elastic
diff --git a/‎packages/cloudflare/changelog.yml‎
Lines changed: 5 additions & 0 deletions b/‎packages/cloudflare/changelog.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log‎
Lines changed: 2 additions & 1 deletion b/‎packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json‎
Lines changed: 204 additions & 0 deletions b/‎packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json‎
Lines changed: 204 additions & 0 deletions
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.14.1"
+ changes:
+ - description: Fix handling of unix timestamps.
+ type: bugfix
+ link: https://github.com/elastic/integrations/pull/7763
 - version: "2.14.0"
  changes:
  - description: Update package-spec to 2.10.0.
 
@@ -1,3 +1,4 @@
 {"CacheCacheStatus":"unknown","CacheResponseBytes":0,"CacheResponseStatus":0,"CacheTieredFill":false,"ClientASN":15169,"ClientCountry":"us","ClientDeviceType":"desktop","ClientIP":"89.160.20.156","ClientIPClass":"noRecord","ClientRequestBytes":2577,"ClientRequestHost":"cf-analytics.com","ClientRequestMethod":"POST","ClientRequestPath":"/wp-cron.php","ClientRequestProtocol":"HTTP/1.1","ClientRequestReferer":"https://cf-analytics.com/wp-cron.php?doing_wp_cron=1564759748.3962020874023437500000","ClientRequestURI":"/wp-cron.php?doing_wp_cron=1564759748.3962020874023437500000","ClientRequestUserAgent":"WordPress/5.2.2;https://cf-analytics.com","ClientSSLCipher":"ECDHE-ECDSA-AES128-GCM-SHA256","ClientSSLProtocol":"TLSv1.2","ClientSrcPort":55028,"EdgeColoID":14,"EdgeEndTimestamp":"2019-08-02T15:29:08Z","EdgePathingOp":"ban","EdgePathingSrc":"filter_based_firewall","EdgePathingStatus":"captchaNew","EdgeRateLimitAction":"","EdgeRateLimitID":0,"EdgeRequestHost":"","EdgeResponseBytes":2848,"EdgeResponseCompressionRatio":2.64,"EdgeResponseContentType":"text/html","EdgeResponseStatus":403,"EdgeServerIP":"","EdgeStartTimestamp":"2019-08-02T15:29:08Z","FirewallMatchesActions":["simulate","challenge"],"FirewallMatchesSources":["firewallRules","firewallRules"],"FirewallMatchesRuleIDs":["094b71fea25d4860a61fa0c6fbbd8d8b","e454fd4a0ce546b3a9a462536613692c"],"OriginIP":"","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastModified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","ParentRayID":"00","RayID":"500115ec386354d8","SecurityLevel":"med","WAFAction":"unknown","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":false,"WorkerSubrequestCount":0,"ZoneID":155978002}
 {"CacheCacheStatus":"hit","CacheResponseBytes":26888,"CacheResponseStatus":200,"CacheTieredFill":true,"ClientASN":1136,"ClientCountry":"nl","ClientDeviceType":"desktop","ClientIP":"89.160.20.156","ClientIPClass":"noRecord","ClientRequestBytes":5324,"ClientRequestHost":"eqlplayground.io","ClientRequestMethod":"GET","ClientRequestPath":"/40865/bundles/plugin/securitySolution/8.0.0/securitySolution.chunk.9.js","ClientRequestProtocol":"HTTP/1.1","ClientRequestReferer":"https://eqlplayground.io/s/eqldemo/app/security/timelines/default?sourcerer=(default:!