Skip to content

[decode_cef] Updates for ArcSight Common Event Format (CEF) - Version 26  #40269

New issue
New issue
Open
Enhancement
Open
[decode_cef] Updates for ArcSight Common Event Format (CEF) - Version 26 #40269
Enhancement
Labels
:ProcessorsFilebeatFilebeatTeam:Security-Deployment and DevicesDeployment and Devices Team in Security Solutionenhancement
@andrewkroh

Description

@andrewkroh
andrewkroh
opened on Jul 16, 2024

Describe the enhancement:

There is a update to the CEF specification and we should update our decode_cef processor to account for any changes.

We need to analyze differences between the two to see what changed. There's a CEF:1 described in this v26 document. We need to check if there were any breaking changes that need special handling or if there were only additions (like new keys names, e.g. customerKey).

Metadata

Metadata

Assignees

No one assigned

    Labels

    :ProcessorsFilebeatFilebeatTeam:Security-Deployment and DevicesDeployment and Devices Team in Security Solutionenhancement

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions