Merge branch 'main' into feat/AddAutomationModulesToFormats

AWS/aws-cloudtrail/ingest/parser.yml

@@ -14,6 +14,7 @@ pipeline:
     external:
       name: grok.match
       properties:
+        raise_errors: false
         input_field: json_event.message.sourceIPAddress
         output_field: source
         pattern: "(%{IP:ip}|%{HOSTNAME:domain})"

AWS/aws-guardduty/ingest/parser.yml

@@ -13,6 +13,7 @@ pipeline:
     external:
       name: grok.match
       properties:
+        raise_errors: false
         input_field: json_event.message.type
         output_field: finding
         pattern: "%{DATA:threat_purpose}:%{DATA:affected_resource_type}/%{WORD:threat_family_name}(.%{DATA:detection_mecanism})?(!%{DATA:artifact})?"

Azure/azure-network-watcher/ingest/parser.yml

@@ -9,6 +9,7 @@ pipeline:
     external:
       name: grok.match
       properties:
+        raise_errors: false
         input_field: "{{json_event.message.get('flow.0')}}"
         output_field: result
         pattern: "%{NUMBER:timestamp},%{IP:source_ip},%{IP:destination_ip},%{NUMBER:source_port},%{NUMBER:destination_port},%{PROTOCOL:protocol},%{TRAFFICFLOW:traffic_flow},%{TRAFFICDECISION:traffic_decision}(|,(%{FLOWSTATE:flow_state}|),(%{INT:source_packets}|),(%{INT:source_bytes}|),(%{INT:destination_packets}|),(%{INT:destination_bytes}|))"

Azure/azure-windows/ingest/parser.yml

@@ -24,6 +24,7 @@ pipeline:
     external:
       name: grok.match
       properties:
+        raise_errors: false
         input_field: "{{parse_windows_event.message.EventData.SubjectUserName or parse_windows_event.message.EventData.User}}"
         output_field: result
         pattern: "(%{USER_WITH_DOMAIN}|%{GREEDYDATA:user_name})"
@@ -36,6 +37,7 @@ pipeline:
     external:
       name: kv.parse-kv
       properties:
+        raise_errors: false
         input_field: "{{parse_windows_event.message.EventData.Hashes | lower}}"
         output_field: result
         value_sep: "="