Rename palo_alto module to panw (#12269)

Use of the original module name, palo_alto, is discouraged. The
preferred short form is PANW (acronym for Palo Alto Networks).

This patch renames the module and updates all that is necessary,
including docs and field names, which now are nested under `panw`
instead of `palo_alto`.

The fileset is also renamed, from `pan_os` to `panos`.

CHANGELOG.next.asciidoc

@@ -189,7 +189,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Add Filebeat envoyproxy module. {pull}11700[11700]
 - Add apache2(httpd) log path (`/var/log/httpd`) to make apache2 module work out of the box on Redhat-family OSes. {issue}11887[11887] {pull}11888[11888]
 - Add support to new MongoDB additional diagnostic information {pull}11952[11952]
-- New module `palo_alto` for Palo Alto Networks PAN-OS logs. {pull}11999[11999]
+- New module `panw` for Palo Alto Networks PAN-OS logs. {pull}11999[11999]
 - Add RabbitMQ module. {pull}12032[12032]
 - Add new `container` input. {pull}12162[12162]
 

filebeat/docs/fields.asciidoc

@@ -40,7 +40,7 @@ grouped in the following categories:
 * <<exported-fields-netflow-module>>
 * <<exported-fields-nginx>>
 * <<exported-fields-osquery>>
-* <<exported-fields-palo_alto>>
+* <<exported-fields-panw>>
 * <<exported-fields-postgresql>>
 * <<exported-fields-process>>
 * <<exported-fields-rabbitmq>>
@@ -11840,28 +11840,28 @@ String representation of the collection time, as formatted by osquery.
 
 --
 
-[[exported-fields-palo_alto]]
-== palo_alto fields
+[[exported-fields-panw]]
+== panw fields
 
 Module for Palo Alto Networks (PAN-OS)
 
 
 
 [float]
-== palo_alto fields
+== panw fields
 
-Fields from the palo_alto logs.
+Fields from the panw module.
 
 
 
 [float]
-== pan_os fields
+== panos fields
 
 Fields for the Palo Alto Networks PAN-OS logs.
 
 
 
-*`palo_alto.pan_os.ruleset`*::
+*`panw.panos.ruleset`*::
 +
 --
 type: keyword
@@ -11878,7 +11878,7 @@ Fields to extend the top-level source object.
 
 
 
-*`palo_alto.pan_os.source.zone`*::
+*`panw.panos.source.zone`*::
 +
 --
 type: keyword
@@ -11888,7 +11888,7 @@ Source zone for this session.
 
 --
 
-*`palo_alto.pan_os.source.interface`*::
+*`panw.panos.source.interface`*::
 +
 --
 type: keyword
@@ -11905,7 +11905,7 @@ Post-NAT source address, if source NAT is performed.
 
 
 
-*`palo_alto.pan_os.source.nat.ip`*::
+*`panw.panos.source.nat.ip`*::
 +
 --
 type: ip
@@ -11915,7 +11915,7 @@ Post-NAT source IP.
 
 --
 
-*`palo_alto.pan_os.source.nat.port`*::
+*`panw.panos.source.nat.port`*::
 +
 --
 type: long
@@ -11932,7 +11932,7 @@ Fields to extend the top-level destination object.
 
 
 
-*`palo_alto.pan_os.destination.zone`*::
+*`panw.panos.destination.zone`*::
 +
 --
 type: keyword
@@ -11942,7 +11942,7 @@ Destination zone for this session.
 
 --
 
-*`palo_alto.pan_os.destination.interface`*::
+*`panw.panos.destination.interface`*::
 +
 --
 type: keyword
@@ -11959,7 +11959,7 @@ Post-NAT destination address, if destination NAT is performed.
 
 
 
-*`palo_alto.pan_os.destination.nat.ip`*::
+*`panw.panos.destination.nat.ip`*::
 +
 --
 type: ip
@@ -11969,7 +11969,7 @@ Post-NAT destination IP.
 
 --
 
-*`palo_alto.pan_os.destination.nat.port`*::
+*`panw.panos.destination.nat.port`*::
 +
 --
 type: long
@@ -11986,7 +11986,7 @@ Fields to extend the top-level network object.
 
 
 
-*`palo_alto.pan_os.network.pcap_id`*::
+*`panw.panos.network.pcap_id`*::
 +
 --
 type: keyword
@@ -11997,7 +11997,7 @@ Packet capture ID for a threat.
 --
 
 
-*`palo_alto.pan_os.network.nat.community_id`*::
+*`panw.panos.network.nat.community_id`*::
 +
 --
 type: keyword
@@ -12014,7 +12014,7 @@ Fields to extend the top-level file object.
 
 
 
-*`palo_alto.pan_os.file.hash`*::
+*`panw.panos.file.hash`*::
 +
 --
 type: keyword
@@ -12031,7 +12031,7 @@ Fields to extend the top-level url object.
 