(.siem-signals-eqldemo))&timerange=(global:(linkTo:!(),timerange:(from:%272021-03-03T19:55:15.519Z%27,fromStr:now-24h,kind:relative,to:%272021-03-04T19:55:15.519Z%27,toStr:now)),timeline:(linkTo:!(),timerange:(from:%272020-03-04T19:55:28.684Z%27,fromStr:now-1y,kind:relative,to:%272021-03-04T19:55:28.692Z%27,toStr:now)))&timeline=(activeTab:eql,graphEventId:%27%27,id:%2769f93840-7d23-11eb-866c-79a0609409ba%27,isOpen:!t)","ClientRequestURI":"/40865/bundles/plugin/securitySolution/8.0.0/securitySolution.chunk.9.js","ClientRequestUserAgent":"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36","ClientSSLCipher":"NONE","ClientSSLProtocol":"none","ClientSrcPort":0,"ClientXRequestedWith":"","EdgeColoCode":"33.147.138.217","EdgeColoID":20,"EdgeEndTimestamp":1625752958875000000,"EdgePathingOp":"wl","EdgePathingSrc":"macro","EdgePathingStatus":"nr","EdgeRateLimitAction":"","EdgeRateLimitID":0,"EdgeRequestHost":"eqlplayground.io","EdgeResponseBytes":24743,"EdgeResponseCompressionRatio":0,"EdgeResponseContentType":"application/javascript","EdgeResponseStatus":200,"EdgeServerIP":"89.160.20.156","EdgeStartTimestamp":1625752958812000000,"FirewallMatchesActions":[],"FirewallMatchesRuleIDs":[],"FirewallMatchesSources":[],"OriginIP":"","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastModified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","ParentRayID":"66b9d9f88b5b4c4f","RayID":"66b9d9f890ae4c4f","SecurityLevel":"off","WAFAction":"unknown","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":true,"WorkerSubrequestCount":0,"ZoneID":393347122}
-{"CacheCacheStatus":"unknown","CacheResponseBytes":0,"CacheResponseStatus":0,"CacheTieredFill":false,"ClientASN":1136,"ClientCountry":"nl","ClientDeviceType":"desktop","ClientIP":"89.160.20.156","ClientIPClass":"noRecord","ClientRequestBytes":2520,"ClientRequestHost":"eqlplayground.io","ClientRequestMethod":"GET","ClientRequestPath":"/s/eqldemo/security/account","ClientRequestProtocol":"HTTP/2","ClientRequestReferer":"","ClientRequestURI":"/s/eqldemo/security/account","ClientRequestUserAgent":"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36","ClientSSLCipher":"AEAD-AES128-GCM-SHA256","ClientSSLProtocol":"TLSv1.3","ClientSrcPort":61593,"ClientXRequestedWith":"","EdgeColoCode":"AMS","EdgeColoID":20,"EdgeEndTimestamp":1625754264684000000,"EdgePathingOp":"ban","EdgePathingSrc":"filter_based_firewall","EdgePathingStatus":"nr","EdgeRateLimitAction":"","EdgeRateLimitID":0,"EdgeRequestHost":"183.53.30.34","EdgeResponseBytes":2066,"EdgeResponseCompressionRatio":2.45,"EdgeResponseContentType":"text/html","EdgeResponseStatus":403,"EdgeServerIP":"","EdgeStartTimestamp":1625754264676000000,"FirewallMatchesActions":["block"],"FirewallMatchesRuleIDs":["391eb601201e4f2a81038910f2b63f6d"],"FirewallMatchesSources":["firewallRules"],"OriginIP":"89.160.20.156","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastModified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","ParentRayID":"00","RayID":"66b9f9da396e4c01","SecurityLevel":"unk","WAFAction":"unknown","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":false,"WorkerSubrequestCount":0,"ZoneID":393347122}
