diff --git a/packages/microsoft/_dev/build/build.yml b/packages/microsoft/_dev/build/build.yml index 08d85edcf9a..809e76063e9 100644 --- a/packages/microsoft/_dev/build/build.yml +++ b/packages/microsoft/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.0 diff --git a/packages/microsoft/changelog.yml b/packages/microsoft/changelog.yml index c37727bca60..75a549eab6b 100644 --- a/packages/microsoft/changelog.yml +++ b/packages/microsoft/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update to ECS 8.0.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/2591 - version: "1.1.1" changes: - description: Regenerate test files using the new GeoIP database diff --git a/packages/microsoft/data_stream/dhcp/_dev/test/pipeline/test-generated.log-expected.json b/packages/microsoft/data_stream/dhcp/_dev/test/pipeline/test-generated.log-expected.json index 0c19729b67c..92acca734ce 100644 --- a/packages/microsoft/data_stream/dhcp/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/microsoft/data_stream/dhcp/_dev/test/pipeline/test-generated.log-expected.json @@ -1,1201 +1,1201 @@ { "expected": [ { - "message": "%MSDHCP-905-50: 50,1/29/16,6:09:59,nnumqua,10.133.8.128,sse3269.invalid,01:00:5e:ce:bf:42,ventore,ivelitse,ritin,uredolor,tatemac", - "event": { - "ingested": "2021-12-14T14:48:14.226920579Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444619184Z" + }, + "message": "%MSDHCP-905-50: 50,1/29/16,6:09:59,nnumqua,10.133.8.128,sse3269.invalid,01:00:5e:ce:bf:42,ventore,ivelitse,ritin,uredolor,tatemac", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4257-11030: 11030,2/12/16,1:12:33,oremi,10.124.22.221,ciade5699.domain,umq,ntium,psaq,cer", - "event": { - "ingested": "2021-12-14T14:48:14.226923210Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444622420Z" }, + "message": "%MSDHCP-4257-11030: 11030,2/12/16,1:12:33,oremi,10.124.22.221,ciade5699.domain,umq,ntium,psaq,cer", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5634-62: 62,2/26/16,8:15:08,equepor,10.196.153.12,sequa6540.www5.localhost,01:00:5e:3a:fe:e3,mest", - "event": { - "ingested": "2021-12-14T14:48:14.226923711Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444623473Z" }, + "message": "%MSDHCP-5634-62: 62,2/26/16,8:15:08,equepor,10.196.153.12,sequa6540.www5.localhost,01:00:5e:3a:fe:e3,mest", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-363-11015: 11015,3/12/16,3:17:42,nci,10.103.162.55,orev6153.internal.domain,deF,sist,nnumqu,iatnu", - "event": { - "ingested": "2021-12-14T14:48:14.226924100Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444624391Z" }, + "message": "%MSDHCP-363-11015: 11015,3/12/16,3:17:42,nci,10.103.162.55,orev6153.internal.domain,deF,sist,nnumqu,iatnu", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4880-57: 57,3/26/16,10:20:16,quipexe,10.162.33.193,agn2581.www5.corp,01:00:5e:ad:16:77,", - "event": { - "ingested": "2021-12-14T14:48:14.226924471Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444625240Z" + }, + "message": "%MSDHCP-4880-57: 57,3/26/16,10:20:16,quipexe,10.162.33.193,agn2581.www5.corp,01:00:5e:ad:16:77,", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6962-57: 57,4/9/16,5:22:51,moenimi,10.156.15.206,enatus2114.mail.home,01:00:5e:33:84:66", - "event": { - "ingested": "2021-12-14T14:48:14.226924834Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444626097Z" + }, + "message": "%MSDHCP-6962-57: 57,4/9/16,5:22:51,moenimi,10.156.15.206,enatus2114.mail.home,01:00:5e:33:84:66", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5355-60: 60,4/24/16,12:25:25,ntex,10.1.118.72,proident2802.home,01:00:5e:69:9a:1a,eumiu", - "event": { - "ingested": "2021-12-14T14:48:14.226925210Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444626957Z" + }, + "message": "%MSDHCP-5355-60: 60,4/24/16,12:25:25,ntex,10.1.118.72,proident2802.home,01:00:5e:69:9a:1a,eumiu", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7417-15: 15,5/8/16,7:27:59,orisn,10.70.235.184,ofdeF7240.www.home,01:00:5e:a2:09:ea,tionulam,uameius,ratio,ptas,nevolu", - "event": { - "ingested": "2021-12-14T14:48:14.226925565Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444627802Z" }, + "message": "%MSDHCP-7417-15: 15,5/8/16,7:27:59,orisn,10.70.235.184,ofdeF7240.www.home,01:00:5e:a2:09:ea,tionulam,uameius,ratio,ptas,nevolu", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5162-59: 59,5/22/16,2:30:33,nci,10.86.118.154,amco5712.www5.localdomain,01:00:5e:35:c0:09,con,uia,quiavo,issusci,mol,taspe,mvolu,radip,tNequ,gelit,tatno", - "event": { - "ingested": "2021-12-14T14:48:14.226925925Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444628649Z" }, + "message": "%MSDHCP-5162-59: 59,5/22/16,2:30:33,nci,10.86.118.154,amco5712.www5.localdomain,01:00:5e:35:c0:09,con,uia,quiavo,issusci,mol,taspe,mvolu,radip,tNequ,gelit,tatno", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4141-10: 10,6/5/16,9:33:08,uam,10.5.62.63,llu4762.mail.localdomain,01:00:5e:f5:8e:0d", - "event": { - "ingested": "2021-12-14T14:48:14.226926983Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444629497Z" }, + "message": "%MSDHCP-4141-10: 10,6/5/16,9:33:08,uam,10.5.62.63,llu4762.mail.localdomain,01:00:5e:f5:8e:0d", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5408-15: 15,6/20/16,4:35:42,llumd,10.66.3.197,emaper2638.lan,01:00:5e:0b:42:ab,uaerat,boreet,onev,tenima,laboreet", - "event": { - "ingested": "2021-12-14T14:48:14.226927361Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444630387Z" + }, + "message": "%MSDHCP-5408-15: 15,6/20/16,4:35:42,llumd,10.66.3.197,emaper2638.lan,01:00:5e:0b:42:ab,uaerat,boreet,onev,tenima,laboreet", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5738-11008: 11008,7/4/16,11:38:16,ccaecat,10.58.0.245,uatDuis2964.test,veri,rsita,siutaliq,exercit", - "event": { - "ingested": "2021-12-14T14:48:14.226927843Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444631376Z" + }, + "message": "%MSDHCP-5738-11008: 11008,7/4/16,11:38:16,ccaecat,10.58.0.245,uatDuis2964.test,veri,rsita,siutaliq,exercit", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4243-25: 25,7/18/16,6:40:50,antium,10.103.246.190,iusmodt2597.api.domain,01:00:5e:8b:ba:06,ect,reetdolo,nrepreh,obeataev,lor", - "event": { - "ingested": "2021-12-14T14:48:14.226928233Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444632243Z" }, + "message": "%MSDHCP-4243-25: 25,7/18/16,6:40:50,antium,10.103.246.190,iusmodt2597.api.domain,01:00:5e:8b:ba:06,ect,reetdolo,nrepreh,obeataev,lor", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1579-11011: 11011,8/2/16,1:43:25,natura,10.163.217.10,untNequ5075.www5.domain,erep,iutal,dexe,urerep", - "event": { - "ingested": "2021-12-14T14:48:14.226928585Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444633095Z" }, + "message": "%MSDHCP-1579-11011: 11011,8/2/16,1:43:25,natura,10.163.217.10,untNequ5075.www5.domain,erep,iutal,dexe,urerep", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3971-56: 56,8/16/16,8:45:59,lorem,10.150.193.226,uidolore6237.internal.local,01:00:5e:42:6c:b4,suntinc,elits,llam,llamcorp,ari,eataevit,uptatev,uovol,dmi,olab,mquisnos", - "event": { - "ingested": "2021-12-14T14:48:14.226928945Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444633938Z" + }, + "message": "%MSDHCP-3971-56: 56,8/16/16,8:45:59,lorem,10.150.193.226,uidolore6237.internal.local,01:00:5e:42:6c:b4,suntinc,elits,llam,llamcorp,ari,eataevit,uptatev,uovol,dmi,olab,mquisnos", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2933-17: 17,8/30/16,3:48:33,tsed,10.111.61.181,incididu1896.example,01:00:5e:c9:5b:b2,", - "event": { - "ingested": "2021-12-14T14:48:14.226929298Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444634848Z" + }, + "message": "%MSDHCP-2933-17: 17,8/30/16,3:48:33,tsed,10.111.61.181,incididu1896.example,01:00:5e:c9:5b:b2,", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5393-11003: 