Skip to content

[ECS] Update SEI packages to ECS 8.9 (Part 2) #7109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kcreddy merged 31 commits into from
Jul 31, 2023
Merged

[ECS] Update SEI packages to ECS 8.9 (Part 2) #7109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
091c93c
[cyberark_pta] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
404e68c
[cyberarkpas] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
d8fda9c
[cylance] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
02b6d9f
[darktrace] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
32945fd
[entityanalytics_okta] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
a4dbe5e
[f5_bigip] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
6d461c8
[fim] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
c7d8f38
[fireeye] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
3a069e3
[forcepoint_web] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
a241152
[forgerock] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
fc69c1b
[fortinet_forticlient] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
99a8014
[fortinet_fortiedr] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
b14d361
[fortinet_fortigate] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
06e00cf
[fortinet_fortimail] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
7a2306c
[fortinet_fortimanager] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
613c1c5
[gcp_pubsub] - update ECS to 8.9.0
kcreddy Jul 31, 2023
3465e2b
[github] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
b6310e1
[google_cloud_storage] - update ECS to 8.9.0
kcreddy Jul 31, 2023
951a647
[google_scc] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
870c2e7
[google_workspace] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
fe6cfcf
[hashicorp_vault] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
7c0776a
[hid_bravura_monitor] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
c8d6f59
[http_endpoint] - update ECS to 8.9.0
kcreddy Jul 31, 2023
03b2b75
[httpjson] - update ECS to 8.9.0
kcreddy Jul 31, 2023
cec3954
[imperva] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
b8de7be
[infoblox_bloxone_ddi] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
e53d22e
[infoblox_nios] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
0d5bc25
[iptables] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
2ef95fd
[jamf_compliance_reporter] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
e9c8996
[jumpcloud] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
1f68b6b
[juniper_srx] - update ECS to 8.9.0 from 8.8.0
kcreddy Jul 31, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion packages/cyberark_pta/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.8.0
reference: git@v8.9.0
5 changes: 5 additions & 0 deletions packages/cyberark_pta/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.4.0"
changes:
- description: Update package to ECS 8.9.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/7109
- version: "1.3.0"
changes:
- description: Update package to ECS 8.8.0.
Expand Down
2 changes: 1 addition & 1 deletion ...ark_pta/data_stream/events/_dev/test/pipeline/test-active-dormant-user.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"code": "26",
Expand Down
2 changes: 1 addition & 1 deletion ...rk_pta/data_stream/events/_dev/test/pipeline/test-suspected-cred-theft.json-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"code": "1",
Expand Down
2 changes: 1 addition & 1 deletion packages/cyberark_pta/data_stream/events/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Pipeline for CyberArk PTA
processors:
- set:
field: ecs.version
value: '8.8.0'
value: '8.9.0'
- set:
field: event.action
value: "{{cef.extensions.deviceCustomString5}}"
Expand Down
2 changes: 1 addition & 1 deletion packages/cyberark_pta/data_stream/events/sample_event.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"elastic_agent": {
"id": "61c2aa93-e34e-4412-bd9b-ce85257847de",
Expand Down
2 changes: 1 addition & 1 deletion packages/cyberark_pta/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ An example event for pta looks as following:
| destination.user.name.text | Multi-field of `destination.user.name`. | match_only_text |
| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword |
| event.action | The action captured by the event. This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. | keyword |
| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date |
| event.created | `event.created` contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from `@timestamp` in that `@timestamp` typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, `@timestamp` should be used. | date |
| event.dataset | Event dataset | constant_keyword |
| event.id | Unique ID to describe the event. | keyword |
| event.module | Event module | constant_keyword |
Expand Down
2 changes: 1 addition & 1 deletion packages/cyberark_pta/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: cyberark_pta
title: Cyberark Privileged Threat Analytics
version: "1.3.0"
version: "1.4.0"
description: Collect security logs from Cyberark PTA integration.
type: integration
format_version: 2.7.0
Expand Down
2 changes: 1 addition & 1 deletion packages/cyberarkpas/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.8.0
reference: git@v8.9.0
5 changes: 5 additions & 0 deletions packages/cyberarkpas/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "2.13.0"
changes:
- description: Update package to ECS 8.9.0.
type: enhancement
link: https://github.com/elastic/integrations/pull/7109
- version: "2.12.0"
changes:
- description: Convert visualizations to lens.
Expand Down
12 changes: 6 additions & 6 deletions ...rarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"ip": "10.0.1.20"
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down Expand Up @@ -87,7 +87,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down Expand Up @@ -154,7 +154,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down Expand Up @@ -222,7 +222,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down Expand Up @@ -289,7 +289,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down Expand Up @@ -357,7 +357,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add file category",
Expand Down
12 changes: 6 additions & 6 deletions ...kpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"ip": "10.0.1.20"
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down Expand Up @@ -87,7 +87,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down Expand Up @@ -154,7 +154,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down Expand Up @@ -222,7 +222,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down Expand Up @@ -290,7 +290,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down Expand Up @@ -358,7 +358,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update file category",
Expand Down
2 changes: 1 addition & 1 deletion ...kpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"ip": "10.0.1.20"
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "delete file category",
Expand Down
2 changes: 1 addition & 1 deletion ...s/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"ip": "10.0.1.20"
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "rename file",
Expand Down
2 changes: 1 addition & 1 deletion ...erarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"ip": "10.0.1.20"
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "rename file (cont.)",
Expand Down
2 changes: 1 addition & 1 deletion ...s/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "unlock file",
Expand Down
2 changes: 1 addition & 1 deletion ...kpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "cpm disable password",
Expand Down
2 changes: 1 addition & 1 deletion ...arkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "get user's details",
Expand Down
24 changes: 12 additions & 12 deletions ...ages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -95,7 +95,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -173,7 +173,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -251,7 +251,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -329,7 +329,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -407,7 +407,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -485,7 +485,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -564,7 +564,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -643,7 +643,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -722,7 +722,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -801,7 +801,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down Expand Up @@ -880,7 +880,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add user",
Expand Down
2 changes: 1 addition & 1 deletion ...s/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "update safe",
Expand Down
4 changes: 2 additions & 2 deletions ...ages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add safe",
Expand Down Expand Up @@ -80,7 +80,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add safe",
Expand Down
4 changes: 2 additions & 2 deletions ...es/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add folder",
Expand Down Expand Up @@ -85,7 +85,7 @@
}
},
"ecs": {
"version": "8.8.0"
"version": "8.9.0"
},
"event": {
"action": "add folder",
Expand Down
Loading