Beats version 7.10.0
editBeats version 7.10.0
editBreaking changes
editAffecting all Beats
-
Added
certificate
TLS verification mode to ignore server name mismatch. 12283 20293 -
Remove redundant
cloudfoundry.*.timestamp
fields. This value is set in@timestamp
. 21175 - Allow embedding of CAs, Certificate of private keys for anything that supports TLS in outputs and inputs 21179
-
API address is a required setting in
add_cloudfoundry_metadata
. 21759
Auditbeat
- Change network.direction values to ECS recommended values (inbound, outbound). 12445 20695
- Docker container needs to be explicitly run as user root for auditing. 21202
-
File integrity dataset no longer includes the leading dot in
file.extension
values (e.g. it will report "png" instead of ".png") to comply with ECS. 21644
Filebeat
- Cisco 18753
- CrowdStrike 19132
- Fortinet 19133
- iptables 18756
- Checkpoint 18754
- Netflow 19087
-
Zeek 19113 (
forwarded
tag is not included by default) -
Suricata 19107 (
forwarded
tag is not included by default) -
CoreDNS 19134 (
forwarded
tag is not included by default) -
Envoy Proxy 19134 (
forwarded
tag is not included by default)
Heartbeat
Journalbeat
Metricbeat
Packetbeat
Winlogbeat
Functionbeat
Bugfixes
editAffecting all Beats
- Remove unnecessary restarts of metricsets while using Node autodiscover 19974
-
[Metricbeat][Kubernetes] Change
cluster_ip
field fromip
tokeyword
. 20571 - [Autodiscover] Handle input-not-finished errors in config reload. 20915
- Orderly close processors when processing pipelines are not needed anymore to release their resources. 16349
- Fix parsing of expired licences. 21112 22180
Auditbeat
Filebeat
-
Fix mapping of
fortinet.firewall.mem
asinteger
. 19335 - Fix auditd module syscall table for ppc64 and ppc64le. 20052
- Fix Filebeat OOMs on very long lines 19500, 19552
- Ignore missing in Zeek module when dropping unecessary fields. 19984
-
Fix
event.outcome
logic for azure/siginlogs fileset 20254 - Improve validation checks for Azure configuration 20369 20389
-
Fix
event.kind
for system/syslog pipeline 20365 20390 -
Fix
event.type
for zeek/ssl and duplicateevent.category
for zeek/connection 20696 -
Remove wrongly mapped
tls.client.server_name
fromfortinet/firewall
fileset. 20983 - Handle multiple upstreams in ingress-controller. 21215
-
Provide backwards compatibility for the
append
processor when Elasticsearch is less than 7.10.0. 21159 - Fix checkpoint module when logs contain time field. 20567
- Fix syslog RFC 5424 parsing in the CheckPoint module. 21854
- Fix incorrect connection state mapping in zeek connection pipeline. 22151 22149
-
Fix for
field [source] not present as part of path [source.ip]
error in azure pipelines. 22377 - Fix handing missing eventtime and assignip field being set to N/A for fortinet module. 22361
Heartbeat
-
Add support for new
service_name
option to all monitors. 19932.
Journalbeat
Metricbeat
-
Add support for azure light metricset
app_stats
. 20639 - Fix ec2 disk and network metrics to use Sum statistic method. 20680
- Fix ec2 disk and network metrics to use Sum statistic method. 20680
- Update fields.yml in the azure module, missing metrics field. 20918
- Disable Kafka metricsets based on Jolokia by default. They require a different configuration. 20989
- Fix timestamp handling in remote_write. 21166
- Visualization title fixes in aws, azure and googlecloud compute dashboards. 21098
- Fix retrieving resources by ID for the azure module. 21711 21707
- Use timestamp from CloudWatch API when creating events. 21498
- Report the correct windows events for system/filesystem 21758
- Fix regular expression in windows/permfon. 22146 21125
- Fix azure storage event format. 21845
- Fix panic in kubernetes autodiscover related to keystores 21843 21880
- [Kubernetes] Remove redundant dockersock volume mount 22009
-
Revert change to report
process.memory.rss
asprocess.memory.wss
on Windows. 22055 -
Add interval information to
monitor
metricset in azure. 22152 -
Remove
io.time
from windows 22237 - Fix instance name in perfmon metricset. 22218 22261
Packetbeat
Winlogbeat
- Fix invalid IP addresses in DNS query results from Sysmon data. 18432 18436
-
Fix
event.outcome
in the security module for non-English languages. 20079 20564 - Fields from Winlogbeat modules were not being included in index templates and patterns. 18983
- Protect against accessing undefined variables in Sysmon module. 22219 22236
Functionbeat
Added
editAffecting all Beats
- Add minimum cache TTL for successful DNS responses. 18986
-
Add support for DNS over TLS for the
dns
processor. 19321 - Add leader election for Kubernetes autodiscover. 20281
-