11003,9/13/16,10:51:07,temsequ,10.111.27.193,idexea3181.www.local,tvol,moll,tatione,inB", - "event": { - "ingested": "2021-12-14T14:48:14.226929762Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444635805Z" }, + "message": "%MSDHCP-5393-11003: 11003,9/13/16,10:51:07,temsequ,10.111.27.193,idexea3181.www.local,tvol,moll,tatione,inB", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4171-16: 16,9/28/16,5:53:42,ntsuntin,10.153.112.62,imav3236.mail.domain,01:00:5e:e7:c7:cb", - "event": { - "ingested": "2021-12-14T14:48:14.226930121Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444636650Z" }, + "message": "%MSDHCP-4171-16: 16,9/28/16,5:53:42,ntsuntin,10.153.112.62,imav3236.mail.domain,01:00:5e:e7:c7:cb", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7290-32: 32,10/12/16,12:56:16,iam,10.98.34.185,ercit3947.api.local,01:00:5e:a4:f5:60,olupta,turveli,toccae,tatno,nido", - "event": { - "ingested": "2021-12-14T14:48:14.226930520Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444637491Z" }, + "message": "%MSDHCP-7290-32: 32,10/12/16,12:56:16,iam,10.98.34.185,ercit3947.api.local,01:00:5e:a4:f5:60,olupta,turveli,toccae,tatno,nido", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4125-53: 53,10/26/16,7:58:50,itlabori,10.252.112.103,usan6343.www5.domain,01:00:5e:10:76:60,ender", - "event": { - "ingested": "2021-12-14T14:48:14.226930872Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444638355Z" + }, + "message": "%MSDHCP-4125-53: 53,10/26/16,7:58:50,itlabori,10.252.112.103,usan6343.www5.domain,01:00:5e:10:76:60,ender", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5368-50: 50,11/10/16,3:01:24,atquovo,10.246.117.190,mquaera3924.www5.home,01:00:5e:b9:7e:b1", - "event": { - "ingested": "2021-12-14T14:48:14.226931236Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444639201Z" }, + "message": "%MSDHCP-5368-50: 50,11/10/16,3:01:24,atquovo,10.246.117.190,mquaera3924.www5.home,01:00:5e:b9:7e:b1", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4173-33: 33,11/24/16,10:03:59,undeo,10.82.52.233,atuse2703.localhost,01:00:5e:fa:2b:37", - "event": { - "ingested": "2021-12-14T14:48:14.226931598Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444640065Z" }, + "message": "%MSDHCP-4173-33: 33,11/24/16,10:03:59,undeo,10.82.52.233,atuse2703.localhost,01:00:5e:fa:2b:37", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5883-52: 52,12/8/16,5:06:33,ips,10.149.59.28,emporinc5075.internal.host,01:00:5e:37:14:9d,tessec", - "event": { - "ingested": "2021-12-14T14:48:14.226931956Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444640906Z" + }, + "message": "%MSDHCP-5883-52: 52,12/8/16,5:06:33,ips,10.149.59.28,emporinc5075.internal.host,01:00:5e:37:14:9d,tessec", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6446-36: 36,12/23/16,12:09:07,ist,10.169.144.147,onsequat2984.www5.domain,01:00:5e:59:a3:48,", - "event": { - "ingested": "2021-12-14T14:48:14.226932421Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444641877Z" + }, + "message": "%MSDHCP-6446-36: 36,12/23/16,12:09:07,ist,10.169.144.147,onsequat2984.www5.domain,01:00:5e:59:a3:48,", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-686-12: 12,1/6/17,7:11:41,nsequu,10.66.168.154,omm4276.www.example,01:00:5e:44:c4:69", - "event": { - "ingested": "2021-12-14T14:48:14.226932777Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444642763Z" + }, + "message": "%MSDHCP-686-12: 12,1/6/17,7:11:41,nsequu,10.66.168.154,omm4276.www.example,01:00:5e:44:c4:69", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2230-25: 25,1/20/17,2:14:16,torev,10.214.241.84,ctetura4886.www5.lan,01:00:5e:3a:d0:86,ita,ipi,rsitamet,lupt,xea,qua,luptatev,admi,modocons,elaudant,tinvol", - "event": { - "ingested": "2021-12-14T14:48:14.226933215Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444643630Z" }, + "message": "%MSDHCP-2230-25: 25,1/20/17,2:14:16,torev,10.214.241.84,ctetura4886.www5.lan,01:00:5e:3a:d0:86,ita,ipi,rsitamet,lupt,xea,qua,luptatev,admi,modocons,elaudant,tinvol", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6103-11018: 11018,2/3/17,9:16:50,lapariat,10.97.38.141,etM953.api.domain,xercitat,lpa,entsu,dun", - "event": { - "ingested": "2021-12-14T14:48:14.226933576Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444644482Z" }, + "message": "%MSDHCP-6103-11018: 11018,2/3/17,9:16:50,lapariat,10.97.38.141,etM953.api.domain,xercitat,lpa,entsu,dun", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-927-58: 58,2/18/17,4:19:24,itaut,10.33.140.180,umdolo7781.api.home,01:00:5e:24:f1:b2", - "event": { - "ingested": "2021-12-14T14:48:14.226933955Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444645335Z" + }, + "message": "%MSDHCP-927-58: 58,2/18/17,4:19:24,itaut,10.33.140.180,umdolo7781.api.home,01:00:5e:24:f1:b2", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4632-51: 51,3/4/17,11:21:59,fugi,10.119.185.63,imadmini2625.www5.localhost,01:00:5e:31:b9:65,dtem", - "event": { - "ingested": "2021-12-14T14:48:14.226934308Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444646198Z" }, + "message": "%MSDHCP-4632-51: 51,3/4/17,11:21:59,fugi,10.119.185.63,imadmini2625.www5.localhost,01:00:5e:31:b9:65,dtem", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5377-50: 50,3/18/17,6:24:33,stl,10.95.193.186,picia6119.mail.host,01:00:5e:60:77:c7,tinvol", - "event": { - "ingested": "2021-12-14T14:48:14.226934665Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444647041Z" }, + "message": "%MSDHCP-5377-50: 50,3/18/17,6:24:33,stl,10.95.193.186,picia6119.mail.host,01:00:5e:60:77:c7,tinvol", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5524-11019: 11019,4/2/17,1:27:07,moenimi,10.17.21.125,inv5716.mail.invalid,sequatur,uidolo,lumquido,nihi", - "event": { - "ingested": "2021-12-14T14:48:14.226935015Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444647890Z" }, + "message": "%MSDHCP-5524-11019: 11019,4/2/17,1:27:07,moenimi,10.17.21.125,inv5716.mail.invalid,sequatur,uidolo,lumquido,nihi", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5841-11021: 11021,4/16/17,8:29:41,nofdeF,10.73.69.75,uines6355.internal.localdomain,estqu,inibusBo,tat,tion", - "event": { - "ingested": "2021-12-14T14:48:14.226935369Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444648806Z" + }, + "message": "%MSDHCP-5841-11021: 11021,4/16/17,8:29:41,nofdeF,10.73.69.75,uines6355.internal.localdomain,estqu,inibusBo,tat,tion", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5705-52: 52,4/30/17,3:32:16,uasia,10.64.70.5,ici3995.lan,01:00:5e:4e:97:83,iscinge,atvol,umiur,imad,msequi", - "event": { - "ingested": "2021-12-14T14:48:14.226935716Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444649653Z" + }, + "message": "%MSDHCP-5705-52: 52,4/30/17,3:32:16,uasia,10.64.70.5,ici3995.lan,01:00:5e:4e:97:83,iscinge,atvol,umiur,imad,msequi", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1559-11020: 11020,5/14/17,10:34:50,deFinibu,10.45.25.68,rehender4535.www5.test,hil,atquovo,suntinc,xeac", - "event": { - "ingested": "2021-12-14T14:48:14.226936068Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444650507Z" + }, + "message": "%MSDHCP-1559-11020: 11020,5/14/17,10:34:50,deFinibu,10.45.25.68,rehender4535.www5.test,hil,atquovo,suntinc,xeac", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2228-20: 20,5/29/17,5:37:24,eli,10.28.127.218,pida2286.internal.home,01:00:5e:cc:0b:8f", - "event": { - "ingested": "2021-12-14T14:48:14.226936538Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444651468Z" }, + "message": "%MSDHCP-2228-20: 20,5/29/17,5:37:24,eli,10.28.127.218,pida2286.internal.home,01:00:5e:cc:0b:8f", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7427-11006: 11006,6/12/17,12:39:58,psaquae,10.68.93.6,mporain2624.www.localhost,iunt,temveleu,colabo,eme", - "event": { - "ingested": "2021-12-14T14:48:14.226936906Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444652318Z" }, + "message": "%MSDHCP-7427-11006: 