diff --git a/packages/carbon_black_cloud/_dev/build/build.yml b/packages/carbon_black_cloud/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/carbon_black_cloud/_dev/build/build.yml +++ b/packages/carbon_black_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 865d9b442e2..1036108f99c 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.1.1" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index 9f909602052..6a68f0318ac 100644 --- a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2021-01-04T23:25:58Z", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2020-11-17T22:02:16Z", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2021-01-04T22:22:42Z", diff --git a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 4692b0a9b01..a302659e9ed 100644 --- a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts. processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json index 075579c742b..7f73190e13c 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":1,\"highest_risk_score\":5.3,\"host_name\":\"DESKTOP-001\",\"last_sync_ts\":\"2022-02-14T08:32:37.105065Z\",\"name\":\"DESKTOP-001KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows Server 2019 Datacenter\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":137}" @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":2,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-002\",\"last_sync_ts\":\"2021-12-31T22:16:06.970164Z\",\"name\":\"DESKTOP-002KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19044\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":342}" @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":3,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-003\",\"last_sync_ts\":\"2022-02-03T15:27:28.681106Z\",\"name\":\"DESKTOP-003KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Enterprise\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18363\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":499}" @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":4,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-004\",\"last_sync_ts\":\"2022-01-06T03:51:45.460029Z\",\"name\":\"DESKTOP-004KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":885}" @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":5,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-005\",\"last_sync_ts\":\"2022-01-10T02:46:08.236117Z\",\"name\":\"DESKTOP-005KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":893}" @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":6,\"highest_risk_score\":6,\"host_name\":\"DESKTOP-006\",\"last_sync_ts\":\"2022-01-10T03:11:44.097219Z\",\"name\":\"DESKTOP-006KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":276}" @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":7,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-007\",\"last_sync_ts\":\"2022-01-11T08:41:31.573863Z\",\"name\":\"DESKTOP-007KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19043\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":542}" @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":8,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-008\",\"last_sync_ts\":\"2022-01-17T08:33:37.384932Z\",\"name\":\"DESKTOP-008KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":1770}" diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml index 56e9330ce12..5ded16ebb31 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - json: field: event.original target_field: json diff --git a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 5169f5fe617..23a0decfadf 100644 --- a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "16xxxxxxxxxx8ac7bd", @@ -51,7 +51,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "21xxxxxxxxxx93ff7c", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "28xxxxxxxxxx8ac7bd", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "34xxxxxxxxxxd9ccf9", @@ -159,7 +159,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "3axxxxxxxxxx2e5035", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "32xxxxxxxxxx189c6d", @@ -231,7 +231,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "a9xxxxxxxxxx4b3d2c", diff --git a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 95ae448bef1..ebf7661d618 100644 --- a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index 18f5ee6919d..4716e760d0c 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_KEY", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_WRITE_VALUE", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -504,7 +504,7 @@ "path": "c:\\windows\\system32\\fltlib.dll" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -625,7 +625,7 @@ "path": "c:\\windows\\system32\\dnsapi.dll" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -867,7 +867,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1067,7 +1067,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1162,7 +1162,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE", @@ -1260,7 +1260,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE", @@ -1362,7 +1362,7 @@ "port": 62909 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CONNECTION_CREATE", @@ -1470,7 +1470,7 @@ "port": 9716 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", @@ -1587,7 +1587,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_SCRIPT", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index 0b3eb810370..e4e39bfcb42 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json index 4c750bb15d9..b32c3bb334d 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -683,7 +683,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml index cb8a55f4636..06be0aa2afe 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud watchlist hit. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.kind value: event diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index 03539a47b41..4bc1096317a 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -402,7 +402,7 @@ An example event for `alert` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | @@ -641,7 +641,7 @@ An example event for `endpoint_event` looks as following: | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | | log.offset | Log offset | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | | process.command_line.text | Multi-field of `process.command_line`. | match_only_text | @@ -873,7 +873,7 @@ An example event for `watchlist_hit` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | @@ -1036,7 +1036,7 @@ An example event for `asset_vulnerability_summary` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index b9140548a07..4b00177d643 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.1.1" +version: "1.2.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 1cb7fc25d92..3578edfb852 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.4.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index fb49692bedb..89f1346840a 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -89,7 +89,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -127,7 +127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -590,7 +590,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -633,7 +633,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -748,7 +748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -791,7 +791,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -823,7 +823,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1000,7 +1000,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1032,7 +1032,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1082,7 +1082,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1220,7 +1220,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1257,7 +1257,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1528,7 +1528,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1565,7 +1565,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1601,7 +1601,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -1645,7 +1645,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1679,7 +1679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1731,7 +1731,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1808,7 +1808,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1916,7 +1916,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1952,7 +1952,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -1993,7 +1993,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2039,7 +2039,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2123,7 +2123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2194,7 +2194,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -2255,7 +2255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -2292,7 +2292,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -2328,7 +2328,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -2369,7 +2369,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2457,7 +2457,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -2501,7 +2501,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2551,7 +2551,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -2667,7 +2667,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2790,7 +2790,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2832,7 +2832,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2925,7 +2925,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -3016,7 +3016,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3063,7 +3063,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -3136,7 +3136,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -3177,7 +3177,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3223,7 +3223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -3265,7 +3265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -3309,7 +3309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -3444,7 +3444,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3542,7 +3542,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.childproc", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -3749,7 +3749,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3842,7 +3842,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -3888,7 +3888,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3942,7 +3942,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3989,7 +3989,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -4040,7 +4040,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.childproc", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.filemod", @@ -4167,7 +4167,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -4255,7 +4255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -4299,7 +4299,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4348,7 +4348,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -4396,7 +4396,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.filemod", @@ -4447,7 +4447,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 6b8cdb2e7c9..65c7b199ebf 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing CarbonBlack EDR logs processors: - set: field: ecs.version - value: 8.3.0 + value: '8.4.0' # Validate that the input document conforms to the expected format # to avoid repetitive checks. diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index 6ca362b2e87..38298446c11 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -303,7 +303,7 @@ An example event for `log` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Type of Filebeat input. | keyword | @@ -311,7 +311,7 @@ An example event for `log` looks as following: | log.flags | Flags for the log file. | keyword | | log.offset | Offset of the entry in the log file. | long | | log.source.address | Source address from which the log event was read / sent from. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.name | Custom name of the observer. This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. If no custom name is needed, the field can be left empty. | keyword | @@ -319,7 +319,7 @@ An example event for `log` looks as following: | observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | | observer.vendor | Vendor name of the observer. | keyword | | observer.version | Observer version. | keyword | -| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | | process.command_line.text | Multi-field of `process.command_line`. | match_only_text | | process.entity_id | Unique identifier for the process. The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. | keyword | @@ -343,7 +343,7 @@ An example event for `log` looks as following: | threat.indicator.file.hash.md5 | MD5 hash. | keyword | | threat.indicator.ip | Identifies a threat indicator as an IP address (irrespective of direction). | ip | | threat.indicator.port | Identifies a threat indicator as a port number (irrespective of direction). | long | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | | threat.indicator.url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | tls.client.ja3 | A hash that identifies clients based on how they perform an SSL/TLS handshake. | keyword | | tls.server.ja3s | A hash that identifies servers based on how they perform an SSL/TLS handshake. | keyword | diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 7f9f0eedd90..dd14ba9e92d 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: "1.4.0" +version: "1.5.0" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration diff --git a/packages/cef/_dev/build/build.yml b/packages/cef/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cef/_dev/build/build.yml +++ b/packages/cef/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 6f1d91b074e..217287f0bc6 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.2.1" changes: - description: Update package name and description to align with standard wording diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json index 77f2dd25ca4..c0db053c3b8 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json @@ -50,7 +50,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:016", @@ -129,7 +129,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:030", @@ -200,7 +200,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:044", @@ -279,7 +279,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:031", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json index 7a80996e520..a5fb51150f5 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json @@ -31,7 +31,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -146,7 +146,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -272,7 +272,7 @@ "ip": "192.168.1.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json index a49ee1778a5..02c76804e2d 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json @@ -77,7 +77,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Bypass", @@ -235,7 +235,7 @@ "ip": "::1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json index 8bc36f75b92..e2df8834f3e 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json @@ -88,7 +88,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "305012", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json index fc22abc9dd9..b7ed142165a 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json @@ -21,7 +21,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "0", @@ -66,7 +66,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "9005", @@ -122,7 +122,7 @@ "ip": "10.1.1.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Allow", @@ -213,7 +213,7 @@ "port": 67 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "70019", @@ -284,7 +284,7 @@ "ip": "192.168.1.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Refuse", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "70021", @@ -416,7 +416,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72714", @@ -474,7 +474,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72715", @@ -532,7 +532,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72716", @@ -589,7 +589,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "78002", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json index ff52dd0538d..7f2030856d7 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json @@ -28,7 +28,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blocked", @@ -86,7 +86,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -144,7 +144,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -202,7 +202,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -260,7 +260,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json index 5d17e684045..bde8532dfe1 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json @@ -56,7 +56,7 @@ "domain": "centos7" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Started", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json index d0487cfd2be..271d6753a11 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json @@ -19,7 +19,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "600", @@ -82,7 +82,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Delete", @@ -143,7 +143,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "detectOnly", @@ -231,7 +231,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Log", @@ -286,7 +286,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updated", @@ -379,7 +379,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "IDS:Reset", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "3002795", @@ -502,7 +502,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "5000000", diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 05a4f607013..01c4ed82c61 100644 --- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CEF logs. CEF decoding happens in the Agent. This perf processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - convert: field: event.id diff --git a/packages/cef/docs/README.md b/packages/cef/docs/README.md index 996ea05c7fd..03da14097bd 100644 --- a/packages/cef/docs/README.md +++ b/packages/cef/docs/README.md @@ -566,7 +566,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.egress.zone | Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. | keyword | | observer.hostname | Hostname of the observer. | keyword | diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index 59ed7ec93ba..f08e1eed96a 