The documentation for the cylance module in filebeats looks mixed up with RSA Netwitness.
In this documentation:
RSA fields are referenced: var.rsa_fields
And the link to exported fields also are mainly RSA fields, not cylance fields:
I wanted to confirm if others see the same thing and I wasn't sure where to post a documentation bug.
I agree it looks a bit weird, but currently there are not cylance fields defined, so indeed you can see only RSA fields. Feel free to open an enhancement issue for Beats. Thanks!
I have cylance and we're loading it into elastic. Is there a way I can be helpful in proposing the schema for cylance based on our data? I'm not too familiar with beats code, is there a place where there is a mapping table or regex (or grok) and I can compare it with our data?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.