Stage 2 changes for RFC 0018 - extending the threat.* field set#1438
Merged
ebeahan merged 4 commits intoelastic:masterfrom May 27, 2021
Merged
Stage 2 changes for RFC 0018 - extending the threat.* field set#1438ebeahan merged 4 commits intoelastic:masterfrom
threat.* field set#1438ebeahan merged 4 commits intoelastic:masterfrom
Conversation
djptek
reviewed
May 27, 2021
djptek
reviewed
May 27, 2021
Contributor
djptek
left a comment
djptek
left a comment
There was a problem hiding this comment.
Does threat.group.alias have to be an array or is a single keyword also permissible?
devonakerr
reviewed
May 27, 2021
devonakerr
left a comment
devonakerr
left a comment
There was a problem hiding this comment.
One open question to address diction, though I do not believe the implication of "should" versus "may" is a significant one. Both terms suggest an exception in which an array may not have multiple values.
Member
Author
|
"Should" is used because while Elasticsearch fields can have zero or more values by default, data sources and libraries producing ECS data need to distinguish between when a field only holds a single value vs. an array of possible values even if only one value is present sometimes ( The note in the field reference is to help users implementing ECS know when to use an array construct in their implementation. |
ebeahan
force-pushed
the
rfc/0018/stage-2-beta-implementation
branch
from
dd70bc8 to
6e2e32b
Compare
ebeahan
added a commit
to ebeahan/ecs
that referenced
this pull request
May 27, 2021
…astic#1438) # Conflicts: # experimental/generated/csv/fields.csv # generated/csv/fields.csv
ebeahan
added a commit
that referenced
this pull request
May 27, 2021
rylnd
added a commit
to rylnd/ecs
that referenced
this pull request
May 28, 2021
* master: Stage 2 changes for RFC 0018 - extending the `threat.*` field set (elastic#1438) Remove deprecated `host.user.*` fields (elastic#1439) Explicitly include user identifiers in `related.user` field description (elastic#1420) Set the merge date on RFC 0018 stage 2 (elastic#1429) [RFC] Extend Threat Fieldset - Stage 2 Proposal (elastic#1395) [Tooling] Add --exclude flag to Generator to support field removal testing (elastic#1411) Add `host.user.*` deprecation notice in field reuse description (elastic#1422) Stage 2 changes for RFC 0015 - `elf` header (elastic#1410) Stage 3 changes for RFC 0012 - `orchestrator` field set (elastic#1417) Support `match_only_text` in Go code generator (elastic#1418) Stage 3 Orchestrator RFC (elastic#1343) moving into folder (elastic#1416) removing use-cases (elastic#1405) removing --oss (elastic#1404) Set the merge date on RFC 0015 stage 2 (elastic#1409) Consolidate `Breaking changes` sections in `CHANGELOG.next` (elastic#1408) RFC-Stage-0: Proposal to add a "ticket" schema / field definition to ECS (elastic#1383) [RFC] `match_only_text` type migration - Stage 0 (elastic#1396) Client port is wrongly documented (elastic#1402) (elastic#1406)
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Apply changes from stage 2 extending the
threat.*header RFC (0018): #1395Docs preview of these changes