[Auditbeat] auditd network.direction should use inbound/outbound

As per ECS the `network.direction` values should be `inbound` or `outbound` or `unknown`.

https://github.com/elastic/ecs/blob/v1.0.1/schemas/network.yml#L88-L92

But the `auditd` modules uses `incoming` and `outgoing` for audit events that include a socket message.

https://github.com/elastic/beats/blob/6c55de47f1fc9d0d41210e94f787eff4218bff14/vendor/github.com/elastic/go-libaudit/aucoalesce/coalesce.go#L112-L120

	func (d Direction) String() string {
	switch d {
	case IncomingDir:
	return "incoming"
	case OutgoingDir:
	return "outgoing"
	}
	return "unknown"
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Auditbeat] auditd network.direction should use inbound/outbound #12445

andrewkroh
openedon Jun 5, 2019

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Auditbeat] auditd network.direction should use inbound/outbound #12445

Description

andrewkrohopenedon Jun 5, 2019

Metadata