Sonicwall Global Category fixes, and add rule UUID (elastic#15853)

- Corrects the gcat (Global Category) mapping for Sonicwall messages.
- Corrects the event action for log event 36, which should be listed as packet-dropped.
- Added a new ecs field for rule.uuid that adds the rule UUID when it appears in the log. This makes it a little easier to identify rule hits, as the rule name (mapped to rule.id) can sometimes cover many rules, if they have the same name.

---------

Co-authored-by: Taylor Swanson <[email protected]>

Author: ppalmieri

packages/sonicwall_firewall/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.21.0"
+  changes:
+    - description: Global Category corrections, and a packet event correction
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/15853
 - version: "1.20.0"
   changes:
     - description: Preserve event.original on pipeline error.

packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-general.log-expected.json

@@ -2120,7 +2120,7 @@
                     "app": "49177",
                     "appName": "General HTTPS",
                     "dpi": "false",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -2226,7 +2226,7 @@
                     "app": "7927",
                     "code": "29",
                     "dpi": "true",
-                    "event_group_category": "System",
+                    "event_group_category": "Log",
                     "gcat": "2"
                 }
             },
@@ -2344,7 +2344,7 @@
                     "app": "7927",
                     "code": "15",
                     "dpi": "true",
-                    "event_group_category": "System",
+                    "event_group_category": "Log",
                     "gcat": "2"
                 }
             },
@@ -2454,7 +2454,7 @@
                     "app": "7927",
                     "code": "27",
                     "dpi": "true",
-                    "event_group_category": "System",
+                    "event_group_category": "Log",
                     "gcat": "2"
                 }
             },
@@ -2569,7 +2569,7 @@
                     "app": "5147",
                     "code": "27",
                     "dpi": "true",
-                    "event_group_category": "System",
+                    "event_group_category": "Log",
                     "gcat": "2"
                 }
             },
@@ -2684,7 +2684,7 @@
                     "app": "49202",
                     "appName": "General UDP",
                     "dpi": "false",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -2765,7 +2765,7 @@
             },
             "sonicwall": {
                 "firewall": {
-                    "event_group_category": "Log",
+                    "event_group_category": "Security Services",
                     "gcat": "3",
                     "ipscat": "ICMP Echo Reply",
                     "ipspri": "3",
@@ -2881,7 +2881,7 @@
                     "appid": "2900",
                     "code": "64",
                     "dpi": "true",
-                    "event_group_category": "System",
+                    "event_group_category": "Log",
                     "gcat": "2",
                     "ipscat": "N/A"
                 }
@@ -3082,7 +3082,7 @@
                     "app": "49330",
                     "appName": "Service iMesh",
                     "dpi": "false",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -3185,7 +3185,7 @@
                     "app": "49330",
                     "appName": "Service iMesh",
                     "dpi": "false",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -3290,7 +3290,7 @@
                     "app": "49169",
                     "appName": "General DNS",
                     "dpi": "false",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6",
                     "sess": "sslvpnc"
                 }

packages/sonicwall_firewall/data_stream/log/_dev/test/pipeline/test-nat.log-expected.json

@@ -64,7 +64,7 @@
             "sonicwall": {
                 "firewall": {
                     "app": "9",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -147,7 +147,7 @@
             "sonicwall": {
                 "firewall": {
                     "app": "9",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -231,7 +231,7 @@
             "sonicwall": {
                 "firewall": {
                     "app": "9",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },
@@ -310,7 +310,7 @@
             "sonicwall": {
                 "firewall": {
                     "app": "9",
-                    "event_group_category": "Firewall Settings",
+                    "event_group_category": "Network",
                     "gcat": "6"
                 }
             },