Fix system conflicts after version bump

# Conflicts:
#	packages/system/changelog.yml
#	packages/system/manifest.yml

Author: bmorelli25

.ci/Jenkinsfile

@@ -16,8 +16,8 @@ pipeline {
     JOB_GCS_BUCKET = 'beats-ci-temp'
     JOB_GCS_CREDENTIALS = 'beats-ci-gcs-plugin'
     JOB_GCS_EXT_CREDENTIALS = 'beats-ci-gcs-plugin-file-credentials'
-    ELASTIC_STACK_VERSION_PREV = "7.13.1-SNAPSHOT"
-    ELASTIC_STACK_VERSION_PREV_PREV = "7.13.0-SNAPSHOT"
+    ELASTIC_STACK_VERSION_PREV = "7.14.0-SNAPSHOT"
+    ELASTIC_STACK_VERSION_PREV_PREV = "7.13.4-SNAPSHOT"
   }
   options {
     timeout(time: 2, unit: 'HOURS')
@@ -288,4 +288,4 @@ def getCoverageBucketURI() {
 
 def getCoveragePathPrefix() {
   return "${env.JOB_NAME}-${env.BUILD_ID}/test-coverage/"
-}
+}

packages/system/changelog.yml

@@ -4,6 +4,11 @@
     - description: Update integration description
       type: enhancement
       link: https://github.com/elastic/integrations/pull/1364
+- version: "1.0.1"
+  changes:
+    - description: Move visualizations to cpu.norm.pct
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/1358
 - version: "1.0.0"
   changes:
     - description: GA the system module

packages/system/kibana/visualization/system-7cdb1330-4d1a-11e7-a196-69b9a7a020a9.json

@@ -30,7 +30,7 @@
                     "id": "1",
                     "params": {
                         "customLabel": "CPU usage",
-                        "field": "system.cpu.user.pct"
+                        "field": "system.cpu.user.norm.pct"
                     },
                     "schema": "metric",
                     "type": "avg"

packages/system/kibana/visualization/system-83e12df0-1b91-11e7-bec4-a5e9ec5cab8b.json

@@ -61,12 +61,12 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.user.pct",
+                                "field": "system.cpu.user.norm.pct",
                                 "id": "4c9e2552-1b91-11e7-bec4-a5e9ec5cab8b",
                                 "type": "avg"
                             },
                             {
-                                "field": "system.cpu.system.pct",
+                                "field": "system.cpu.system.norm.pct",
                                 "id": "225c2140-5fd7-11e7-a63a-a937b7c1a7e1",
                                 "type": "avg"
                             },

packages/system/kibana/visualization/system-855899e0-1b1c-11e7-b09e-037021c4f8df.json

@@ -57,7 +57,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.user.pct",
+                                "field": "system.cpu.user.norm.pct",
                                 "id": "31e5afa2-1b1c-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }

packages/system/kibana/visualization/system-ab2d1e90-1b1a-11e7-b09e-037021c4f8df.json

@@ -37,7 +37,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.user.pct",
+                                "field": "system.cpu.user.norm.pct",
                                 "id": "80a04952-1b19-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }
@@ -59,7 +59,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.system.pct",
+                                "field": "system.cpu.system.norm.pct",
                                 "id": "993acf31-1b19-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }
@@ -81,7 +81,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.nice.pct",
+                                "field": "system.cpu.nice.norm.pct",
                                 "id": "65ca5cf0-1b1a-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }
@@ -103,7 +103,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.irq.pct",
+                                "field": "system.cpu.irq.norm.pct",
                                 "id": "741b5f21-1b1a-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }
@@ -125,7 +125,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.softirq.pct",
+                                "field": "system.cpu.softirq.norm.pct",
                                 "id": "2efc5d41-1b1a-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }
@@ -147,7 +147,7 @@
                         "line_width": 1,
                         "metrics": [
                             {
-                                "field": "system.cpu.iowait.pct",
+                                "field": "system.cpu.iowait.norm.pct",
                                 "id": "ae644a31-1b19-11e7-b09e-037021c4f8df",
                                 "type": "avg"
                             }

packages/zerofox/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: [email protected]

packages/zerofox/_dev/build/docs/README.md

@@ -0,0 +1,13 @@
+# ZeroFox Cloud Platform Integration
+
+The ZeroFox Platform integration collects and parses data from the the ZeroFox Alert APIs.
+
+## Compatibility
+
+This integration supports the ZeroFox API v1.0
+
+### ZeroFox
+
+Contains alert data received from the ZeroFox Cloud Platform
+
+{{fields "alerts"}}

packages/zerofox/changelog.yml

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "0.1.0"
+  changes:
+    - description: initial release
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/971

packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json

@@ -0,0 +1,16 @@
+{
+    "events": [
+        {
+            "@timestamp": "2016-03-03T12:00:00.000Z",
+            "message": "{ \"alert_type\": \"search query\", \"logs\": [{ \"id\": 205171631, \"timestamp\": \"2021-04-29T18:56:52+00:00\", \"actor\": \"ZeroFox Platform Specialist\", \"subject\": \"\", \"action\": \"modify tags\" }, { \"id\": 205171630, \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\" } ], \"offending_content_url\": \"hxxp://abc.biz?entity=123456\", \"asset_term\": \"\", \"assignee\": \"\", \"entity\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }, \"entity_term\": \"\", \"content_created_at\": \"2017-01-10T11:00:00+00:00\", \"id\": 123456789, \"protected_account\": \"\", \"severity\": 4, \"perpetrator\": { \"name\": \"Concealed\", \"display_name\": \"Concealed\", \"id\": 123456789, \"url\": \"hxxp://abc.biz?entity=123456\", \"content\": \"Variation of protected domain abc.com found: abc.biz\", \"type\": \"page\", \"timestamp\": \"2017-01-10T11:00:00+00:00\", \"network\": \"domains\" },\"rule_group_id\": 457, \"metadata\": \"{}\", \"status\": \"Open\", \"timestamp\": \"2021-04-29T18:56:51+00:00\", \"rule_name\": \"Advanced Domain Analysis - Typosquat Match\", \"last_modified\": \"2021-04-29T18:56:52Z\", \"protected_locations\": \"\", \"darkweb_term\": \"\", \"business_network\": \"\", \"reviewed\": false, \"escalated\": false, \"network\": \"domains\", \"protected_social_object\": \"\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 38160, \"entity_account\": \"\", \"entity_email_receiver_id\": \"\", \"tags\": [], \"asset\": { \"id\": 123456, \"name\": \"abc.com\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1.jpg\", \"labels\": [{ \"id\": 17700, \"name\": \"Brand\" }], \"entity_group\": { \"id\": 2857, \"name\": \"Default\" } }  }"
+        },
+        {
+            "@timestamp": "2016-03-03T12:00:00.000Z",
+            "message": "{\"alert_type\": \"search query\", \"logs\": [{\"id\": 206587078, \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"actor\": \"\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"asset_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": {\"id\": 673804, \"name\": \"#darksocial\", \"deleted\": false }, \"content_created_at\": \"2021-05-06T13:29:27+00:00\", \"id\": 137814029, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 6830162495, \"username\": \"NOWMG\", \"display_name\": \"NOW Marketing Group\", \"account_number\": \"178236715\", \"destination_account_number\": \"178236715\", \"parent_post_number\": null, \"parent_post_url\": null, \"parent_post_account_number\": null, \"post_number\": \"1390297659475365894\", \"network\": \"twitter\", \"image\": \"https://pbs.twimg.com/profile_images/1356266220065009667/dTlGFDCM.jpg\", \"url\": \"https://twitter.com/NOWMG/status/1390297659475365894\", \"type\": \"post\", \"post_type\": \"post\", \"timestamp\": \"2021-05-06T13:29:27+00:00\"}, \"rule_group_id\": null, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-06T13:50:48+00:00\", \"rule_name\": \"Mentions\", \"last_modified\": \"2021-05-06T13:50:48Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": false, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": \"#darksocial\", \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 40816, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }"
+        },
+        {
+            "@timestamp": "2016-03-03T12:00:00.000Z",
+            "message": "{\"alert_type\": \"impersonating account\", \"logs\": [{\"id\": 206433935, \"timestamp\": \"2021-05-05T19:36:38+00:00\", \"actor\": \"[email protected]\", \"subject\": \"\", \"action\": \"review\"}, {\"id\": 206431230, \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"actor\": \"[email protected]\", \"subject\": \"\", \"action\": \"open\"} ], \"offending_content_url\": \"https://twitter.com/TheDarkSocial\", \"asset_term\": null, \"assignee\": \"\", \"entity\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entity_term\": null, \"content_created_at\": \"2014-08-09T16:00:16+00:00\", \"id\": 137731395, \"protected_account\": null, \"severity\": 1, \"perpetrator\": {\"id\": 958871039, \"username\": \"TheDarkSocial\", \"display_name\": \"Dark Social\", \"account_number\": \"2719621658\", \"image\": \"https://pbs.twimg.com/profile_images/498137972940603392/45HEzP-B.jpeg\", \"network\": \"twitter\", \"url\": \"https://twitter.com/TheDarkSocial\", \"type\": \"account\", \"timestamp\": \"2014-08-09T16:00:16+00:00\"}, \"rule_group_id\": 4, \"asset\": {\"id\": 1181330, \"name\": \"Dark Social\", \"image\": \"https://cdn.zerofox.com/media/entityimages/1bkyslxoujpytdallxdghafmkhpar5r58jqzsoojgjc9gs917au8uo7dehsfyrii.png\", \"labels\": [{\"id\": 2048750, \"name\": \"brand\"} ], \"entity_group\": {\"id\": 6444, \"name\": \"Default\"} }, \"entered_by\": \"[email protected]\", \"metadata\": \"\", \"status\": \"Open\", \"timestamp\": \"2021-05-05T19:22:00+00:00\", \"rule_name\": \"Impersonation - Name\", \"last_modified\": \"2021-05-05T19:36:38Z\", \"protected_locations\": null, \"darkweb_term\": null, \"business_network\": null, \"reviewed\": true, \"escalated\": false, \"network\": \"twitter\", \"protected_social_object\": null, \"notes\": \"\", \"reviews\": [], \"content_actions\": [], \"rule_id\": 32, \"entity_account\": null, \"entity_email_receiver_id\": null, \"tags\": [] }"
+        }
+    ]
+}

packages/zerofox/data_stream/alerts/_dev/test/pipeline/test-alert.json-config.yml

@@ -0,0 +1,5 @@
+dynamic_fields:
+  event.ingested: ".*"
+fields:
+  tags:
+    - preserve_original_event