+{"CacheCacheStatus":"unknown","CacheResponseBytes":0,"CacheResponseStatus":0,"CacheTieredFill":false,"ClientASN":1136,"ClientCountry":"nl","ClientDeviceType":"desktop","ClientIP":"89.160.20.156","ClientIPClass":"noRecord","ClientRequestBytes":2520,"ClientRequestHost":"eqlplayground.io","ClientRequestMethod":"GET","ClientRequestPath":"/s/eqldemo/security/account","ClientRequestProtocol":"HTTP/2","ClientRequestReferer":"","ClientRequestURI":"/s/eqldemo/security/account","ClientRequestUserAgent":"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36","ClientSSLCipher":"AEAD-AES128-GCM-SHA256","ClientSSLProtocol":"TLSv1.3","ClientSrcPort":61593,"ClientXRequestedWith":"","EdgeColoCode":"AMS","EdgeColoID":20,"EdgeEndTimestamp":1625754264684000000,"EdgePathingOp":"ban","EdgePathingSrc":"filter_based_firewall","EdgePathingStatus":"nr","EdgeRateLimitAction":"","EdgeRateLimitID":0,"EdgeRequestHost":"183.53.30.34","EdgeResponseBytes":2066,"EdgeResponseCompressionRatio":2.45,"EdgeResponseContentType":"text/html","EdgeResponseStatus":403,"EdgeServerIP":"","EdgeStartTimestamp":1625754264676000000,"FirewallMatchesActions":["block"],"FirewallMatchesRuleIDs":["391eb601201e4f2a81038910f2b63f6d"],"FirewallMatchesSources":["firewallRules"],"OriginIP":"89.160.20.156","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastModified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","ParentRayID":"00","RayID":"66b9f9da396e4c01","SecurityLevel":"unk","WAFAction":"unknown","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":false,"WorkerSubrequestCount":0,"ZoneID":393347122}
+{"CacheCacheStatus":"unknown","CacheResponseBytes":0,"CacheResponseStatus":0,"CacheTieredFill":false,"ClientASN":1136,"ClientCountry":"nl","ClientDeviceType":"desktop","ClientIP":"89.160.20.156","ClientIPClass":"noRecord","ClientRequestBytes":2520,"ClientRequestHost":"eqlplayground.io","ClientRequestMethod":"GET","ClientRequestPath":"/s/eqldemo/security/account","ClientRequestProtocol":"HTTP/2","ClientRequestReferer":"","ClientRequestURI":"/s/eqldemo/security/account","ClientRequestUserAgent":"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36","ClientSSLCipher":"AEAD-AES128-GCM-SHA256","ClientSSLProtocol":"TLSv1.3","ClientSrcPort":61593,"ClientXRequestedWith":"","EdgeColoCode":"AMS","EdgeColoID":20,"EdgeEndTimestamp":1625754264,"EdgePathingOp":"ban","EdgePathingSrc":"filter_based_firewall","EdgePathingStatus":"nr","EdgeRateLimitAction":"","EdgeRateLimitID":0,"EdgeRequestHost":"183.53.30.34","EdgeResponseBytes":2066,"EdgeResponseCompressionRatio":2.45,"EdgeResponseContentType":"text/html","EdgeResponseStatus":403,"EdgeServerIP":"","EdgeStartTimestamp":1625754264,"FirewallMatchesActions":["block"],"FirewallMatchesRuleIDs":["391eb601201e4f2a81038910f2b63f6d"],"FirewallMatchesSources":["