11006,6/12/17,12:39:58,psaquae,10.68.93.6,mporain2624.www.localhost,iunt,temveleu,colabo,eme", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2991-16: 16,6/26/17,7:42:33,civeli,10.116.104.101,gnam2508.mail.example,01:00:5e:e1:73:47,maccusa", - "event": { - "ingested": "2021-12-14T14:48:14.226937266Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444653161Z" }, + "message": "%MSDHCP-2991-16: 16,6/26/17,7:42:33,civeli,10.116.104.101,gnam2508.mail.example,01:00:5e:e1:73:47,maccusa", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3458-11003: 11003,7/11/17,2:45:07,idex,10.192.110.182,tutla2716.www.domain,inesci,serror,aliqu,olupta", - "event": { - "ingested": "2021-12-14T14:48:14.226937620Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444654006Z" + }, + "message": "%MSDHCP-3458-11003: 11003,7/11/17,2:45:07,idex,10.192.110.182,tutla2716.www.domain,inesci,serror,aliqu,olupta", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2807-53: 53,7/25/17,9:47:41,ihilm,10.219.84.37,ercit2385.internal.home,01:00:5e:a0:cd:2f,iamquis", - "event": { - "ingested": "2021-12-14T14:48:14.226937993Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444654873Z" + }, + "message": "%MSDHCP-2807-53: 53,7/25/17,9:47:41,ihilm,10.219.84.37,ercit2385.internal.home,01:00:5e:a0:cd:2f,iamquis", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6972-11012: 11012,8/8/17,4:50:15,ittenbyC,10.148.153.201,conseq557.mail.lan,aaliquaU,ntor,lpaqui,sitame", - "event": { - "ingested": "2021-12-14T14:48:14.226938350Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444655717Z" }, + "message": "%MSDHCP-6972-11012: 11012,8/8/17,4:50:15,ittenbyC,10.148.153.201,conseq557.mail.lan,aaliquaU,ntor,lpaqui,sitame", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5040-24: 24,8/22/17,11:52:50,utla,10.103.118.137,oei5200.www5.invalid,01:00:5e:c7:b7:18", - "event": { - "ingested": "2021-12-14T14:48:14.226938701Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444656559Z" }, + "message": "%MSDHCP-5040-24: 24,8/22/17,11:52:50,utla,10.103.118.137,oei5200.www5.invalid,01:00:5e:c7:b7:18", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2026-02: 02,9/6/17,6:55:24,nnum,10.137.223.15,adol485.example,01:00:5e:81:99:6f,dol", - "event": { - "ingested": "2021-12-14T14:48:14.226939057Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444657405Z" + }, + "message": "%MSDHCP-2026-02: 02,9/6/17,6:55:24,nnum,10.137.223.15,adol485.example,01:00:5e:81:99:6f,dol", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4977-11019: 11019,9/20/17,1:57:58,que,10.213.147.241,etconse7424.internal.lan,lit,asun,estia,eaq", - "event": { - "ingested": "2021-12-14T14:48:14.226939404Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444658260Z" + }, + "message": "%MSDHCP-4977-11019: 11019,9/20/17,1:57:58,que,10.213.147.241,etconse7424.internal.lan,lit,asun,estia,eaq", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1180-11010: 11010,10/4/17,9:00:32,serunt,10.183.233.5,tMalor7410.www.localhost,eaq,amest,corp,modtemp", - "event": { - "ingested": "2021-12-14T14:48:14.226939751Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444659108Z" }, + "message": "%MSDHCP-1180-11010: 11010,10/4/17,9:00:32,serunt,10.183.233.5,tMalor7410.www.localhost,eaq,amest,corp,modtemp", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2628-11013: 11013,10/19/17,4:03:07,tNequepo,10.52.186.29,equat2243.www5.localdomain,ione,ihilmole,eriamea,amre", - "event": { - "ingested": "2021-12-14T14:48:14.226940102Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444659989Z" }, + "message": "%MSDHCP-2628-11013: 11013,10/19/17,4:03:07,tNequepo,10.52.186.29,equat2243.www5.localdomain,ione,ihilmole,eriamea,amre", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2949-11: 11,11/2/17,11:05:41,uptat,10.64.199.102,tmo1835.test,01:00:5e:35:a8:83,fugitse", - "event": { - "ingested": "2021-12-14T14:48:14.226940459Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444660928Z" }, + "message": "%MSDHCP-2949-11: 11,11/2/17,11:05:41,uptat,10.64.199.102,tmo1835.test,01:00:5e:35:a8:83,fugitse", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3331-54: 54,11/16/17,6:08:15,etMalor,10.196.143.87,quatD4191.local,01:00:5e:3b:7a:f1,sperna", - "event": { - "ingested": "2021-12-14T14:48:14.226940809Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444661842Z" + }, + "message": "%MSDHCP-3331-54: 54,11/16/17,6:08:15,etMalor,10.196.143.87,quatD4191.local,01:00:5e:3b:7a:f1,sperna", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7576-30: 30,12/1/17,1:10:49,tper,10.163.5.243,osqui3661.mail.domain,01:00:5e:1e:d6:07,texp", - "event": { - "ingested": "2021-12-14T14:48:14.226941161Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444662702Z" + }, + "message": "%MSDHCP-7576-30: 30,12/1/17,1:10:49,tper,10.163.5.243,osqui3661.mail.domain,01:00:5e:1e:d6:07,texp", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5037-11004: 11004,12/15/17,8:13:24,uela,10.194.114.58,ectio2175.www.localhost,ihilmo,radi,gel,lorsitam", - "event": { - "ingested": "2021-12-14T14:48:14.226941520Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444663539Z" }, + "message": "%MSDHCP-5037-11004: 11004,12/15/17,8:13:24,uela,10.194.114.58,ectio2175.www.localhost,ihilmo,radi,gel,lorsitam", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6385-1103: 1103,12/29/17,3:15:58,ris,10.212.42.224,liqui6106.internal.home,amvolu,eturadi,uamei,quisno", - "event": { - "ingested": "2021-12-14T14:48:14.226941873Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444664431Z" }, + "message": "%MSDHCP-6385-1103: 1103,12/29/17,3:15:58,ris,10.212.42.224,liqui6106.internal.home,amvolu,eturadi,uamei,quisno", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1747-11011: 11011,1/12/18,10:18:32,aliquam,10.244.144.198,eratv6205.internal.lan,reme,acommod,uaUteni,udantium", - "event": { - "ingested": "2021-12-14T14:48:14.226942341Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444665398Z" + }, + "message": "%MSDHCP-1747-11011: 11011,1/12/18,10:18:32,aliquam,10.244.144.198,eratv6205.internal.lan,reme,acommod,uaUteni,udantium", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6686-57: 57,1/27/18,5:21:06,stlabo,10.134.192.241,catc6134.localdomain,01:00:5e:5b:99:6c,magnid", - "event": { - "ingested": "2021-12-14T14:48:14.226942690Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444666266Z" + }, + "message": "%MSDHCP-6686-57: 57,1/27/18,5:21:06,stlabo,10.134.192.241,catc6134.localdomain,01:00:5e:5b:99:6c,magnid", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7582-17: 17,2/10/18,12:23:41,quiratio,10.62.191.18,tevelite245.mail.local,01:00:5e:78:a7:55,gnido", - "event": { - "ingested": "2021-12-14T14:48:14.226943061Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444667132Z" }, + "message": "%MSDHCP-7582-17: 17,2/10/18,12:23:41,quiratio,10.62.191.18,tevelite245.mail.local,01:00:5e:78:a7:55,gnido", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6036-50: 50,2/24/18,7:26:15,numqua,10.89.22.113,abo1637.mail.host,01:00:5e:ed:c2:f7", - "event": { - "ingested": "2021-12-14T14:48:14.226943436Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444667985Z" }, + "message": "%MSDHCP-6036-50: 50,2/24/18,7:26:15,numqua,10.89.22.113,abo1637.mail.host,01:00:5e:ed:c2:f7", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4949-11020: 11020,3/11/18,2:28:49,derit,10.90.86.89,piscin6866.internal.host,uptatema,intocc,liqu,eporr", - "event": { - "ingested": "2021-12-14T14:48:14.226943795Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444668837Z" }, + "message": "%MSDHCP-4949-11020: 11020,3/11/18,2:28:49,derit,10.90.86.89,piscin6866.internal.host,uptatema,intocc,liqu,eporr", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6418-59: 