add one word to threat.yml

CHANGELOG.next.md

@@ -68,6 +68,7 @@ Thanks, you're awesome :-) -->
 
 * Swap `Location` and `Field Set` columns in `Field Reuse` table for better readability. #1472, #1476
 * Use a bullet points to list field reuses. #1473
+* Improve wording in `Threat` schema #1505
 
 <!-- All empty sections:
 

docs/field-details.asciidoc

@@ -7652,7 +7652,7 @@ example: `co.uk`
 
 Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework.
 
-These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service").
+These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* fields are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service").
 
 [discrete]
 ==== Threat Field Details

experimental/generated/beats/fields.ecs.yml

@@ -8171,10 +8171,10 @@
     description: "Fields to classify events and alerts according to a threat taxonomy\
       \ such as the MITRE ATT&CK\xAE framework.\nThese fields are for users to classify\
       \ alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy.\
-      \ The threat.tactic.* are meant to capture the high level category of the threat\
-      \ (e.g. \"impact\"). The threat.technique.* fields are meant to capture which\
-      \ kind of approach is used by this detected threat, to accomplish the goal (e.g.\
-      \ \"endpoint denial of service\")."
+      \ The threat.tactic.* fields are meant to capture the high level category of\
+      \ the threat (e.g. \"impact\"). The threat.technique.* fields are meant to capture\
+      \ which kind of approach is used by this detected threat, to accomplish the\
+      \ goal (e.g. \"endpoint denial of service\")."
     type: group
     fields:
     - name: enrichments

experimental/generated/ecs/ecs_nested.yml

@@ -14326,10 +14326,10 @@ threat:
   description: "Fields to classify events and alerts according to a threat taxonomy\
     \ such as the MITRE ATT&CK\xAE framework.\nThese fields are for users to classify\
     \ alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy.\
-    \ The threat.tactic.* are meant to capture the high level category of the threat\
-    \ (e.g. \"impact\"). The threat.technique.* fields are meant to capture which\
-    \ kind of approach is used by this detected threat, to accomplish the goal (e.g.\
-    \ \"endpoint denial of service\")."
+    \ The threat.tactic.* fields are meant to capture the high level category of the\
+    \ threat (e.g. \"impact\"). The threat.technique.* fields are meant to capture\
+    \ which kind of approach is used by this detected threat, to accomplish the goal\
+    \ (e.g. \"endpoint denial of service\")."
   fields:
     threat.enrichments:
       beta: This field is beta and subject to change.

generated/beats/fields.ecs.yml

@@ -5839,10 +5839,10 @@
     description: "Fields to classify events and alerts according to a threat taxonomy\
       \ such as the MITRE ATT&CK\xAE framework.\nThese fields are for users to classify\
       \ alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy.\
-      \ The threat.tactic.* are meant to capture the high level category of the threat\
-      \ (e.g. \"impact\"). The threat.technique.* fields are meant to capture which\
-      \ kind of approach is used by this detected threat, to accomplish the goal (e.g.\
-      \ \"endpoint denial of service\")."
+      \ The threat.tactic.* fields are meant to capture the high level category of\
+      \ the threat (e.g. \"impact\"). The threat.technique.* fields are meant to capture\
+      \ which kind of approach is used by this detected threat, to accomplish the\
+      \ goal (e.g. \"endpoint denial of service\")."
     type: group
     fields:
     - name: enrichments

generated/ecs/ecs_nested.yml

@@ -10204,10 +10204,10 @@ threat:
   description: "Fields to classify events and alerts according to a threat taxonomy\
     \ such as the MITRE ATT&CK\xAE framework.\nThese fields are for users to classify\
     \ alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy.\
-    \ The threat.tactic.* are meant to capture the high level category of the threat\
-    \ (e.g. \"impact\"). The threat.technique.* fields are meant to capture which\
-    \ kind of approach is used by this detected threat, to accomplish the goal (e.g.\
-    \ \"endpoint denial of service\")."
+    \ The threat.tactic.* fields are meant to capture the high level category of the\
+    \ threat (e.g. \"impact\"). The threat.technique.* fields are meant to capture\
+    \ which kind of approach is used by this detected threat, to accomplish the goal\
+    \ (e.g. \"endpoint denial of service\")."
   fields:
     threat.enrichments:
       beta: This field is beta and subject to change.

schemas/threat.yml

@@ -7,7 +7,7 @@
    Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework.
 
    These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a
-   common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat
+   common taxonomy. The threat.tactic.* fields are meant to capture the high level category of the threat
    (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by
    this detected threat, to accomplish the goal (e.g. "endpoint denial of service").