[Bug] "IPSEC NAT Traversal Port Activity" rules no longer work as index pattern is missing.
willemdh opened this issue · comments
Just checked some older rules and noticed the "IPSEC NAT Traversal Port Activity" rule stopped working for us since we migrated our data from the panw module from filebeat-*
to logs-panw.panos-*
=>
https://www.elastic.co/guide/en/security/current/ipsec-nat-traversal-port-activity.html
Could the rule please get a small update so logs-panw.panos-*
is added to the list of index patterns? The traffic data of our Palo Alto logs are a good datasource for this rule.
The query (event.dataset: network_traffic.flow or (event.category: (network or network_traffic))) and network.transport:udp and destination.port:4500
doesn't need to be changed.