59,3/25/18,9:31:24,nofdeFin,10.67.38.204,idex6952.www.localhost,01:00:5e:69:58:0e,ecte,tinvolu,iurer,iciadese,quidolor,tessec,olupta,litse,icabo,itatio,uta", - "event": { - "ingested": "2021-12-14T14:48:14.226944157Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" }, + "event": { + "ingested": "2022-01-25T12:48:35.444669690Z" + }, + "message": "%MSDHCP-6418-59: 59,3/25/18,9:31:24,nofdeFin,10.67.38.204,idex6952.www.localhost,01:00:5e:69:58:0e,ecte,tinvolu,iurer,iciadese,quidolor,tessec,olupta,litse,icabo,itatio,uta", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4824-11010: 11010,4/8/18,4:33:58,volupt,10.158.237.92,riosamn7650.api.test,rcitati,eni,ionevo,ugiatnu", - "event": { - "ingested": "2021-12-14T14:48:14.226944515Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444670570Z" }, + "message": "%MSDHCP-4824-11010: 11010,4/8/18,4:33:58,volupt,10.158.237.92,riosamn7650.api.test,rcitati,eni,ionevo,ugiatnu", "tags": [ "preserve_original_event" ] }, - { - "message": "%MSDHCP-5368-60: 60,4/22/18,11:36:32,mnisi,10.107.168.60,ehen7519.www5.lan,01:00:5e:a7:ac:70,stquido,ommodico,ptas,pta,tetu", - "event": { - "ingested": "2021-12-14T14:48:14.226944872Z" - }, + { "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444671455Z" }, + "message": "%MSDHCP-5368-60: 60,4/22/18,11:36:32,mnisi,10.107.168.60,ehen7519.www5.lan,01:00:5e:a7:ac:70,stquido,ommodico,ptas,pta,tetu", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5740-24: 24,5/7/18,6:39:06,Nequepo,10.207.201.9,boree513.www.corp,01:00:5e:e2:17:79,reetdolo,smo,etcons,iusmodi,uamest", - "event": { - "ingested": "2021-12-14T14:48:14.226945298Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444672304Z" }, + "message": "%MSDHCP-5740-24: 24,5/7/18,6:39:06,Nequepo,10.207.201.9,boree513.www.corp,01:00:5e:e2:17:79,reetdolo,smo,etcons,iusmodi,uamest", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1842-11023: 11023,5/21/18,1:41:41,epte,10.20.147.134,aper5651.test,roi,niamqui,orem,sno", - "event": { - "ingested": "2021-12-14T14:48:14.226945660Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444673169Z" }, + "message": "%MSDHCP-1842-11023: 11023,5/21/18,1:41:41,epte,10.20.147.134,aper5651.test,roi,niamqui,orem,sno", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5263-11007: 11007,6/4/18,8:44:15,saute,10.213.145.202,inventor6088.www.invalid,quamni,iatisu,sec,cons", - "event": { - "ingested": "2021-12-14T14:48:14.226946009Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444674023Z" }, + "message": "%MSDHCP-5263-11007: 11007,6/4/18,8:44:15,saute,10.213.145.202,inventor6088.www.invalid,quamni,iatisu,sec,cons", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-510-20: 20,6/19/18,3:46:49,tae,10.14.81.228,aperiame1458.www5.local,01:00:5e:7e:22:1b", - "event": { - "ingested": "2021-12-14T14:48:14.226946364Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444674868Z" }, + "message": "%MSDHCP-510-20: 20,6/19/18,3:46:49,tae,10.14.81.228,aperiame1458.www5.local,01:00:5e:7e:22:1b", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4410-11003: 11003,7/3/18,10:49:23,itinvol,10.76.10.73,cipitlab6201.www5.example,ios,evolu,ersp,tquov", - "event": { - "ingested": "2021-12-14T14:48:14.226946736Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444675741Z" }, + "message": "%MSDHCP-4410-11003: 11003,7/3/18,10:49:23,itinvol,10.76.10.73,cipitlab6201.www5.example,ios,evolu,ersp,tquov", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4554-01: 01,7/17/18,5:51:58,osquira,10.220.5.143,com5308.api.domain,01:00:5e:55:ee:a4,reetdolo,norum,madmi,uidol,mporin", - "event": { - "ingested": "2021-12-14T14:48:14.226947082Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444676590Z" }, + "message": "%MSDHCP-4554-01: 01,7/17/18,5:51:58,osquira,10.220.5.143,com5308.api.domain,01:00:5e:55:ee:a4,reetdolo,norum,madmi,uidol,mporin", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3253-ID: ID,8/1/18,12:54:32,roid,10.226.199.190,Nemoenim2039.api.localhost,01:00:5e:f6:ba:65", - "event": { - "ingested": "2021-12-14T14:48:14.226947447Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444677453Z" }, + "message": "%MSDHCP-3253-ID: ID,8/1/18,12:54:32,roid,10.226.199.190,Nemoenim2039.api.localhost,01:00:5e:f6:ba:65", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1394-11000: 11000,8/15/18,7:57:06,itessequ,10.20.129.206,iquipe2458.api.host,modtemp,quovol,nve,remag", - "event": { - "ingested": "2021-12-14T14:48:14.226947800Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444678305Z" }, + "message": "%MSDHCP-1394-11000: 11000,8/15/18,7:57:06,itessequ,10.20.129.206,iquipe2458.api.host,modtemp,quovol,nve,remag", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5983-56: 56,8/29/18,2:59:40,tquiin,10.174.176.36,ovol3674.www5.host,01:00:5e:bb:1d:bf,str,idolore,pid,illoin,tanimid,umdo,natuse,gnamal,metMalo,ntexplic,archite", - "event": { - "ingested": "2021-12-14T14:48:14.226948153Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444679159Z" }, + "message": "%MSDHCP-5983-56: 56,8/29/18,2:59:40,tquiin,10.174.176.36,ovol3674.www5.host,01:00:5e:bb:1d:bf,str,idolore,pid,illoin,tanimid,umdo,natuse,gnamal,metMalo,ntexplic,archite", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7829-32: 32,9/12/18,10:02:15,asi,10.94.38.110,nisist2752.home,01:00:5e:c1:3c:48,exercita", - "event": { - "ingested": "2021-12-14T14:48:14.226948514Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444680008Z" }, + "message": "%MSDHCP-7829-32: 32,9/12/18,10:02:15,asi,10.94.38.110,nisist2752.home,01:00:5e:c1:3c:48,exercita", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2516-11007: 11007,9/27/18,5:04:49,oremeu,10.22.110.210,intoc1426.mail.lan,eeufugia,evit,runtm,molli", - "event": { - "ingested": "2021-12-14T14:48:14.226948876Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444680857Z" }, + "message": "%MSDHCP-2516-11007: 11007,9/27/18,5:04:49,oremeu,10.22.110.210,intoc1426.mail.lan,eeufugia,evit,runtm,molli", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-543-11006: 11006,10/11/18,12:07:23,eturadi,10.218.87.174,rsitvolu3751.mail.lan,olor,ineavo,pexe,niamqui", - "event": { - "ingested": "2021-12-14T14:48:14.226949233Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444681721Z" }, + "message": "%MSDHCP-543-11006: 11006,10/11/18,12:07:23,eturadi,10.218.87.174,rsitvolu3751.mail.lan,olor,ineavo,pexe,niamqui", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6846-11014: 11014,10/25/18,7:09:57,adeser,10.140.113.244,tqu4367.www5.localhost,quam,quid,fugiat,atisun", - "event": { - "ingested": "2021-12-14T14:48:14.226949597Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444682566Z" }, + "message": "%MSDHCP-6846-11014: 11014,10/25/18,7:09:57,adeser,10.140.113.244,tqu4367.www5.localhost,quam,quid,fugiat,atisun", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7741-1103: 1103,11/9/18,2:12:32,dmin,10.159.181.29,inci5738.www5.invalid,rnatur,ofdeFin,essequam,acommo", - "event": { - "ingested": "2021-12-14T14:48:14.226949954Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444683478Z" }, + "message": "%MSDHCP-7741-1103: 1103,11/9/18,2:12:32,dmin,10.159.181.29,inci5738.www5.invalid,rnatur,ofdeFin,essequam,acommo", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-18-11005: 11005,11/23/18,9:15:06,cusant,10.178.173.128,itecto1300.internal.corp,tut,ercita,ciadeser,emquia", - "event": { - "ingested": "2021-12-14T14:48:14.226950315Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444684326Z" }, + "message": "%MSDHCP-18-11005: 11005,11/23/18,9:15:06,cusant,10.178.173.128,itecto1300.internal.corp,tut,ercita,ciadeser,emquia", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6789-11015: 11015,12/7/18,4:17:40,uia,10.217.38.30,siut1579.www.domain,eFi,mexe,its,ender", - "event": { - "ingested": "2021-12-14T14:48:14.226950667Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444685172Z" }, + "message": "%MSDHCP-6789-11015: 11015,12/7/18,4:17:40,uia,10.217.38.30,siut1579.www.domain,eFi,mexe,its,ender", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1540-11014: 