WiFi: add a new wifi section

.github/ISSUE_TEMPLATE/bug_report.md

@@ -8,25 +8,10 @@ assignees: bud1979
 ---
 
 **Describe the bug**
-A clear and concise description of what the bug is.
+<!-- A clear and concise description of what the bug is -->
 
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
+**Optional: Suggested outcome**
+<!-- This is not required but can be helpful -->
 
 **Graylog Version (please complete the following information):**
-- Graylog Version: 
-- Elastic Version:
-- Mongo Version:
-- Illuminate Version:
-- OS:
- - Browser:
+- Schema version: 

source/schema/entities/alerts_derived.csv

@@ -1,3 +1,3 @@
 "Field Name", "Example Values", "Field Type", "Notes"
 "alert_severity", "critical, high, medium, low, informational", "keyword", "Severity of Alert"
-"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical"
+"alert_severity_level", "1-5", "byte", "Numeric representation of the severity rating of the source message: 1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical"

source/schema/entities/destination_derived.csv

@@ -6,4 +6,4 @@
 "destination_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case"
 "destination_priority","critical, high, medium, low","keyword","Future: from entity mapping"
 "destination_priority_level","1-4","byte","Numeric value representing the priority of the destination device, 1 = low, 2 = medium, 3 = high, 4 = critical"
-"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, desination_mac"
+"destination_reference","IPv4, IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: destination_ip, destination_hostname, destination_target, destination_vm_name, destination_mac"

source/schema/entities/event_derived.csv

@@ -1,4 +1,4 @@
 "Field Name", "Example Values", "Field Type", "Notes"
 "event_outcome","success, failure","keyword","The outcome (success/failure) of the action described by event_action."
 "event_severity","critical, high, medium, low, informational","keyword","This will be added by Illuminate Core if only the event_severity_level is defined. This can be mapped from vendor severity levels that do not use the same severity definitions."
-"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message:  1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical. This will be added by Illuminate core when only event_severity is defined."
+"event_severity_level","1-5","byte","Numeric representation of the severity rating of the source message:  1 = informational, 2 = low, 3 = medium, 4 = high, 5 = critical. This will be added by Illuminate core when only event_severity is defined."

source/schema/entities/source_derived.csv

@@ -6,4 +6,4 @@
 "source_mac","a0:b4:44:01:a9:d1","keyword","MAC address of host, colon-delimited and lower case"
 "source_priority","critical, high, medium, low","keyword","Future: from entity mapping"
 "source_priority_level","1-4","byte","Numeric value representing the priority of the source device, 1 = low, 2 = medium, 3 = high, 4 = critical"
-"source_reference","IPv4,IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: source_ip, source_hostname, source_vm_name, source_mac"
+"source_reference","IPv4,IPv6, hostname,fqdn","keyword (normalized:loweronly)","Automatically mapped from the following fields: source_ip, source_hostname, source_vm_name, source_mac"

source/schema/entities/user_derived.csv

@@ -3,4 +3,4 @@
 "user_name_mapped","Built in\Administrators","keyword (normalized:loweronly)","When a user identity or identities is mapped from a source outside of the message itself it is written to this field. This is where Windows well-known SIDs are resolved."
 "user_priority","critical, high, medium, low","keyword","Future: From entity mapping"
 "user_priority_level","1-4","byte","Numeric value representing the priority of the user account, 1 = low, 2 = medium, 3 = high, 4 = critical"
-"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”"
+"user_type","user, computer, well-known sid, group, {any vendor-provided value}","keyword","Experimental field ** This is still being researched - need to look at what winlogbeats/nxlog may provide in terms of SID resolution in different configurations, and consider different technologies use of “types”"

source/schema/entities/wifi.csv

@@ -0,0 +1,21 @@
+"Field Name", "Example Values", "Field Type", "Notes"
+"wifi_ssid","Guest_Access","keyword","The name of the broadcasted network."
+"wifi_frequency","2416","long","The f0 frequency for the selected band or channel frequency."
+"wifi_frequency_unit","MHz","keyword","The f0 frequency unit for the selected band or channel frequency."
+"wifi_channel","3","long","WiFi channels are smaller bands within WiFi frequency bands that are used by wireless networks to send and receive data."
+"wifi_band","2.4 GHz","keyword","The 802.11 standard provides several bands for WiFi use like 900 MHz, 2.4GHz, 5 GHz and others."
+"wifi_encryption","WPA","keyword","The selected encyption method, some other options are WEP, WPA2 or WPA3."
+"wifi_phy_mode","g","keyword","Sometimes called phy_type, other options range from 802.11 to 802.11be (WiFi 7)."
+"wifi_signal_strength","-57","long","Some vendors use the field name rssi in dbm."
+"wifi_signal_strength_unit","dbm","keyword","The unit for signal strength, some options are dBμV/m or dBm."
+"wifi_signal_to_noise","48","long","The signal to noise ratio."
+"wifi_signal_to_noise_unit","db","keyword","The unit for signal to noise ratio."
+"wifi_signal_to_noise_level","-90","long","The signal to noise level."
+"wifi_signal_to_noise_level_unit","dbm","keyword","The unit for signal to noise ratio level."
+"wifi_data_rate","400","long","The used data rate."
+"wifi_data_rate_unit","Mbps","keyword","The used data rate unit, Mbps,Mbp/s or Gbps,Gpb/s."
+"wifi_frame_type_value","0","keyword","Sometimes called fc_type."
+"wifi_frame_type_description","management","keyword","Sometimes called fc_type. Other options are management, control, extension and data frame type."
+"wifi_frame_subtype_value","0x08","keyword","Usually a number like 0x08 or 1000."
+"wifi_frame_subtype_description","beacon","keyword","The description of a code, e.g. 1000 is for beacon."
+"wifi_virtual_access_point","My_access_point","keyword","Virtual access point name."

source/schema/entities/wifi.rst

@@ -0,0 +1,11 @@
+WiFi Fields
+============
+
+ - For messages that are related to wireless connections.
+
+
+.. csv-table:: WiFi Fields
+   :file: wifi.csv
+   :widths: 10, 15, 10, 65
+   :header-rows: 1
+   :delim: ,