Deprecate original Fortinet integration & update ingest pipelines

Author: legoguy1000

packages/fortinet/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.8.1"
+ changes:
+ - description: Deprecating Fortinet package in favor of new product specific packages
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/3819
 - version: "1.8.0"
  changes:
  - description: Update package to ECS 8.4.0

packages/fortinet/manifest.yml

@@ -1,8 +1,8 @@
 name: fortinet
 title: Fortinet
-version: "1.8.0"
+version: "1.8.1"
 release: ga
-description: Collect logs from Fortinet instances with Elastic Agent.
+description: Deprecated. Collect logs from Fortinet instances with Elastic Agent.
 type: integration
 format_version: 1.0.0
 license: basic

packages/fortinet_forticlient/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+ changes:
+ - description: Update Ingest Pipeline with observer Fields
+ type: enhancement # can be one of: enhancement, bugfix, breaking-change
+ link: https://github.com/elastic/integrations/pull/3819
 - version: "1.0.0"
  changes:
  - description: Initial version of Fortinet FortiClient as separate package

packages/fortinet_forticlient/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json

@@ -10,12 +10,6 @@ tags:
 {{#each tags as |tag i|}}
  - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
- observer:
- vendor: "Fortinet"
- product: "FortiClient"
- type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/agent/stream/log.yml.hbs

@@ -7,12 +7,6 @@ tags:
 {{#each tags as |tag i|}}
  - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
- observer:
- vendor: "Fortinet"
- product: "FortiClient"
- type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/agent/stream/tcp.yml.hbs

@@ -7,12 +7,6 @@ tags:
 {{#each tags as |tag i|}}
  - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
- observer:
- vendor: "Fortinet"
- product: "FortiClient"
- type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/agent/stream/udp.yml.hbs

@@ -1,10 +1,18 @@
 ---
 description: Pipeline for Fortinet FortiClient Endpoint Security
-
 processors:
  - set:
  field: ecs.version
  value: '8.3.0'
+ - set:
+ field: observer.vendor
+ value: Fortinet
+ - set:
+ field: observer.product
+ value: FortiClient
+ - set:
+ field: observer.type
+ value: anti-virus
  # User agent
  - user_agent:
  field: user_agent.original

packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -1,6 +1,6 @@
 name: fortinet_forticlient
 title: Fortinet FortiClient Logs
-version: 1.0.0
+version: 1.1.0
 release: ga
 description: Collect logs from Fortinet FortiClient instances with Elastic Agent.
 type: integration

packages/fortinet_forticlient/manifest.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.0"
+ changes:
+ - description: Update Ingest Pipeline with observer Fields
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/3819
 - version: "1.1.0"
  changes:
  - description: Add dashboard.