11014,12/21/18,11:20:14,edic,10.178.49.161,ame6223.www5.localhost,meius,billo,labo,oNemoeni", - "event": { - "ingested": "2021-12-14T14:48:14.226951149Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444688269Z" }, + "message": "%MSDHCP-1540-11014: 11014,12/21/18,11:20:14,edic,10.178.49.161,ame6223.www5.localhost,meius,billo,labo,oNemoeni", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2244-32: 32,1/5/19,6:22:49,stenatu,10.215.205.216,ratv5227.www.invalid,01:00:5e:fd:3d:c2,nts", - "event": { - "ingested": "2021-12-14T14:48:14.226951563Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444689151Z" }, + "message": "%MSDHCP-2244-32: 32,1/5/19,6:22:49,stenatu,10.215.205.216,ratv5227.www.invalid,01:00:5e:fd:3d:c2,nts", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5663-11025: 11025,1/19/19,1:25:23,ano,10.175.103.215,aturve1647.mail.localhost,uunturm,temUte,sit,olab", - "event": { - "ingested": "2021-12-14T14:48:14.226951919Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444689996Z" }, + "message": "%MSDHCP-5663-11025: 11025,1/19/19,1:25:23,ano,10.175.103.215,aturve1647.mail.localhost,uunturm,temUte,sit,olab", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6672-12: 12,2/2/19,8:27:57,enderi,10.236.150.115,umwrit5433.www5.domain,01:00:5e:ba:09:4a,tpersp", - "event": { - "ingested": "2021-12-14T14:48:14.226953653Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444690932Z" }, + "message": "%MSDHCP-6672-12: 12,2/2/19,8:27:57,enderi,10.236.150.115,umwrit5433.www5.domain,01:00:5e:ba:09:4a,tpersp", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6797-01: 01,2/17/19,3:30:32,oeni,10.223.90.192,llamco7206.www.home,01:00:5e:8f:35:71,orsit,asiar,ise,itau,apariat", - "event": { - "ingested": "2021-12-14T14:48:14.226954061Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444691816Z" }, + "message": "%MSDHCP-6797-01: 01,2/17/19,3:30:32,oeni,10.223.90.192,llamco7206.www.home,01:00:5e:8f:35:71,orsit,asiar,ise,itau,apariat", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4494-51: 51,3/3/19,10:33:06,dolore,10.165.192.48,nBCSedut1502.www5.example,01:00:5e:c7:c2:10,odoconse,emp,pisciv,lumdolor,nonp,labo,ulapar,aboreetd,hilm,llitanim,invo", - "event": { - "ingested": "2021-12-14T14:48:14.226954415Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444692674Z" }, + "message": "%MSDHCP-4494-51: 51,3/3/19,10:33:06,dolore,10.165.192.48,nBCSedut1502.www5.example,01:00:5e:c7:c2:10,odoconse,emp,pisciv,lumdolor,nonp,labo,ulapar,aboreetd,hilm,llitanim,invo", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7205-50: 50,3/17/19,5:35:40,ama,10.80.152.108,texpli2782.mail.domain,01:00:5e:27:0a:9d,", - "event": { - "ingested": "2021-12-14T14:48:14.226954775Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444693523Z" }, + "message": "%MSDHCP-7205-50: 50,3/17/19,5:35:40,ama,10.80.152.108,texpli2782.mail.domain,01:00:5e:27:0a:9d,", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5224-11011: 11011,4/1/19,12:38:14,liqua,10.192.21.74,aco6894.mail.home,emUteni,rum,gnaaliqu,teirured", - "event": { - "ingested": "2021-12-14T14:48:14.226955138Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444694367Z" }, + "message": "%MSDHCP-5224-11011: 11011,4/1/19,12:38:14,liqua,10.192.21.74,aco6894.mail.home,emUteni,rum,gnaaliqu,teirured", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5608-11019: 11019,4/15/19,7:40:49,bor,10.142.25.100,tetu2485.internal.invalid,nby,mve,osqui,sequat", - "event": { - "ingested": "2021-12-14T14:48:14.226955492Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444695214Z" }, + "message": "%MSDHCP-5608-11019: 11019,4/15/19,7:40:49,bor,10.142.25.100,tetu2485.internal.invalid,nby,mve,osqui,sequat", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3051-1098: 1098,4/29/19,2:43:23,ven,10.162.114.217,doloreme60.www5.localhost,evitaed,inimveni,dex,lor", - "event": { - "ingested": "2021-12-14T14:48:14.226955844Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444696056Z" }, + "message": "%MSDHCP-3051-1098: 1098,4/29/19,2:43:23,ven,10.162.114.217,doloreme60.www5.localhost,evitaed,inimveni,dex,lor", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2315-01: 01,5/13/19,9:45:57,amcorp,10.57.57.241,liqua6498.api.invalid,01:00:5e:d8:53:15,iduntu,ccaeca,niamq,lapariat,remagn,mquae,consequa,moenimi,olupt,oconsequ,edquiac", - "event": { - "ingested": "2021-12-14T14:48:14.226956193Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444696928Z" }, + "message": "%MSDHCP-2315-01: 01,5/13/19,9:45:57,amcorp,10.57.57.241,liqua6498.api.invalid,01:00:5e:d8:53:15,iduntu,ccaeca,niamq,lapariat,remagn,mquae,consequa,moenimi,olupt,oconsequ,edquiac", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2690-14: 14,5/28/19,4:48:31,quamest,10.152.28.171,rsita2628.www5.local,01:00:5e:7a:4c:6e,miu", - "event": { - "ingested": "2021-12-14T14:48:14.226956545Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444697771Z" }, + "message": "%MSDHCP-2690-14: 14,5/28/19,4:48:31,quamest,10.152.28.171,rsita2628.www5.local,01:00:5e:7a:4c:6e,miu", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6444-11001: 11001,6/11/19,11:51:06,mex,10.0.132.176,luptat7214.domain,lillum,remips,uisaute,imide", - "event": { - "ingested": "2021-12-14T14:48:14.226956899Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444698617Z" }, + "message": "%MSDHCP-6444-11001: 11001,6/11/19,11:51:06,mex,10.0.132.176,luptat7214.domain,lillum,remips,uisaute,imide", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-7037-11: 11,6/25/19,6:53:40,itesseq,10.125.134.213,tpersp2624.mail.example,01:00:5e:0b:fb:4a", - "event": { - "ingested": "2021-12-14T14:48:14.226957258Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444699466Z" }, + "message": "%MSDHCP-7037-11: 11,6/25/19,6:53:40,itesseq,10.125.134.213,tpersp2624.mail.example,01:00:5e:0b:fb:4a", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-6392-64: 64,7/10/19,1:56:14,mvolu,10.206.96.56,aincidu2687.mail.home,01:00:5e:80:9d:2c,", - "event": { - "ingested": "2021-12-14T14:48:14.226957627Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444700318Z" }, + "message": "%MSDHCP-6392-64: 64,7/10/19,1:56:14,mvolu,10.206.96.56,aincidu2687.mail.home,01:00:5e:80:9d:2c,", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5524-1098: 1098,7/24/19,8:58:48,lupta,10.22.187.69,amcor5091.internal.corp,nbyCi,tevel,usc,rem", - "event": { - "ingested": "2021-12-14T14:48:14.226957988Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444701169Z" }, + "message": "%MSDHCP-5524-1098: 1098,7/24/19,8:58:48,lupta,10.22.187.69,amcor5091.internal.corp,nbyCi,tevel,usc,rem", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1978-11019: 11019,8/7/19,4:01:23,atisund,10.2.128.234,ncidid5410.internal.domain,velite,teturad,perspici,itation", - "event": { - "ingested": "2021-12-14T14:48:14.226958345Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444702014Z" }, + "message": "%MSDHCP-1978-11019: 11019,8/7/19,4:01:23,atisund,10.2.128.234,ncidid5410.internal.domain,velite,teturad,perspici,itation", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5469-11024: 11024,8/21/19,11:03:57,porincid,10.223.160.140,nofd988.api.example,ilmol,eri,quunt,olori", - "event": { - "ingested": "2021-12-14T14:48:14.226958844Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444702856Z" }, + "message": "%MSDHCP-5469-11024: 11024,8/21/19,11:03:57,porincid,10.223.160.140,nofd988.api.example,ilmol,eri,quunt,olori", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2-11004: 11004,9/5/19,6:06:31,elit,10.137.14.180,borisnis6159.www5.localdomain,inven,eufugi,accusant,onse", - "event": { - "ingested": "2021-12-14T14:48:14.226959344Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444703707Z" }, + "message": "%MSDHCP-2-11004: 11004,9/5/19,6:06:31,elit,10.137.14.180,borisnis6159.www5.localdomain,inven,eufugi,accusant,onse", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-2859-59: 