 
 
-*`palo_alto.pan_os.url.category`*::
+*`panw.panos.url.category`*::
 +
 --
 type: keyword
@@ -12041,7 +12041,7 @@ For threat URLs, it's the URL category. For WildFire, the verdict on the file an
 
 --
 
-*`palo_alto.pan_os.flow_id`*::
+*`panw.panos.flow_id`*::
 +
 --
 type: keyword
@@ -12051,7 +12051,7 @@ Internal numeric identifier for each session.
 
 --
 
-*`palo_alto.pan_os.sequence_number`*::
+*`panw.panos.sequence_number`*::
 +
 --
 type: long
@@ -12061,7 +12061,7 @@ Log entry identifier that is incremented sequentially. Unique for each log type.
 
 --
 
-*`palo_alto.pan_os.threat.resource`*::
+*`panw.panos.threat.resource`*::
 +
 --
 type: keyword
@@ -12071,7 +12071,7 @@ URL or file name for a threat.
 
 --
 
-*`palo_alto.pan_os.threat.id`*::
+*`panw.panos.threat.id`*::
 +
 --
 type: keyword
@@ -12081,7 +12081,7 @@ Palo Alto Networks identifier for the threat.
 
 --
 
-*`palo_alto.pan_os.threat.name`*::
+*`panw.panos.threat.name`*::
 +
 --
 type: keyword

filebeat/docs/modules/palo_alto.asciidoc → filebeat/docs/modules/panw.asciidoc

@@ -2,10 +2,10 @@
 This file is generated! See scripts/docs_collector.py
 ////
 
-[[filebeat-module-palo_alto]]
+[[filebeat-module-panw]]
 [role="xpack"]
 
-:modulename: palo_alto
+:modulename: panw
 :has-dashboards: true
 
 == Palo Alto Networks module
@@ -29,7 +29,7 @@ include::../include/running-modules.asciidoc[]
 === ECS field mappings
 
 These are the PAN-OS to ECS field mappings as well as those fields still not
-in ECS that are added under the `palo_alto` prefix:
+in ECS that are added under the `panw.panos` prefix:
 
 .Traffic log mappings
 [options="header"]
@@ -42,21 +42,21 @@ in ECS that are added under the `palo_alto` prefix:
 | Generated Time | `@timestamp` |
 | Source IP | client.ip source.ip |
 | Destination IP | server.ip destination.ip |
-| NAT Source IP |  | palo_alto.source.nat.ip
-| NAT Destination IP |  | palo_alto.destination.nat.ip
-| Rule Name |  | palo_alto.ruleset
+| NAT Source IP |  | panw.panos.source.nat.ip
+| NAT Destination IP |  | panw.panos.destination.nat.ip
+| Rule Name |  | panw.panos.ruleset
 | Source User | client.user.name source.user.name |
 | Destination User | server.user.name destination.user.name |
 | Application | network.application |
-| Source Zone |  | palo_alto.source.zone
-| Destination Zone |  | palo_alto.destination.zone
-| Ingress Interface |  | palo_alto.source.interface
-| Egress Interface |  | palo_alto.destination.interface
-| Session ID |  | palo_alto.flow_id
+| Source Zone |  | panw.panos.source.zone
+| Destination Zone |  | panw.panos.destination.zone
+| Ingress Interface |  | panw.panos.source.interface
+| Egress Interface |  | panw.panos.destination.interface
+| Session ID |  | panw.panos.flow_id
 | Source Port | client.port source.port |
 | Destination Port | destination.port server.port |
-| NAT Source Port |  | palo_alto.source.nat.port
-| NAT Destination Port |  | palo_alto.destination.nat.port
+| NAT Source Port |  | panw.panos.source.nat.port
+| NAT Destination Port |  | panw.panos.destination.nat.port
 | Flags | labels |
 | Protocol | network.transport |
 | Action | event.outcome |
@@ -66,8 +66,8 @@ in ECS that are added under the `palo_alto` prefix:
 | Packets | network.packets |
 | Start Time | event.start |
 | Elapsed Time | event.duration |
-| Category |  | palo_alto.url.category
-| Sequence Number |  | palo_alto.sequence_number
+| Category |  | panw.panos.url.category
+| Sequence Number |  | panw.panos.sequence_number
 | Packets Sent | server.packets destination.packets |
 | Packets Received | client.packets source.packets |
 | Device Name | observer.hostname |
@@ -84,39 +84,39 @@ in ECS that are added under the `palo_alto` prefix:
 | Generated Time | `@timestamp` |
 | Source IP | client.ip source.ip |
 | Destination IP | server.ip destination.ip |
-| NAT Source IP |  | palo_alto.source.nat.ip
-| NAT Destination IP |  | palo_alto.destination.nat.ip
-| Rule Name |  | palo_alto.ruleset
+| NAT Source IP |  | panw.panos.source.nat.ip
+| NAT Destination IP |  | panw.panos.destination.nat.ip
+| Rule Name |  | panw.panos.ruleset
 | Source User | client.user.name source.user.name |
 | Destination User | server.user.name destination.user.name |
 | Application | network.application |
-| Source Zone |  | palo_alto.source.zone
-| Destination Zone |  | palo_alto.destination.zone
-| Ingress Interface |  | palo_alto.source.interface
-| Egress Interface |  | palo_alto.destination.interface
-| Session ID |  | palo_alto.flow_id
+| Source Zone |  | panw.panos.source.zone
+| Destination Zone |  | panw.panos.destination.zone
+| Ingress Interface |  | panw.panos.source.interface
+| Egress Interface |  | panw.panos.destination.interface
+| Session ID |  | panw.panos.flow_id
 | Source Port | client.port source.port |
 | Destination Port | destination.port server.port |
-| NAT Source Port |  | palo_alto.source.nat.port
-| NAT Destination Port |  | palo_alto.destination.nat.port
+| NAT Source Port |  | panw.panos.source.nat.port
+| NAT Destination Port |  | panw.panos.destination.nat.port
 | Flags | labels |
 | Protocol | network.transport |
 | Action | event.outcome |
-| Miscellaneous | url.original | palo_alto.threat_file_or_url
-| Threat ID |  | palo_alto.threat_id
-| Category |  | palo_alto.url.category
+| Miscellaneous | url.original | panw.panos.threat.resource
+| Threat ID |  | panw.panos.threat.id
+| Category |  | panw.panos.url.category
 | Severity | log.level |
 | Direction | network.direction |
 | Source Location | source.geo.country_iso_code |
 | Destination Location | destination.geo.country_iso_code |
-| PCAP_id |  | palo_alto.network.pcap_id
-| Filedigest |  | palo_alto.file.hash
+| PCAP_id |  | panw.panos.network.pcap_id
+| Filedigest |  | panw.panos.file.hash
 | User Agent | user_agent.original |
 | File Type | file.type |
 | X-Forwarded-For | network.forwarded_ip |
 | Referer | http.request.referer |
 | Sender | source.user.email |
-| Subject |  | palo_alto.subject
+| Subject |  | panw.panos.subject
 | Recipient | destination.user.email |
 | Device Name | observer.hostname |
 |==============
@@ -127,10 +127,10 @@ in ECS that are added under the `palo_alto` prefix:
 This module comes with two sample dashboards:
 
