Mapping of Gigamon Metadata Attributes to ECS fields

Author: apps-elastic-gigamon

packages/gigamon/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.7.0"
+ changes:
+ - description: Mapping of Gigamon Attributes to ECS fields 
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/14692 
 - version: "1.7.0"
  changes:
  - description: Added child dashboards for ZT.

packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json

@@ -8,8 +8,8 @@
  "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
  "dst_mac": "01:00:5e:00:00:fb",
  "src_mac": "00:50:56:8d:89:41",
- "src_ip": "10.114.82.101",
- "dst_ip": "224.0.0.251",
+ "src_ip": "89.160.20.112",
+ "dst_ip": "89.160.20.113",
  "protocol": "17",
  "src_port": "5353",
  "dst_port": "5353",
@@ -1044,6 +1044,8 @@
  "dns_qdcount": "4",
  "dns_transaction_id": "0",
  "dns_name": "3.a.2.3.7.1.5.5.e.2.1.6.e.4.7.e.0.8.0.2.1.0.0.0.0.0.0.0.b.a.c.f. ip6.arpa",
+ "dns_message_type": "QUERY",
+ "dns_tunneling": "1",
  "dns_host": "pnstrex-83631.local",
  "dns_host_addr": "10.114.82.162",
  "dns_host_type": "PTR",
@@ -1099,6 +1101,22 @@
  "egress_intf_id": "0",
  "sys_up_time_first": "1890478091",
  "sys_up_time_last": "2158913547",
+ "http_rtt": "2",
+ "http_server": "g-pixel.invitemedia.com",
+ "http_referer": "http:\\/\\/pixel.invitemedia.com\\/data_sync?partner_id=419",
+ "http_uri": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999",
+ "http_uri_path": "\\/BurstingPipe\\/adServer.bs",
+ "http_host": "bs.serving-sys.com",
+ "http_uri_raw": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999",
+ "http_set_cookie": "S_6283423=1070476434893147863",
+ "http_server_agent": "Jetty(7.3.1.v20110307)",
+ "http_code": "200",
+ "http_content_encoding": "gzip",
+ "http_content_type": "image\\/gif",
+ "http_method": "GET",
+ "http_version": "1.1",
+ "http_user_agent": "Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit\\/534.57.2 (KHTML, like Gecko) Version\\/5.1.7 Safari\\/534.57.2",
+ "http_file_type": "GIF (v89a)",
  "end_reason": "1",
  "app_name": "https",
  "id": "679408454713104391",
@@ -2081,6 +2099,8 @@
  "dst_packets": "3",
  "start_time": "2023:12:13 15:25:36.669",
  "end_time": "2023:12:13 15:25:38.253",
+ "flow_start_sec": "2023:12:13 15:25:21",
+ "flow_end_sec": "2023:12:13 15:25:40",
  "intf_name": "0",
  "egress_intf_id": "0",
  "sys_up_time_first": "1624860683",
@@ -2097,10 +2117,18 @@
  "vendor": "Gigamon",
  "version": "6.5.00",
  "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
- "dns_qdcount": "0",
- "dns_ancount": "27",
- "dns_transaction_id": "0",
- "dns_name": "sys"
+ "smb_version": "1",
+ "smb_command_string": "negotiate",
+ "smb_path": "\\/\\/11.1.0.37:445\\/sharefile",
+ "smb_host": "user1",
+ "smb_filename": "testfile",
+ "app_id": "3855",
+ "tcp_flags": "0",
+ "src_bytes": "1036",
+ "dst_bytes": "0",
+ "src_packets": "4",
+ "dst_packets": "0",
+ "app_name": "mailslot"
  }
  },
  {
@@ -2117,7 +2145,16 @@
  "src_port": "41529",
  "dst_port": "9080",
  "device_inbound_interface": "0",
- "ssl_cipher_suite_id": "49200",
+ "ssl_common_name": "*.zoom.us",
+ "ssl_issuer": "Go Daddy Secure Certificate Authority - G2",
+ "ssl_cipher_suite_id": "49199",
+ "ssl_protocol_version": "771",
+ "ssl_certificate_subject_cn": "*.zoom.us",
+ "ssl_ext_sig_algorithm_scheme": "1537",
+ "ssl_ext_sig_algorithm_hash": "6",
+ "ssl_ext_sig_algorithm_sig": "1",
+ "ssl_validity_not_before": "2025-05-26 04:32:14",
+ "ssl_validity_not_after": "2026-05-26 04:32:14",
  "app_id": "4962",
  "ip_version": "4",
  "src_bytes": "1533",
@@ -2142,12 +2179,14 @@
  "vendor": "Gigamon",
  "version": "6.5.00",
  "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
- "dns_qdcount": "1",
- "dns_ancount": "30",
- "dns_transaction_id": "0",
- "dns_name": "_tms_cluster._tcp.local",
- "dns_host": "duo-test-cluster._tms_cluster._tcp.local",
- "dns_host_type": "PTR"
+ "tcp_loss_count": "1380",
+ "tcp_rtt": "0.000015",
+ "tcp_rtt_app": "0.000026",
+ "tcp_retransmission_bytes": "155",
+ "tcp_flag_reset": "1",
+ "tcp_wrong_crc": "4296",
+ "ip_wrong_crc": "5199",
+ "app_id": "15"
  }
  },
  {
@@ -2156,11 +2195,8 @@
  "vendor": "Gigamon",
  "version": "6.5.00",
  "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
- "dns_qdcount": "2",
- "dns_ancount": "40",
- "dns_transaction_id": "0",
- "dns_name": "_tcn_Suki-Cluster._tcp.local",
- "dns_host": "eqaHCT._tms"
+ "snmp_version": "2c",
+ "app_id": "190"
  }
  },
  {
@@ -2204,3 +2240,4 @@
  }
  ]
 }
+