59,9/19/19,1:09:05,inibu,10.106.93.26,isetquas3096.home,01:00:5e:1b:92:a6", - "event": { - "ingested": "2021-12-14T14:48:14.226959934Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444704573Z" }, + "message": "%MSDHCP-2859-59: 59,9/19/19,1:09:05,inibu,10.106.93.26,isetquas3096.home,01:00:5e:1b:92:a6", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4924-11025: 11025,10/3/19,8:11:40,periam,10.192.182.230,dminima4348.mail.home,tame,naaliq,nte,ulpa", - "event": { - "ingested": "2021-12-14T14:48:14.226960376Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444705421Z" }, + "message": "%MSDHCP-4924-11025: 11025,10/3/19,8:11:40,periam,10.192.182.230,dminima4348.mail.home,tame,naaliq,nte,ulpa", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-1738-25: 25,10/18/19,3:14:14,loi,10.24.111.229,volupt2952.api.local,01:00:5e:64:62:d1,sequat,giatquov,tconsec,miurerep,toccaec,fugi,labo,nostrud,gnaal,qui,cupi", - "event": { - "ingested": "2021-12-14T14:48:14.226960746Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444706272Z" }, + "message": "%MSDHCP-1738-25: 25,10/18/19,3:14:14,loi,10.24.111.229,volupt2952.api.local,01:00:5e:64:62:d1,sequat,giatquov,tconsec,miurerep,toccaec,fugi,labo,nostrud,gnaal,qui,cupi", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-5282-60: 60,11/1/19,10:16:48,lores,10.45.253.103,uii5923.internal.home,01:00:5e:2f:ff:49,rcit,llamco,atu,untincul,ssecil", - "event": { - "ingested": "2021-12-14T14:48:14.226961104Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444707125Z" }, + "message": "%MSDHCP-5282-60: 60,11/1/19,10:16:48,lores,10.45.253.103,uii5923.internal.home,01:00:5e:2f:ff:49,rcit,llamco,atu,untincul,ssecil", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-3023-11023: 11023,11/15/19,5:19:22,atise,10.95.241.28,oluptas6981.www5.localhost,lor,Sedut,yCiceroi,quunt", - "event": { - "ingested": "2021-12-14T14:48:14.226961485Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444707973Z" }, + "message": "%MSDHCP-3023-11023: 11023,11/15/19,5:19:22,atise,10.95.241.28,oluptas6981.www5.localhost,lor,Sedut,yCiceroi,quunt", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4890-23: 23,11/30/19,12:21:57,dolore,10.84.32.178,vitaed4959.example,01:00:5e:11:45:1e,itaedict", - "event": { - "ingested": "2021-12-14T14:48:14.226961907Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444708837Z" }, + "message": "%MSDHCP-4890-23: 23,11/30/19,12:21:57,dolore,10.84.32.178,vitaed4959.example,01:00:5e:11:45:1e,itaedict", "tags": [ "preserve_original_event" ] }, { - "message": "%MSDHCP-4271-55: 55,12/14/19,7:24:31,ruredo,10.72.196.74,boreetdo1725.example,01:00:5e:01:2f:7d", - "event": { - "ingested": "2021-12-14T14:48:14.226962266Z" - }, "ecs": { - "version": "1.12.0" + "version": "8.0.0" + }, + "event": { + "ingested": "2022-01-25T12:48:35.444709693Z" }, + "message": "%MSDHCP-4271-55: 55,12/14/19,7:24:31,ruredo,10.72.196.74,boreetdo1725.example,01:00:5e:01:2f:7d", "tags": [ "preserve_original_event" ] diff --git a/packages/microsoft/data_stream/dhcp/agent/stream/log.yml.hbs b/packages/microsoft/data_stream/dhcp/agent/stream/log.yml.hbs index 5932a64e0d9..d68c848735f 100644 --- a/packages/microsoft/data_stream/dhcp/agent/stream/log.yml.hbs +++ b/packages/microsoft/data_stream/dhcp/agent/stream/log.yml.hbs @@ -19,7 +19,6 @@ fields: {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} - processors: {{#if processors}} {{processors}} @@ -830,7 +829,7 @@ processors: if (value != null && (result = fn(value))!== undefined) { evt.Put(FIELDS_PREFIX + dst, result); } else { - console.error(fn.name + " failed for '" + value + "'"); + console.debug(fn.name + " failed for '" + value + "'"); } }; } @@ -1042,8 +1041,8 @@ processors: "child_process": {to:[{field: "process.name", setter: fld_prio, prio: 1}]}, "city.dst": {to:[{field: "destination.geo.city_name", setter: fld_set}]}, "city.src": {to:[{field: "source.geo.city_name", setter: fld_set}]}, - "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "ddomain": {to:[{field: "destination.domain", setter: fld_prio, prio: 0}]}, "devicehostip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 2},{field: "related.ip", setter: fld_append}]}, "devicehostmac": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 0}]}, @@ -1101,11 +1100,11 @@ processors: "macaddr": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 2}]}, "messageid": {to:[{field: "event.code", setter: fld_prio, prio: 1}]}, "method": {to:[{field: "http.request.method", setter: fld_set}]}, - "msg": {to:[{field: "log.original", setter: fld_set}]}, + "msg": {to:[{field: "message", setter: fld_set}]}, "orig_ip": {convert: to_ip, to:[{field: "network.forwarded_ip", setter: fld_prio, prio: 1},{field: "related.ip", setter: fld_append}]}, "owner": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 6}]}, "packets": {convert: to_long, to:[{field: "network.packets", setter: fld_set}]}, - "parent_pid": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 0}]}, + "parent_pid": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 0}]}, "parent_pid_val": {to:[{field: "process.parent.title", setter: fld_set}]}, "parent_process": {to:[{field: "process.parent.name", setter: fld_prio, prio: 0}]}, "patient_fullname": {to:[{field: "user.full_name", setter: fld_prio, prio: 1}]}, @@ -1115,7 +1114,7 @@ processors: "port.trans.src": {convert: to_long, to:[{field: "source.nat.port", setter: fld_prio, prio: 1}]}, "process": {to:[{field: "process.name", setter: fld_prio, prio: 0}]}, "process_id": {convert: to_long, to:[{field: "process.pid", setter: fld_prio, prio: 0}]}, - "process_id_src": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 1}]}, + "process_id_src": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 1}]}, "process_src": {to:[{field: "process.parent.name", setter: fld_prio, prio: 1}]}, "product": {to:[{field: "observer.product", setter: fld_set}]}, "protocol": {to:[{field: "network.protocol", setter: fld_set}]}, @@ -1123,8 +1122,8 @@ processors: "rbytes": {convert: to_long, to:[{field: "destination.bytes", setter: fld_set}]}, "referer": {to:[{field: "http.request.referrer", setter: fld_prio, prio: 1}]}, "rulename": {to:[{field: "rule.name", setter: fld_set}]}, - "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "sbytes": {convert: to_long, to:[{field: "source.bytes", setter: fld_set}]}, "sdomain": {to:[{field: "source.domain", setter: fld_prio, prio: 0}]}, "service": {to:[{field: "service.name", setter: fld_prio, prio: 1}]}, @@ -2557,8 +2556,8 @@ processors: builder.Add(save_flags); builder.Add(strip_syslog_priority); builder.Add(chain1); - builder.Add(populate_fields); builder.Add(restore_flags); + builder.Add(populate_fields); var chain = builder.Build(); return { process: chain.Run, diff --git a/packages/microsoft/data_stream/dhcp/agent/stream/tcp.yml.hbs b/packages/microsoft/data_stream/dhcp/agent/stream/tcp.yml.hbs index 79f79b8bdca..eacb86508a5 100644 --- a/packages/microsoft/data_stream/dhcp/agent/stream/tcp.yml.hbs +++ b/packages/microsoft/data_stream/dhcp/agent/stream/tcp.yml.hbs @@ -16,7 +16,6 @@ fields: {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} - processors: {{#if processors}} {{processors}} @@ -827,7 +826,7 @@ processors: if (value != null && (result = fn(value))!