 [role="screenshot"]
-image::./images/filebeat-palo-alto-traffic.png[]
+image::./images/filebeat-panw-traffic.png[]
 
 [role="screenshot"]
-image::./images/filebeat-palo-alto-threat.png[]
+image::./images/filebeat-panw-threat.png[]
 
 include::../include/configuring-intro.asciidoc[]
 
@@ -139,25 +139,25 @@ it can also be configured to read logs from a file. See the following example.
 
 ["source","yaml",subs="attributes"]
 -----
-- module: palo_alto
-  pan_os:
+- module: panw
+  panos:
     enabled: true
     var.paths: ["/var/log/pan-os.log"]
     var.input: "file"
 -----
 
-:fileset_ex: pan_os
+:fileset_ex: panos
 
 include::../include/config-option-intro.asciidoc[]
 
 [float]
-==== `pan_os` fileset settings
+==== `panos` fileset settings
 
 Example config:
 
 [source,yaml]
 ----
-  pan_os:
+  panos:
     var.syslog_host: 0.0.0.0
     var.syslog_port: 514
 ----
@@ -186,5 +186,5 @@ NOTE: Ports below 1024 require {beatname_uc} to run as root.
 === Fields
 
 For a description of each field in the module, see the
-<<exported-fields-palo_alto,exported fields>> section.
+<<exported-fields-panw,exported fields>> section.
 

filebeat/docs/modules_list.asciidoc

@@ -22,7 +22,7 @@ This file is generated! See scripts/docs_collector.py
   * <<filebeat-module-netflow>>
   * <<filebeat-module-nginx>>
   * <<filebeat-module-osquery>>
-  * <<filebeat-module-palo_alto>>
+  * <<filebeat-module-panw>>
   * <<filebeat-module-postgresql>>
   * <<filebeat-module-rabbitmq>>
   * <<filebeat-module-redis>>
@@ -55,7 +55,7 @@ include::modules/nats.asciidoc[]
 include::modules/netflow.asciidoc[]
 include::modules/nginx.asciidoc[]
 include::modules/osquery.asciidoc[]
-include::modules/palo_alto.asciidoc[]
+include::modules/panw.asciidoc[]
 include::modules/postgresql.asciidoc[]
 include::modules/rabbitmq.asciidoc[]
 include::modules/redis.asciidoc[]