firewallRules"],"OriginIP":"89.160.20.156","OriginResponseBytes":0,"OriginResponseHTTPExpires":"","OriginResponseHTTPLastModified":"","OriginResponseStatus":0,"OriginResponseTime":0,"OriginSSLProtocol":"unknown","ParentRayID":"00","RayID":"66b9f9da396e4c01","SecurityLevel":"unk","WAFAction":"unknown","WAFFlags":"0","WAFMatchedVar":"","WAFProfile":"unknown","WAFRuleID":"","WAFRuleMessage":"","WorkerCPUTime":0,"WorkerStatus":"unknown","WorkerSubrequest":false,"WorkerSubrequestCount":0,"ZoneID":393347122}
@@ -592,6 +592,210 @@
  },
  "version": "91.0.4472.124"
  }
+ },
+ {
+ "@timestamp": "2021-07-08T14:24:24.000Z",
+ "client": {
+ "address": "89.160.20.156",
+ "as": {
+ "number": 29518,
+ "organization": {
+ "name": "Bredband2 AB"
+ }
+ },
+ "bytes": 2520,
+ "geo": {
+ "city_name": "Linköping",
+ "continent_name": "Europe",
+ "country_iso_code": "SE",
+ "country_name": "Sweden",
+ "location": {
+ "lat": 58.4167,
+ "lon": 15.6167
+ },
+ "region_iso_code": "SE-E",
+ "region_name": "Östergötland County"
+ },
+ "ip": "89.160.20.156",
+ "port": 61593
+ },
+ "cloudflare": {
+ "cache": {
+ "status": "unknown",
+ "tiered_fill": false
+ },
+ "client": {
+ "ip_class": "noRecord",
+ "ssl": {
+ "protocol": "TLSv1.3"
+ }
+ },
+ "device_type": "desktop",
+ "edge": {
+ "colo": {
+ "code": "AMS",
+ "id": 20
+ },
+ "pathing": {
+ "op": "ban",
+ "src": "filter_based_firewall",
+ "status": "nr"
+ },
+ "rate_limit": {
+ "id": 0
+ },
+ "request": {
+ "host": "183.53.30.34"
+ },
+ "response": {
+ "bytes": 2066,
+ "compression_ratio": 2.45,
+ "content_type": "text/html",
+ "status_code": 403
+ }
+ },
+ "firewall": {
+ "actions": [
+ "block"
+ ],
+ "rule_ids": [
+ "391eb601201e4f2a81038910f2b63f6d"
+ ],
+ "sources": [
+ "firewallRules"
+ ]
+ },
+ "origin": {
+ "response": {
+ "bytes": 0,
+ "status_code": 0,
+ "time": 0
+ },
+ "ssl": {
+ "protocol": "unknown"
+ }
+ },
+ "parent": {
+ "ray_id": "00"
+ },
+ "ray_id": "66b9f9da396e4c01",
+ "security_level": "unk",
+ "waf": {
+ "action": "unknown",
+ "flags": "0",
+ "profile": "unknown"
+ },
+ "worker": {
+ "cpu_time": 0,
+ "status": "unknown",
+ "subrequest": false,
+ "subrequest_count": 0
+ },
+ "zone": {
+ "id": 393347122
+ }
+ },
+ "destination": {
+ "address": "89.160.20.156",
+ "bytes": 2066,
+ "ip": "89.160.20.156"
+ },
+ "ecs": {
+ "version": "8.9.0"
+ },
+ "event": {
+ "action": [
+ "block"
+ ],
+ "category": [
+ "network"
+ ],
+ "duration": 0,
+ "end": "2021-07-08T14:24:24.000Z",
+ "kind": "event",
+ "original": "{\"CacheCacheStatus\":\"unknown\",\"CacheResponseBytes\":0,\"CacheResponseStatus\":0,\"CacheTieredFill\":false,\"ClientASN\":1136,\"ClientCountry\":\"nl\",\"ClientDeviceType\":\"desktop\",\"ClientIP\":\"89.160.20.156\",\"ClientIPClass\":\"noRecord\",\"ClientRequestBytes\":2520,\"ClientRequestHost\":\"eqlplayground.io\",\"ClientRequestMethod\":\"GET\",\"ClientRequestPath\":\"/s/eqldemo/security/account\",\"ClientRequestProtocol\":\"HTTP/2\",\"ClientRequestReferer\":\"\",\"ClientRequestURI\":