== undefined) { evt.Put(FIELDS_PREFIX + dst, result); } else { - console.error(fn.name + " failed for '" + value + "'"); + console.debug(fn.name + " failed for '" + value + "'"); } }; } @@ -1039,8 +1038,8 @@ processors: "child_process": {to:[{field: "process.name", setter: fld_prio, prio: 1}]}, "city.dst": {to:[{field: "destination.geo.city_name", setter: fld_set}]}, "city.src": {to:[{field: "source.geo.city_name", setter: fld_set}]}, - "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "ddomain": {to:[{field: "destination.domain", setter: fld_prio, prio: 0}]}, "devicehostip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 2},{field: "related.ip", setter: fld_append}]}, "devicehostmac": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 0}]}, @@ -1098,11 +1097,11 @@ processors: "macaddr": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 2}]}, "messageid": {to:[{field: "event.code", setter: fld_prio, prio: 1}]}, "method": {to:[{field: "http.request.method", setter: fld_set}]}, - "msg": {to:[{field: "log.original", setter: fld_set}]}, + "msg": {to:[{field: "message", setter: fld_set}]}, "orig_ip": {convert: to_ip, to:[{field: "network.forwarded_ip", setter: fld_prio, prio: 1},{field: "related.ip", setter: fld_append}]}, "owner": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 6}]}, "packets": {convert: to_long, to:[{field: "network.packets", setter: fld_set}]}, - "parent_pid": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 0}]}, + "parent_pid": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 0}]}, "parent_pid_val": {to:[{field: "process.parent.title", setter: fld_set}]}, "parent_process": {to:[{field: "process.parent.name", setter: fld_prio, prio: 0}]}, "patient_fullname": {to:[{field: "user.full_name", setter: fld_prio, prio: 1}]}, @@ -1112,7 +1111,7 @@ processors: "port.trans.src": {convert: to_long, to:[{field: "source.nat.port", setter: fld_prio, prio: 1}]}, "process": {to:[{field: "process.name", setter: fld_prio, prio: 0}]}, "process_id": {convert: to_long, to:[{field: "process.pid", setter: fld_prio, prio: 0}]}, - "process_id_src": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 1}]}, + "process_id_src": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 1}]}, "process_src": {to:[{field: "process.parent.name", setter: fld_prio, prio: 1}]}, "product": {to:[{field: "observer.product", setter: fld_set}]}, "protocol": {to:[{field: "network.protocol", setter: fld_set}]}, @@ -1120,8 +1119,8 @@ processors: "rbytes": {convert: to_long, to:[{field: "destination.bytes", setter: fld_set}]}, "referer": {to:[{field: "http.request.referrer", setter: fld_prio, prio: 1}]}, "rulename": {to:[{field: "rule.name", setter: fld_set}]}, - "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "sbytes": {convert: to_long, to:[{field: "source.bytes", setter: fld_set}]}, "sdomain": {to:[{field: "source.domain", setter: fld_prio, prio: 0}]}, "service": {to:[{field: "service.name", setter: fld_prio, prio: 1}]}, @@ -2554,8 +2553,8 @@ processors: builder.Add(save_flags); builder.Add(strip_syslog_priority); builder.Add(chain1); - builder.Add(populate_fields); builder.Add(restore_flags); + builder.Add(populate_fields); var chain = builder.Build(); return { process: chain.Run, diff --git a/packages/microsoft/data_stream/dhcp/agent/stream/udp.yml.hbs b/packages/microsoft/data_stream/dhcp/agent/stream/udp.yml.hbs index 68c210405b4..a4e4b832dc3 100644 --- a/packages/microsoft/data_stream/dhcp/agent/stream/udp.yml.hbs +++ b/packages/microsoft/data_stream/dhcp/agent/stream/udp.yml.hbs @@ -16,7 +16,6 @@ fields: {{#contains "forwarded" tags}} publisher_pipeline.disable_host: true {{/contains}} - processors: {{#if processors}} {{processors}} @@ -827,7 +826,7 @@ processors: if (value != null && (result = fn(value))!== undefined) { evt.Put(FIELDS_PREFIX + dst, result); } else { - console.error(fn.name + " failed for '" + value + "'"); + console.debug(fn.name + " failed for '" + value + "'"); } }; } @@ -1039,8 +1038,8 @@ processors: "child_process": {to:[{field: "process.name", setter: fld_prio, prio: 1}]}, "city.dst": {to:[{field: "destination.geo.city_name", setter: fld_set}]}, "city.src": {to:[{field: "source.geo.city_name", setter: fld_set}]}, - "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "daddr": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "daddr_v6": {convert: to_ip, to:[{field: "destination.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "ddomain": {to:[{field: "destination.domain", setter: fld_prio, prio: 0}]}, "devicehostip": {convert: to_ip, to:[{field: "host.ip", setter: fld_prio, prio: 2},{field: "related.ip", setter: fld_append}]}, "devicehostmac": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 0}]}, @@ -1098,11 +1097,11 @@ processors: "macaddr": {convert: to_mac, to:[{field: "host.mac", setter: fld_prio, prio: 2}]}, "messageid": {to:[{field: "event.code", setter: fld_prio, prio: 1}]}, "method": {to:[{field: "http.request.method", setter: fld_set}]}, - "msg": {to:[{field: "log.original", setter: fld_set}]}, + "msg": {to:[{field: "message", setter: fld_set}]}, "orig_ip": {convert: to_ip, to:[{field: "network.forwarded_ip", setter: fld_prio, prio: 1},{field: "related.ip", setter: fld_append}]}, "owner": {to:[{field: "related.user", setter: fld_append},{field: "user.name", setter: fld_prio, prio: 6}]}, "packets": {convert: to_long, to:[{field: "network.packets", setter: fld_set}]}, - "parent_pid": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 0}]}, + "parent_pid": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 0}]}, "parent_pid_val": {to:[{field: "process.parent.title", setter: fld_set}]}, "parent_process": {to:[{field: "process.parent.name", setter: fld_prio, prio: 0}]}, "patient_fullname": {to:[{field: "user.full_name", setter: fld_prio, prio: 1}]}, @@ -1112,7 +1111,7 @@ processors: "port.trans.src": {convert: to_long, to:[{field: "source.nat.port", setter: fld_prio, prio: 1}]}, "process": {to:[{field: "process.name", setter: fld_prio, prio: 0}]}, "process_id": {convert: to_long, to:[{field: "process.pid", setter: fld_prio, prio: 0}]}, - "process_id_src": {convert: to_long, to:[{field: "process.ppid", setter: fld_prio, prio: 1}]}, + "process_id_src": {convert: to_long, to:[{field: "process.parent.pid", setter: fld_prio, prio: 1}]}, "process_src": {to:[{field: "process.parent.name", setter: fld_prio, prio: 1}]}, "product": {to:[{field: "observer.product", setter: fld_set}]}, "protocol": {to:[{field: "network.protocol", setter: fld_set}]}, @@ -1120,8 +1119,8 @@ processors: "rbytes": {convert: to_long, to:[{field: "destination.bytes", setter: fld_set}]}, "referer": {to:[{field: "http.request.referrer", setter: fld_prio, prio: 1}]}, "rulename": {to:[{field: "rule.name", setter: fld_set}]}, - "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, - "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_append},{field: "related.ip", setter: fld_append}]}, + "saddr": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, + "saddr_v6": {convert: to_ip, to:[{field: "source.ip", setter: fld_set},{field: "related.ip", setter: fld_append}]}, "sbytes": {convert: to_long, to:[{field: "source.bytes", setter: fld_set}]}, "sdomain": {to:[{field: "source.domain", setter: fld_prio, prio: 0}]}, "service": {to:[{field: "service.name", setter: fld_prio, prio: 1}]}, @@ -2554,8 +2553,8 @@ processors: builder.Add(save_flags); builder.Add(strip_syslog_priority); builder.Add(chain1); - builder.Add(populate_fields); builder.Add(restore_flags); + builder.Add(populate_fields); var chain = builder.Build(); return { process: chain.Run, diff --git a/packages/microsoft/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml index b5ad338c978..fe1e470f09b 100644 --- a/packages/microsoft/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft/data_stream/dhcp/elasticsearch/ingest_pipeline/default.yml @@ -8,7 +8,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '1.12.0' + value: '8.0.