Skip to content

Commit

Permalink
Filebeat auditd: Fix Top Exec Commands dashboard visualization (#27638)…
Browse files Browse the repository at this point in the history 
… (#27646)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.

(cherry picked from commit 9b574ef)
  • Loading branch information
@adriansr
adriansr committed Aug 31, 2021
1 parent 57fa25e commit e3c9257
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fix s3 input when there is a blank line in the log file. {pull}25357[25357]
- Fixes the Snyk module to work with the new API changes. {pull}27358[27358]
- Fixes a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
- Auditd: Fix Top Exec Commands dashboard visualization. {pull}27638[27638]

*Heartbeat*

Expand Down
2 changes: 1 addition & 1 deletion filebeat/module/auditd/_meta/kibana/7/dashboard/Filebeat-auditd.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@
"index": "filebeat-*",
"query": {
"language": "kuery",
"query": "event.action:EXECVE"
"query": "event.action:execve"
}
}
},
Expand Down

0 comments on commit e3c9257

Please sign in to comment.