Skip to content

trendmicro: enhance ecs mappings for event.category and event.type #8631

New issue
New issue
Closed
Closed
trendmicro: enhance ecs mappings for event.category and event.type#8631
Assignees
mohitjha-elastic
Labels
Integration:trendmicroTrend Micro Deep SecurityTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issuesmapping/pipeline issue
@kgeller

Description

@kgeller
kgeller
opened on Dec 1, 2023

For the trendmicro integration, the default pipeline sets event.category: network and event.type: [connection,access,allowed,denied,info]. Having these categorization fields mass applied to all events makes it more difficult for users to gain insight into the events.

ECS event.category allowed values: https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-category.html
ECS event.type allowed values: https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-type.html

Metadata

Metadata

Assignees

Labels

Integration:trendmicroTrend Micro Deep SecurityTeam:Security-Service IntegrationsSecurity Service Integrations team [elastic/security-service-integrations]Team:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issuesmapping/pipeline issue

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions