elastic
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 3 additions & 2 deletions b/‎Makefile‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎NOTICE.txt‎
Lines changed: 1 addition & 1 deletion b/‎NOTICE.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_already_running.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_already_running.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_exec.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_exec.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_exit.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_exit.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_fork.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_fork.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_gid_change.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_gid_change.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_session_id_change.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_session_id_change.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎custom_documentation/doc/endpoint/process/linux/linux_process_text_output.md‎
Lines changed: 2 additions & 0 deletions b/‎custom_documentation/doc/endpoint/process/linux/linux_process_text_output.md‎
Lines changed: 2 additions & 0 deletions
@@ -8,3 +8,4 @@ venv/
 vendor/
 generated/
 .DS_Store
+*.swp
@@ -1,8 +1,9 @@
 ROOT_DIR := $(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
 # we are intentionally pinning the ECS version here, when ecs releases a new version
 # we'll discuss whether we need to release a new package and bump the version here
-# cd3227cb3eb0de7e422aef90a64321ac68f7896e is 8.7-dev
-ECS_GIT_REF ?= cd3227cb3eb0de7e422aef90a64321ac68f7896e
+# 43a1a61a4a4db88e2de60da9019733610717ff7e is v8.10.0
+ECS_GIT_REF ?= 43a1a61a4a4db88e2de60da9019733610717ff7e
+
 
 # This variable specifies to location of the package-storage repo. It is used for automatically creating a PR
 # to release a new endpoint package. This can be overridden with the location on your file system using the config.mk
 
@@ -1,5 +1,5 @@
 Elastic Endpoint Package
-Copyright 2017-2019 Elasticsearch B.V.
+Copyright 2017-2023 Elasticsearch B.V.
 
 This product includes software developed at
 Elasticsearch, B.V. (https://www.elastic.co/).
@@ -181,6 +181,8 @@ This event is generated for a process that was already running before Endpoint's
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.user.id |
 
@@ -186,6 +186,8 @@ This event is generated when a process calls `exec()`.
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.user.id |
 
@@ -94,6 +94,8 @@ This event is generated when a process exits.
 | process.entry_leader.start |
 | process.entry_leader.supplemental_groups.id |
 | process.entry_leader.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.entry_leader.tty.char_device.major |
 | process.entry_leader.tty.char_device.minor |
 | process.entry_leader.user.id |
 
@@ -183,6 +183,8 @@ This event is generated when a new process is created using `fork()`.
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.user.id |
 
@@ -184,6 +184,8 @@ This event is generated when the group id changes for a process.
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.user.id |
 
@@ -181,6 +181,8 @@ This event is generated when a process's session id changes.
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.user.id |
 
@@ -182,6 +182,8 @@ This event is generated when a process generates text output.
 | process.start |
 | process.supplemental_groups.id |
 | process.supplemental_groups.name |
+| process.thread.capabilities.permitted |
+| process.thread.capabilities.effective |
 | process.tty.char_device.major |
 | process.tty.char_device.minor |
 | process.tty.columns |