\"/s/eqldemo/security/account\",\"ClientRequestUserAgent\":\"Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36\",\"ClientSSLCipher\":\"AEAD-AES128-GCM-SHA256\",\"ClientSSLProtocol\":\"TLSv1.3\",\"ClientSrcPort\":61593,\"ClientXRequestedWith\":\"\",\"EdgeColoCode\":\"AMS\",\"EdgeColoID\":20,\"EdgeEndTimestamp\":1625754264,\"EdgePathingOp\":\"ban\",\"EdgePathingSrc\":\"filter_based_firewall\",\"EdgePathingStatus\":\"nr\",\"EdgeRateLimitAction\":\"\",\"EdgeRateLimitID\":0,\"EdgeRequestHost\":\"183.53.30.34\",\"EdgeResponseBytes\":2066,\"EdgeResponseCompressionRatio\":2.45,\"EdgeResponseContentType\":\"text/html\",\"EdgeResponseStatus\":403,\"EdgeServerIP\":\"\",\"EdgeStartTimestamp\":1625754264,\"FirewallMatchesActions\":[\"block\"],\"FirewallMatchesRuleIDs\":[\"391eb601201e4f2a81038910f2b63f6d\"],\"FirewallMatchesSources\":[\"firewallRules\"],\"OriginIP\":\"89.160.20.156\",\"OriginResponseBytes\":0,\"OriginResponseHTTPExpires\":\"\",\"OriginResponseHTTPLastModified\":\"\",\"OriginResponseStatus\":0,\"OriginResponseTime\":0,\"OriginSSLProtocol\":\"unknown\",\"ParentRayID\":\"00\",\"RayID\":\"66b9f9da396e4c01\",\"SecurityLevel\":\"unk\",\"WAFAction\":\"unknown\",\"WAFFlags\":\"0\",\"WAFMatchedVar\":\"\",\"WAFProfile\":\"unknown\",\"WAFRuleID\":\"\",\"WAFRuleMessage\":\"\",\"WorkerCPUTime\":0,\"WorkerStatus\":\"unknown\",\"WorkerSubrequest\":false,\"WorkerSubrequestCount\":0,\"ZoneID\":393347122}",
+ "start": "2021-07-08T14:24:24.000Z",
+ "type": [
+ "denied"
+ ]
+ },
+ "http": {
+ "request": {
+ "bytes": 2520,
+ "method": "GET"
+ },
+ "response": {
+ "bytes": 2066,
+ "status_code": 403
+ },
+ "version": "2"
+ },
+ "network": {
+ "bytes": 4586,
+ "protocol": "http",
+ "transport": "tcp"
+ },
+ "observer": {
+ "type": "proxy",
+ "vendor": "cloudflare"
+ },
+ "server": {
+ "address": "89.160.20.156",
+ "bytes": 2066,
+ "ip": "89.160.20.156"
+ },
+ "source": {
+ "address": "89.160.20.156",
+ "as": {
+ "number": 29518,
+ "organization": {
+ "name": "Bredband2 AB"
+ }
+ },
+ "bytes": 2520,
+ "geo": {
+ "city_name": "Linköping",
+ "continent_name": "Europe",
+ "country_iso_code": "SE",
+ "country_name": "Sweden",
+ "location": {
+ "lat": 58.4167,
+ "lon": 15.6167
+ },
+ "region_iso_code": "SE-E",
+ "region_name": "Östergötland County"
+ },
+ "ip": "89.160.20.156",
+ "port": 61593
+ },
+ "tags": [
+ "preserve_original_event"
+ ],
+ "tls": {
+ "cipher": "AEAD-AES128-GCM-SHA256",
+ "version": "1.3",
+ "version_protocol": "tls"
+ },
+ "url": {
+ "domain": "eqlplayground.io",
+ "full": "https://eqlplayground.io/s/eqldemo/security/account",
+ "original": "/s/eqldemo/security/account",
+ "path": "/s/eqldemo/security/account",
+ "scheme": "https"
+ },
+ "user_agent": {
+ "device": {
+ "name": "Other"
+ },
+ "name": "Chrome",
+ "original": "Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/91.0.4472.124Safari/537.36",
+ "os": {
+ "full": "Windows $1",
+ "name": "Windows",
+ "version": "$1"
+ },
+ "version": "91.0.4472.124"
+ }
  }
  ]
 }