Skip to content

Commit

Permalink
Filebeat auditd: Fix Top Exec Commands dashboard visualization (elast…
Browse files Browse the repository at this point in the history 
…ic#27638)

This visualization was expecting an uppercase EXECVE value in
event.action while the ingest pipeline was lowercasing this value.
  • Loading branch information
@adriansr
adriansr authored and wiwen committed Nov 1, 2021
1 parent bcaaa33 commit 9466861
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
- Fixes the Snyk module to work with the new API changes. {pull}27358[27358]
- Fixes a bug in `http_endpoint` that caused numbers encoded as strings. {issue}27382[27382] {pull}27480[27480]
- Update indentation for azure filebeat configuration. {pull}26604[26604]
- Auditd: Fix Top Exec Commands dashboard visualization. {pull}27638[27638]

*Heartbeat*

Expand Down
2 changes: 1 addition & 1 deletion .../module/auditd/_meta/kibana/7/visualization/5ebdbe50-0a0f-11e7-825f-6748cda7d858-ecs.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index",
"query": {
"language": "kuery",
"query": "event.action:EXECVE"
"query": "event.action:execve"
}
}
},
Expand Down

0 comments on commit 9466861

Please sign in to comment.