Mapping of Gigamon Metadata Attributes to ECS fields

Author: apps-elastic-gigamon

packages/gigamon/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.8.0"
+ changes:
+ - description: Mapping of Gigamon attributes to ECS fields
+ type: enhancement
+ link: https://github.com/elastic/integrations/pull/14692
 - version: "1.7.0"
  changes:
  - description: Added child dashboards for ZT.

packages/gigamon/data_stream/ami/_dev/test/pipeline/test-ami.json

@@ -2201,6 +2201,231 @@
  "id": "679408454713142279",
  "seq_num": "724"
  }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "00:90:7f:3e:02:d0",
+ "src_mac": "e0:f8:47:21:c9:d6",
+ "src_ip": "172.16.133.96",
+ "dst_ip": "172.16.133.134",
+ "protocol": "6",
+ "src_port": "53512",
+ "dst_port": "80",
+ "device_inbound_interface": "0",
+ "http_rtt": "2",
+ "http_server": "g-pixel.invitemedia.com",
+ "http_referer": "http:\\/\\/pixel.invitemedia.com\\/data_sync?partner_id=419",
+ "http_uri": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999",
+ "http_uri_path": "\\/BurstingPipe\\/adServer.bs",
+ "http_host": "bs.serving-sys.com",
+ "http_uri_raw": "\\/BurstingPipe\\/adServer.bs?cn=rsb&c=28&pli=6283423&PluID=0&w=600&h=300&ncu=$$http:\\/\\/adclick.g.doubleclick.net\\/aclk?sa=L&ai=BbjDYCjItUfTZNtD56AGYzIHoAYjCzaoDAAAAEAEg5IOJAzgAWKi3js5KYMmG7YiEpOwPsgEWd3d3LmJhcnN0b29sc3BvcnRzLmNvbboBCWdmcF9pbWFnZcgBCdoBHmh0dHA6Ly93d3cuYmFyc3Rvb2xzcG9ydHMuY29tL8ACAuACAOoCGy81NzI0OTA1Ni82MDB4MzAwX1N1cGVycGFnZfgCgtIegAMBkAOkA5gDpAOoAwHgBAGgBhY&num=0&sig=AOD64_3ys4vfsF0cKFXmFwXWDhecLGNUFA&client=ca-pub-8984096390091816&adurl=$$&ord=1291673978&z=9999",
+ "http_set_cookie": "S_6283423=1070476434893147863",
+ "http_server_agent": "Jetty(7.3.1.v20110307)",
+ "http_code": "200",
+ "http_content_encoding": "gzip",
+ "http_content_type": "image\\/gif",
+ "http_method": "GET",
+ "http_version": "1.1",
+ "http_user_agent": "Mozilla\\/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit\\/534.57.2 (KHTML, like Gecko) Version\\/5.1.7 Safari\\/534.57.2",
+ "http_file_type": "GIF (v89a)",
+ "app_id": "67",
+ "tcp_flags": "19",
+ "src_bytes": "702",
+ "dst_bytes": "1261",
+ "src_packets": "5",
+ "dst_packets": "4",
+ "start_time": "2025:01:27 21:31:31.807",
+ "end_time": "2025:01:27 21:31:31.863",
+ "flow_start_sec": "2025:01:27 21:31:30",
+ "flow_end_sec": "2025:01:27 21:31:30",
+ "intf_name": "0",
+ "egress_intf_id": "0",
+ "app_name": "http",
+ "id": "6470375316427636737",
+ "seq_num": "187452"
+ }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "b4:0c:25:e0:40:11",
+ "src_mac": "4c:32:75:97:66:cf",
+ "src_ip": "10.155.24.73",
+ "dst_ip": "10.155.24.35",
+ "protocol": "6",
+ "src_port": "64631",
+ "dst_port": "443",
+ "device_inbound_interface": "0",
+ "ssl_common_name": "*.event.prod.bidr.io",
+ "ssl_issuer": "Amazon",
+ "ssl_validity_not_before": "2017-08-31 06:30:04",
+ "ssl_validity_not_after": "2020-08-31 06:30:04",
+ "ssl_cipher_suite_id": "49199",
+ "ssl_protocol_version": "771",
+ "ssl_certificate_subject_cn": "*.event.prod.bidr.io",
+ "ssl_ext_sig_algorithm_scheme": "1027",
+ "ssl_ext_sig_algorithm_hash": "4",
+ "ssl_ext_sig_algorithm_sig": "3",
+ "ip_wrong_crc": "5199",
+ "app_id": "1183",
+ "tcp_flags": "18",
+ "src_bytes": "2365",
+ "dst_bytes": "6387",
+ "src_packets": "11",
+ "dst_packets": "8",
+ "start_time": "2025:01:27 21:37:26.327",
+ "end_time": "2025:01:27 21:37:26.415",