Add capability of enriching process metadata with container id also for non-privileged containers in
add_process_metadata
processor. 19767 -
Add
replace_fields
config option inadd_host_metadata
for replacing host fields. 20490 20464 - Add ingress controller dashboards. 21052
-
Added experimental
citrix
module. 20820 -
Added experimental
cyberark
module. 20820 -
Added experimental
proofpoint
module. 20820 -
Added experimental
snort
module. 20820 -
Added experimental
symantec
module. 20820 -
Added experimental dataset
barracuda/spamfirewall
. 20820 -
Added experimental dataset
cisco/meraki
. 20820 -
Added experimental dataset
f5/bigipafm
. 20820 -
Added experimental dataset
fortinet/fortimail
. 20820 -
Added experimental dataset
fortinet/fortimanager
. 20820 -
Added experimental dataset
juniper/netscreen
. 20820 -
Added experimental dataset
sophos/utm
. 20820 - Add Cloud Foundry tags in related events. 21177
- Cloud Foundry metadata is cached to disk. 20775
-
Add option to select the type of index template to load:
legacy
,component
,index
. 21212 -
Release
add_cloudfoundry_metadata
as GA. 21525 - Added Kafka version 2.2 to the list of supported versions. 22328
Auditbeat
Filebeat
-
Add support for reading auditd logs that are prefixed with
node=
. 19659 -
Add
event.ingested
to all Filebeat modules. 20386 -
Add
event.ingested
for Suricata module 20220 -
Add support for custom header and headersecret for filebeat
http_endpoint
input 20435 -
Convert
httpjson
to v2 input 20226 -
Add
event.ingested
to all Filebeat modules. 20386 - Return error when log harvester tries to open a named pipe. 18682 20450
- Avoid goroutine leaks in Filebeat readers. 19193 20455
-
Improve Zeek x509 module with
x509
ECS mappings 20867 -
Improve Zeek SSL module with
x509
ECS mappings 20927 -
Added new properties field support for
event.outcome
in azure module 20998 -
Improve Zeek Kerberos module with
x509
ECS mappings 20958 -
Improve Fortinet firewall module with
x509
ECS mappings 20983 -
Improve Santa module with
x509
ECS mappings 20976 -
Improve Suricata Eve module with
x509
ECS mappings 20973 - Added new module for Zoom webhooks 20414
-
Add
type
andsub_type
to panwpanos
fileset 20912 - Always attempt community_id processor on zeek module 21155
-
Add
related.hosts
ecs field to all modules 21160 -
Keep cursor state between
httpjson
input restarts 20751 - Convert aws s3 to v2 input 20005
- Add support for additional fields from V2 ALB logs. 21540
- Release Cloud Foundry input as GA. 21525
- New Cisco Umbrella dataset 21504
-
New
juniper.srx
dataset for Juniper SRX logs. 20017 - Adding support for Microsoft 365 Defender (Microsoft Threat Protection) 21446
- Adding support for FIPS in s3 input 21446
- Update Okta documentation for new stateful restarts. 22091
-
Use workers in
aws-s3
input to process SQS messages. 27199
Heartbeat
- Add index and pipeline settings to monitor configurations. 20610
Journalbeat
Metricbeat
-
Add
state_statefulset
metricset to Metricbeat recommended configuration for k8s. 17627 - Infer types in Prometheus remote_write. 19944
-
Add
cloud.instance.name
into aws ec2 metricset. 20077 - Add host inventory metrics into aws ec2 metricset. 20171
-
Add
scope
setting for Elasticsearch module, allowing it to monitor an Elasticsearch cluster behind a load-balancing proxy. 18539 18547 -
Add
state_daemonset
metricset for Kubernetes Metricbeat module 20649 - Add host inventory metrics to googlecloud compute metricset. 20391
- Add host inventory metrics to azure compute_vm metricset. 20641
- Add host inventory metrics to system module. 20415
- Add billing data collection from Cost Explorer into aws billing metricset. 20527 20103
-
Migrate
compute_vm
metricset to a light one, mapcloud.instance.id
field. 20889 - Request prometheus endpoints to be gzipped by default 20766
- Add latency config parameter into aws module. 20875
-
Add
billing
metricset into googlecloud module. 20812 20738 -
Release all kubernetes
state
metricsets as GA 20901 -
Move
compute_vm_scaleset
to light metricset. 21038 20985 -
Sanitize
event.host
. 21022 - Add support for different Azure Cloud environments in the metricbeat azure module. 21044 20988
- Add overview and platform health dashboards to Cloud Foundry module. 21124
-
Release
lambda
metricset in aws module as GA. 21251 21255 -
Add dashboard for
pubsub
metricset in googlecloud module. 21326 17137 - Move Prometheus query & remote_write to GA. 21507
-
Map cloud data filed
cloud.account.id
to azure subscription. 21483 21381 - Expand unsupported option from namespace to metrics in the azure module. 21486
Packetbeat
Functionbeat
Winlogbeat
Elastic Log Driver - Add support to change beat name, and support for Kibana Logs. 20522
Deprecated
edit- N/A