Merge pull request #1391 from SEKOIA-IO/fix/FortigateFields

Fortigate: reorder the fields for destination.domain
SEKOIA-IO · Dec 11, 2024 · f6b8b85 · f6b8b85
2 parents 65ab260 + 41472aa
commit f6b8b85
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Fortinet/fortigate/ingest/parser.yml b/Fortinet/fortigate/ingest/parser.yml
@@ -191,7 +191,7 @@ stages:
           event.action: "{{parsed_event.message.name or parsed_event.message.FTNTFGTaction or parsed_event.message.FortinetFortiGateaction or parsed_event.message.act or parsed_event.message.action or parsed_event.message.reason}}"
           destination.address: "{{parsed_event.message.dstip or parsed_event.message.dst}}"
           destination.bytes: "{{parsed_event.message.rcvdbyte or parsed_event.message.in}}"
-          destination.domain: "{{parsed_event.message.remotename or parsed_event.message.hostname or parsed_event.message.dhost}}"
+          destination.domain: "{{parsed_event.message.remotename or parsed_event.message.dhost or parsed_event.message.hostname}}"
           destination.mac: "{{parsed_event.message.dstmac}}"
           destination.nat.port: "{{parsed_event.message.destinationTranslatedPort}}"
           destination.packets: "{{parsed_event.message.rcvdpkt or parsed_event.message.FTNTFGTrcvpkt or parsed_event.message.FortinetFortiGatercvdpkt or parsed_event.message.get('Packets Received')}}"