+ "flow_start_sec": "2025:01:27 21:37:25",
+ "flow_end_sec": "2025:01:27 21:37:25",
+ "intf_name": "0",
+ "egress_intf_id": "0",
+ "app_name": "amazon-aws",
+ "id": "6470375590653329409",
+ "seq_num": "319260"
+ }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "4c:32:75:97:66:cf",
+ "src_mac": "c0:94:35:1c:5e:1a",
+ "src_port": "443",
+ "dst_port": "63770",
+ "tcp_loss_count": "1380",
+ "tcp_rtt": "0.000015",
+ "tcp_rtt_app": "0.000026",
+ "tcp_retransmission_bytes": "155",
+ "tcp_flag_reset": "1",
+ "tcp_wrong_crc": "4296",
+ "app_id": "68",
+ "src_ipv6": "2a02:cf40:0000:0000:0000:0000:0000:0001",
+ "dst_ipv6": "2a02:cf47:ffff:ffff:ffff:ffff:ffff:0001",
+ "ip_version": "6",
+ "tcp_flags": "18",
+ "src_packets": "3301",
+ "dst_packets": "4205",
+ "flow_start_sec": "2025:07:28 03:12:22",
+ "end_reason": "2",
+ "app_name": "https",
+ "src_bytes": "307270",
+ "dst_bytes": "558827",
+ "id": "691388880983323651",
+ "seq_num": "52332271"
+ }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "b4:0c:25:e0:40:53",
+ "src_mac": "00:08:e3:ff:fc:28",
+ "src_ip": "10.10.1.116",
+ "dst_ip": "10.120.10.218",
+ "protocol": "17",
+ "src_port": "61751",
+ "dst_port": "161",
+ "device_inbound_interface": "0",
+ "snmp_version": "2c",
+ "app_id": "190",
+ "tcp_flags": "0",
+ "src_bytes": "172",
+ "dst_bytes": "182",
+ "src_packets": "2",
+ "dst_packets": "2",
+ "start_time": "2025:01:27 21:33:58.759",
+ "end_time": "2025:01:27 21:33:58.759",
+ "flow_start_sec": "2025:01:27 21:33:57",
+ "flow_end_sec": "2025:01:27 21:33:57",
+ "intf_name": "0",
+ "egress_intf_id": "0",
+ "app_name": "snmp",
+ "id": "6470375508803584001",
+ "seq_num": "213751"
+ }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "ff:ff:ff:ff:ff:ff",
+ "src_mac": "09:00:09:00:01:12",
+ "src_ip": "10.2.1.23",
+ "dst_ip": "10.2.1.255",
+ "protocol": "17",
+ "src_port": "138",
+ "dst_port": "138",
+ "device_inbound_interface": "0",
+ "smb_version": "1",
+ "smb_command_string": "negotiate",
+ "smb_path": "\\/\\/11.1.0.37:445\\/sharefile",
+ "smb_host": "user1",
+ "smb_filename": "testfile",
+ "app_id": "3855",
+ "tcp_flags": "0",
+ "src_bytes": "38376",
+ "dst_bytes": "0",
+ "src_packets": "162",
+ "dst_packets": "0",
+ "start_time": "2025:01:27 21:30:10.463",
+ "end_time": "2025:01:27 21:30:44.847",
+ "flow_start_sec": "2025:01:27 21:30:09",
+ "flow_end_sec": "2025:01:27 21:30:43",
+ "intf_name": "0",
+ "egress_intf_id": "0",
+ "app_name": "mailslot",
+ "id": "6470375254073016321",
+ "seq_num": "76099"
+ }
+ },
+ {
+ "json": {
+ "ts": "Wed Dec 13 15:25:54 2023",
+ "vendor": "Gigamon",
+ "version": "6.5.00",
+ "generator": "gs_apps_appInst16_423722da-33ec-1556-b24b-cda2e74a53f6",
+ "dst_mac": "02:01:93:9c:99:4d",
+ "src_mac": "02:01:93:9c:98:37",
+ "src_ip": "10.1.0.4",
+ "dst_ip": "10.1.0.4",
+ "protocol": "17",
+ "src_port": "57677",
+ "dst_port": "67",
+ "dns_qdcount": "1",
+ "dns_message_type": "QUERY",
+ "dns_tunneling": "1",
+ "dns_reverse_addr": "10.12.21.34",
+ "dns_flags": "256",
+ "dns_opcode": "0",
+ "dns_class": "1",
+ "dns_query": "34.21.12.61.in-addr.arpa",
+ "dns_query_type": "12",
+ "app_id": "32",
+ "ip_version": "4",
+ "src_packets": "2955",
+ "dst_packets": "2705",
+ "flow_start_sec": "2025:07:27 23:52:17",
+ "end_reason": "1",
+ "app_name": "dns",
+ "src_bytes": "326560",
+ "dst_bytes": "432901",
+ "id": "691388880109625347",
+ "seq_num": "52203185"
+ }
  }
  ]
 }
+