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/microsoft/data_stream/dhcp/fields/ecs.yml b/packages/microsoft/data_stream/dhcp/fields/ecs.yml index bf1d2ece2d0..1da8c39a341 100644 --- a/packages/microsoft/data_stream/dhcp/fields/ecs.yml +++ b/packages/microsoft/data_stream/dhcp/fields/ecs.yml @@ -110,8 +110,6 @@ name: http.request.referrer - external: ecs name: log.level -- external: ecs - name: log.original - external: ecs name: log.syslog.facility.code - external: ecs @@ -153,7 +151,7 @@ - external: ecs name: process.pid - external: ecs - name: process.ppid + name: process.parent.pid - external: ecs name: process.title - external: ecs diff --git a/packages/microsoft/data_stream/dhcp/sample_event.json b/packages/microsoft/data_stream/dhcp/sample_event.json new file mode 100644 index 00000000000..2c966ced2f4 --- /dev/null +++ b/packages/microsoft/data_stream/dhcp/sample_event.json @@ -0,0 +1,74 @@ +{ + "@timestamp": "2016-01-29T06:09:59.000Z", + "agent": { + "ephemeral_id": "58c793ae-7b18-450b-9966-6d0f5f6fd7ac", + "hostname": "docker-fleet-agent", + "id": "0a0be70a-90aa-494d-8be3-b06a8a05e08c", + "name": "docker-fleet-agent", + "type": "filebeat", + "version": "7.16.2" + }, + "data_stream": { + "dataset": "microsoft.dhcp", + "namespace": "ep", + "type": "logs" + }, + "ecs": { + "version": "1.12.0" + }, + "elastic_agent": { + "id": "0a0be70a-90aa-494d-8be3-b06a8a05e08c", + "snapshot": false, + "version": "7.16.2" + }, + "event": { + "agent_id_status": "verified", + "code": "11030", + "dataset": "microsoft.dhcp", + "ingested": "2022-01-25T10:07:48Z", + "timezone": "+00:00" + }, + "host": { + "hostname": "ciade5699.domain" + }, + "input": { + "type": "udp" + }, + "log": { + "source": { + "address": "172.19.0.4:45800" + } + }, + "observer": { + "product": "DHCP", + "type": "Application", + "vendor": "Microsoft" + }, + "related": { + "hosts": [ + "ciade5699.domain" + ], + "ip": [ + "10.124.22.221" + ] + }, + "rsa": { + "internal": { + "event_desc": "oremi", + "messageid": "11030" + }, + "time": { + "event_time": "2016-01-29T06:09:59.000Z" + } + }, + "source": { + "address": "ciade5699.domain", + "ip": [ + "10.124.22.221" + ] + }, + "tags": [ + "microsoft-dhcp", + "forwarded" + ] +} \ No newline at end of file diff --git a/packages/microsoft/docs/README.md b/packages/microsoft/docs/README.md index ae75dad25f3..ff3592f50cd 100644 --- a/packages/microsoft/docs/README.md +++ b/packages/microsoft/docs/README.md @@ -249,7 +249,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | Field | Description | Type | |---|---|---| | @timestamp | Event timestamp. | date | -| client.domain | Client domain. | keyword | +| client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | client.registered_domain | The highest registered client domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | client.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | | client.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword | @@ -273,7 +273,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | destination.as.organization.name | Organization name. | keyword | | destination.bytes | Bytes sent from the destination to the source. | long | -| destination.domain | Destination domain. | keyword | +| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | destination.geo.city_name | City name. | keyword | | destination.geo.country_name | Country name. | keyword | | destination.geo.location | Longitude and latitude. | geo_point | @@ -331,26 +331,25 @@ The `dhcp` dataset collects Microsoft DHCP logs. | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| http.request.method | HTTP request method. Prior to ECS 1.6.0 the following guidance was provided: "The field value must be normalized to lowercase for querying." As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0 | keyword | +| http.request.method | HTTP request method. The value should retain its casing from the original event. For example, `GET`, `get`, and `GeT` are all considered valid values for this field. | keyword | | http.request.referrer | Referrer for this HTTP request. | keyword | | input.type | Type of Filebeat input. | keyword | | log.file.path | Full path to the log file this event came from. | keyword | | log.flags | Flags for the log file. | keyword | | log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | | log.offset | Offset of the entry in the log file. | long | -| log.original | Deprecated for removal in next major version release. This field is superseded by `event.original`. This is the original log message and contains the full log message before splitting it up in multiple parts. In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. | keyword | | log.source.address | Source address from which the log event was read / sent from. | keyword | | log.syslog.facility.code | The Syslog numeric facility of the log event, if available. According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. | long | | log.syslog.priority | Syslog numeric priority of the event, if available. According to RFCs 5424 and 3164, the priority is 8 \* facility + severity. This number is therefore expected to contain a value between 0 and 191. | long | | log.syslog.severity.code | The Syslog numeric severity of the log event, if available. If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. | long | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | -| network.application | A name given to an application level protocol. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | -| network.protocol | L7 Network protocol name. ex. http, lumberjack, transport protocol. The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". | keyword | +| network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | | observer.egress.interface.name | Interface name as reported by the system. | keyword | | observer.ingress.interface.name | Interface name as reported by the system. | keyword | | observer.product | The product name of the observer. | keyword | @@ -359,9 +358,9 @@ The `dhcp` dataset collects Microsoft DHCP logs. | observer.version | Observer version. | keyword | | process.name | Process name. Sometimes called program name or similar. | keyword | | process.parent.name | Process name. Sometimes called program name or similar. | keyword | +| process.parent.pid | Process id. | long | | process.parent.title | Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. | keyword | | process.pid | Process id. | long | -| process.ppid | Parent process' pid. | long | | process.title | Process title. The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. | keyword | | related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword | | related.ip | All of the IPs seen on your event. | ip | @@ -1039,7 +1038,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | rsa.wireless.wlan_name | This key captures either WLAN number/name | keyword | | rsa.wireless.wlan_ssid | This key is used to capture the ssid of a Wireless Session | keyword | | rule.name | The name of the rule or signature generating the event. | keyword | -| server.domain | Server domain. | keyword | +| server.domain | The domain name of the server system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | server.registered_domain | The highest registered server domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | | server.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | | server.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword | @@ -1048,7 +1047,7 @@ The `dhcp` dataset collects Microsoft DHCP logs. | source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | source.as.organization.name | Organization name. | keyword | | source.bytes | Bytes sent from the source to the destination. | long | -| source.domain | Source domain. | keyword | +| source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | | source.geo.city_name | City name. | keyword | | source.geo.country_name | Country name. | keyword | | source.geo.location | Longitude and latitude. | geo_point | diff --git a/packages/microsoft/manifest.yml b/packages/microsoft/manifest.yml index 675f307289b..82269a86c1f 100644 --- a/packages/microsoft/manifest.yml +++ b/packages/microsoft/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft title: Microsoft -version: 1.1.1 +version: 1.2.0 description: Deprecated. Use a specific Microsoft package instead. categories: - "network"