15.224", "216.58.194.66", - "192.168.1.63", - "216.58.194.66" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2428, @@ -3282,8 +3253,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -3392,8 +3362,7 @@ "related.ip": [ "192.168.15.210", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 196, @@ -3502,8 +3471,7 @@ "related.ip": [ "192.168.15.224", "184.51.253.193", - "192.168.1.63", - "184.51.253.193" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 5003, @@ -3612,8 +3580,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 171, @@ -3723,8 +3690,7 @@ "related.ip": [ "192.168.15.224", "199.167.55.52", - "192.168.1.63", - "199.167.55.52" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 0, @@ -3836,8 +3802,7 @@ "related.ip": [ "192.168.15.224", "199.167.52.219", - "192.168.1.63", - "199.167.52.219" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2316, @@ -3949,8 +3914,7 @@ "related.ip": [ "192.168.15.224", "52.71.117.196", - "192.168.1.63", - "52.71.117.196" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 13966, @@ -4059,8 +4023,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 244, @@ -4169,8 +4132,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 205, @@ -4282,8 +4244,7 @@ "related.ip": [ "192.168.15.224", "35.186.194.41", - "192.168.1.63", - "35.186.194.41" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 2302, @@ -4390,8 +4351,7 @@ "related.ip": [ "192.168.15.224", "35.201.124.9", - "192.168.1.63", - "35.201.124.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6757, @@ -4503,8 +4463,7 @@ "related.ip": [ "192.168.15.224", "100.24.131.237", - "192.168.1.63", - "100.24.131.237" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 9007, @@ -4613,8 +4572,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -4726,8 +4684,7 @@ "related.ip": [ "192.168.15.224", "35.190.88.148", - "192.168.1.63", - "35.190.88.148" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4839,8 +4796,7 @@ "related.ip": [ "192.168.15.224", "35.186.243.83", - "192.168.1.63", - "35.186.243.83" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -4949,8 +4905,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 182, @@ -5059,8 +5014,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -5172,8 +5126,7 @@ "related.ip": [ "192.168.15.224", "100.24.165.74", - "192.168.1.63", - "100.24.165.74" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 6669, @@ -5282,8 +5235,7 @@ "related.ip": [ "192.168.15.224", "184.51.252.247", - "192.168.1.63", - "184.51.252.247" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 661, @@ -5390,8 +5342,7 @@ "related.ip": [ "192.168.15.224", "35.201.94.140", - "192.168.1.63", - "35.201.94.140" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 11136, @@ -5496,8 +5447,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -5606,8 +5556,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 144, @@ -5716,8 +5665,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5826,8 +5774,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 206, @@ -5936,8 +5883,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -6046,8 +5992,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 132, @@ -6156,8 +6101,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 127, @@ -6266,8 +6210,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 105, @@ -6376,8 +6319,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6486,8 +6428,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 134, @@ -6596,8 +6537,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 179, @@ -6706,8 +6646,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 218, @@ -6816,8 +6755,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -6926,8 +6864,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 305, @@ -7039,8 +6976,7 @@ "related.ip": [ "192.168.15.224", "66.28.0.45", - "192.168.1.63", - "66.28.0.45" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 527, @@ -7149,8 +7085,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 153, @@ -7259,8 +7194,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 169, @@ -7369,8 +7303,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 128, @@ -7479,8 +7412,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 181, @@ -7589,8 +7521,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 121, @@ -7702,8 +7633,7 @@ "related.ip": [ "192.168.15.224", "23.52.174.25", - "192.168.1.63", - "23.52.174.25" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 1246, @@ -7812,8 +7742,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 315, @@ -7922,8 +7851,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 130, @@ -8035,8 +7963,7 @@ "related.ip": [ "192.168.15.224", "54.230.5.228", - "192.168.1.63", - "54.230.5.228" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 288, @@ -8145,8 +8072,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 149, @@ -8255,8 +8181,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 202, @@ -8365,8 +8290,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 195, @@ -8475,8 +8399,7 @@ "related.ip": [ "192.168.15.195", "208.83.246.20", - "192.168.1.63", - "208.83.246.20" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 90, @@ -8584,8 +8507,7 @@ "related.ip": [ "192.168.15.196", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 192, @@ -8693,8 +8615,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 208, @@ -8802,8 +8723,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 100, @@ -8913,8 +8833,7 @@ "related.ip": [ "192.168.15.224", "35.185.88.112", - "192.168.1.63", - "35.185.88.112" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7237, @@ -9023,8 +8942,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 109, @@ -9133,8 +9051,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 116, @@ -9243,8 +9160,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 96, @@ -9356,8 +9272,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9469,8 +9384,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9582,8 +9496,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9692,8 +9605,7 @@ "related.ip": [ "192.168.15.224", "104.254.150.9", - "192.168.1.63", - "104.254.150.9" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 7820, @@ -9805,8 +9717,7 @@ "related.ip": [ "192.168.15.224", "50.19.85.24", - "192.168.1.63", - "50.19.85.24" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 654, @@ -9918,8 +9829,7 @@ "related.ip": [ "192.168.15.224", "52.0.218.108", - "192.168.1.63", - "52.0.218.108" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10031,8 +9941,7 @@ "related.ip": [ "192.168.15.224", "52.6.117.19", - "192.168.1.63", - "52.6.117.19" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10144,8 +10053,7 @@ "related.ip": [ "192.168.15.224", "34.238.96.22", - "192.168.1.63", - "34.238.96.22" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 214, @@ -10257,8 +10165,7 @@ "related.ip": [ "192.168.15.224", "130.211.47.17", - "192.168.1.63", - "130.211.47.17" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 280, @@ -10367,8 +10274,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 172, @@ -10477,8 +10383,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 588, @@ -10587,8 +10492,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10697,8 +10601,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 170, @@ -10807,8 +10710,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -10917,8 +10819,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 94, @@ -11027,8 +10928,7 @@ "related.ip": [ "192.168.15.224", "8.8.8.8", - "192.168.1.63", - "8.8.8.8" + "192.168.1.63" ], "rule.name": "new_outbound_from_trust", "server.bytes": 166,