Correct network-traffic mapping for elasticsearch
cmadam opened this issue · 0 comments
cmadam commented
Describe the bug
Some mappings for network traffic in the elastic ECS connector are incorrect - they use network_traffic instead of network-traffic. Because of this, sometimes STIX-shifter does not return any results when we are querying for network traffic.
To Reproduce
Steps to reproduce the behavior:
- Bring up an instance of Elasticsearch
- Import in this instance the (index win-111-winlogbeat-bh22-20220727
- Run the following STIX query against this index:
[network-traffic:src_port = 50383] START t'2022-07-27T00:00:00Z' STOP t'2022-07-28T00:00:00Z' - The query will not return any results.
Expected behavior
Running the query against the index described above should have returned 1 entity.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- Ubuntu 20.04
- Python 3.8.10
- STIX-shifter version: 5.1.1
Smartphone (please complete the following information):
- N/A
Additional context
Add any other context about the problem here.