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: 2.2.1 +version: 2.3.0 release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration diff --git a/packages/checkpoint/_dev/build/build.yml b/packages/checkpoint/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/checkpoint/_dev/build/build.yml +++ b/packages/checkpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 98c0af27f97..e42226cd2a2 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.7.1" changes: - description: Fix handling of R81 fields. diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json index ac7b8506a6d..888c20e07e4 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2022-07-06T15:53:08.000Z", "checkpoint": {}, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-failed", @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logged-in", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json index 1a42e608908..1d053e0abd3 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json @@ -12,7 +12,7 @@ "packets": 30 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json index 96c19e2293d..b8bacc4ad15 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json @@ -13,7 +13,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -91,7 +91,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json index f7a9fb25eb6..9d5138ef564 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json @@ -6,7 +6,7 @@ "sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -41,7 +41,7 @@ "sys_message": "installed Standard" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -302,7 +302,7 @@ "status": "Finished" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -353,7 +353,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -439,7 +439,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -498,7 +498,7 @@ "status": "Started" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -549,7 +549,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -621,7 +621,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -685,7 +685,7 @@ "status": "Finished" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -722,7 +722,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -786,7 +786,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -937,7 +937,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", @@ -992,7 +992,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1061,7 +1061,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1130,7 +1130,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1199,7 +1199,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json index 98eb790aee5..c4595c01ed1 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json @@ -13,7 +13,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 21ec0c247d3..e0cc4219a19 100644 --- a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing checkpoint firewall logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index c0de8faf5e1..c9c43dfc879 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -611,7 +611,7 @@ An example event for `firewall` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.name | Name given by operators to sections of their network. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 079d9ebd120..fe11a1639a2 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 0aff02cbf6e..8c74634d90f 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.5.2" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 03359439d90..3f3848d737c 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -109,7 +109,7 @@ "port": 53500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -188,7 +188,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -249,7 +249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -372,7 +372,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -447,7 +447,7 @@ "port": 111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -530,7 +530,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -603,7 +603,7 @@ "port": 67 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -679,7 +679,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -746,7 +746,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -790,7 +790,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -849,7 +849,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -911,7 +911,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1032,7 +1032,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1167,7 +1167,7 @@ "port": 55225 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1255,7 +1255,7 @@ "port": 54839 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1334,7 +1334,7 @@ "port": 54230 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1411,7 +1411,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1481,7 +1481,7 @@ "port": 57006 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1554,7 +1554,7 @@ "port": 14322 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1627,7 +1627,7 @@ "port": 53356 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1713,7 +1713,7 @@ "port": 22638 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1800,7 +1800,7 @@ "port": 22638 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1880,7 +1880,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1954,7 +1954,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2022,7 +2022,7 @@ "port": 65020 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2378,7 +2378,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2452,7 +2452,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2525,7 +2525,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2604,7 +2604,7 @@ "port": 39222 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2677,7 +2677,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2729,7 +2729,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2788,7 +2788,7 @@ "port": 3452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2865,7 +2865,7 @@ "port": 6007 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2933,7 +2933,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 1985 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3087,7 +3087,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3129,7 +3129,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3178,7 +3178,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3255,7 +3255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3305,7 +3305,7 @@ "port": 2 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3380,7 +3380,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3450,7 +3450,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3511,7 +3511,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3572,7 +3572,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3633,7 +3633,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3711,7 +3711,7 @@ "port": 9101 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3803,7 +3803,7 @@ "port": 51635 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3880,7 +3880,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3947,7 +3947,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3997,7 +3997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4059,7 +4059,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4115,7 +4115,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4182,7 +4182,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4246,7 +4246,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4313,7 +4313,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4371,7 +4371,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4451,7 +4451,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4517,7 +4517,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4576,7 +4576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4648,7 +4648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4711,7 +4711,7 @@ "port": 23 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4794,7 +4794,7 @@ "port": 123123 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "bypass", @@ -4880,7 +4880,7 @@ "port": 514514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "drop", @@ -4957,7 +4957,7 @@ "port": 123412 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5039,7 +5039,7 @@ "port": 514514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5122,7 +5122,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "created", @@ -5194,7 +5194,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted", @@ -5274,7 +5274,7 @@ "port": 7777 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -5350,7 +5350,7 @@ "port": 7777 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5420,7 +5420,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5472,7 +5472,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5522,7 +5522,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5573,7 +5573,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5617,7 +5617,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5660,7 +5660,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5704,7 +5704,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5755,7 +5755,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5830,7 +5830,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6024,7 +6024,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6117,7 +6117,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6169,7 +6169,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6221,7 +6221,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6273,7 +6273,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index 741b94a1064..58bcc60068e 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -82,7 +82,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -158,7 +158,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -234,7 +234,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -310,7 +310,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -386,7 +386,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -462,7 +462,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -538,7 +538,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -614,7 +614,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -662,7 +662,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -738,7 +738,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-connected", @@ -814,7 +814,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-disconnected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index a30edfa1956..8d2acafcade 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -102,7 +102,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -247,7 +247,7 @@ "port": 57621 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -324,7 +324,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -452,7 +452,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -592,7 +592,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -663,7 +663,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -751,7 +751,7 @@ "port": 8080 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -852,7 +852,7 @@ "port": 9803 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -963,7 +963,7 @@ "port": 9803 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1080,7 +1080,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index 8712d6d5bd8..119535207e5 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -185,7 +185,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 5eed00a66b2..d53b28a5a66 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -97,7 +97,7 @@ "port": 1772 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 1758 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -262,7 +262,7 @@ "port": 1757 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -347,7 +347,7 @@ "port": 1755 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -432,7 +432,7 @@ "port": 1754 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -517,7 +517,7 @@ "port": 1752 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -602,7 +602,7 @@ "port": 1749 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -687,7 +687,7 @@ "port": 1750 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -772,7 +772,7 @@ "port": 1747 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -857,7 +857,7 @@ "port": 1742 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -942,7 +942,7 @@ "port": 1741 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1027,7 +1027,7 @@ "port": 1739 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1112,7 +1112,7 @@ "port": 1740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1197,7 +1197,7 @@ "port": 1738 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1282,7 +1282,7 @@ "port": 1756 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1367,7 +1367,7 @@ "port": 1737 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1452,7 +1452,7 @@ "port": 1736 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1537,7 +1537,7 @@ "port": 1765 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1621,7 +1621,7 @@ "port": 1188 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1704,7 +1704,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1784,7 +1784,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1872,7 +1872,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1952,7 +1952,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2035,7 +2035,7 @@ "port": 8257 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2118,7 +2118,7 @@ "port": 1773 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2197,7 +2197,7 @@ "port": 8258 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2280,7 +2280,7 @@ "port": 1774 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2364,7 +2364,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2448,7 +2448,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2528,7 +2528,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2612,7 +2612,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2695,7 +2695,7 @@ "port": 8259 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2778,7 +2778,7 @@ "port": 1775 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2857,7 +2857,7 @@ "port": 1189 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2940,7 +2940,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3104,7 +3104,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3188,7 +3188,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3271,7 +3271,7 @@ "port": 8265 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3354,7 +3354,7 @@ "port": 1452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3438,7 +3438,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3522,7 +3522,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3602,7 +3602,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3686,7 +3686,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3769,7 +3769,7 @@ "port": 8266 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3852,7 +3852,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3932,7 +3932,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4021,7 +4021,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4101,7 +4101,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4185,7 +4185,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4268,7 +4268,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4351,7 +4351,7 @@ "port": 1454 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4430,7 +4430,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4513,7 +4513,7 @@ "port": 1455 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4592,7 +4592,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4675,7 +4675,7 @@ "port": 1456 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4759,7 +4759,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4839,7 +4839,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4922,7 +4922,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5084,7 +5084,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5167,7 +5167,7 @@ "port": 1458 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5251,7 +5251,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5331,7 +5331,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5415,7 +5415,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5498,7 +5498,7 @@ "port": 1459 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5578,7 +5578,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5661,7 +5661,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5744,7 +5744,7 @@ "port": 1460 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5823,7 +5823,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5905,7 +5905,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5988,7 +5988,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6067,7 +6067,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6149,7 +6149,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6231,7 +6231,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6313,7 +6313,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6395,7 +6395,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6477,7 +6477,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6560,7 +6560,7 @@ "port": 1382 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6645,7 +6645,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6729,7 +6729,7 @@ "port": 8278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6812,7 +6812,7 @@ "port": 1386 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6892,7 +6892,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6973,7 +6973,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7054,7 +7054,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7135,7 +7135,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7216,7 +7216,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7297,7 +7297,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7378,7 +7378,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7459,7 +7459,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7540,7 +7540,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7621,7 +7621,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7702,7 +7702,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7783,7 +7783,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7864,7 +7864,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7944,7 +7944,7 @@ "port": 8279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8027,7 +8027,7 @@ "port": 1275 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8106,7 +8106,7 @@ "port": 1190 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8189,7 +8189,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8269,7 +8269,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8357,7 +8357,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8437,7 +8437,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8520,7 +8520,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8603,7 +8603,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8682,7 +8682,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8765,7 +8765,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8845,7 +8845,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8929,7 +8929,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9012,7 +9012,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9092,7 +9092,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9176,7 +9176,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9259,7 +9259,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9339,7 +9339,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9424,7 +9424,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9508,7 +9508,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9591,7 +9591,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9671,7 +9671,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9755,7 +9755,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9838,7 +9838,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9917,7 +9917,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10000,7 +10000,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10079,7 +10079,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10162,7 +10162,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10241,7 +10241,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10324,7 +10324,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10404,7 +10404,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10489,7 +10489,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10574,7 +10574,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10658,7 +10658,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10741,7 +10741,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10820,7 +10820,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10903,7 +10903,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10983,7 +10983,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11067,7 +11067,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11150,7 +11150,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11230,7 +11230,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11315,7 +11315,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11404,7 +11404,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11483,7 +11483,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11566,7 +11566,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11646,7 +11646,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11734,7 +11734,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11814,7 +11814,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11897,7 +11897,7 @@ "port": 8293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11980,7 +11980,7 @@ "port": 1289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12060,7 +12060,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12145,7 +12145,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12234,7 +12234,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12314,7 +12314,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12397,7 +12397,7 @@ "port": 8294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12480,7 +12480,7 @@ "port": 1290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12560,7 +12560,7 @@ "port": 68 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12643,7 +12643,7 @@ "port": 8276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12730,7 +12730,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12814,7 +12814,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12894,7 +12894,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12982,7 +12982,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13062,7 +13062,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13146,7 +13146,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13234,7 +13234,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13314,7 +13314,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13397,7 +13397,7 @@ "port": 8295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13480,7 +13480,7 @@ "port": 1291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13564,7 +13564,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13644,7 +13644,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13727,7 +13727,7 @@ "port": 8296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13810,7 +13810,7 @@ "port": 1292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13889,7 +13889,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13972,7 +13972,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14051,7 +14051,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14134,7 +14134,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14214,7 +14214,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14298,7 +14298,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14381,7 +14381,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14460,7 +14460,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14543,7 +14543,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14623,7 +14623,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14708,7 +14708,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14793,7 +14793,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14877,7 +14877,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14960,7 +14960,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15039,7 +15039,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15122,7 +15122,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15206,7 +15206,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15286,7 +15286,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15370,7 +15370,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15454,7 +15454,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15537,7 +15537,7 @@ "port": 1299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15616,7 +15616,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15699,7 +15699,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15779,7 +15779,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15864,7 +15864,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15948,7 +15948,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16031,7 +16031,7 @@ "port": 1301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16110,7 +16110,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16193,7 +16193,7 @@ "port": 1302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16272,7 +16272,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16354,7 +16354,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16436,7 +16436,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16518,7 +16518,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16600,7 +16600,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16682,7 +16682,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16764,7 +16764,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16846,7 +16846,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16928,7 +16928,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17010,7 +17010,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17092,7 +17092,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17174,7 +17174,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17256,7 +17256,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17338,7 +17338,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17420,7 +17420,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17502,7 +17502,7 @@ "port": 8308 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17585,7 +17585,7 @@ "port": 1304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17664,7 +17664,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17746,7 +17746,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17833,7 +17833,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17917,7 +17917,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17997,7 +17997,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18081,7 +18081,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18164,7 +18164,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18247,7 +18247,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18326,7 +18326,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18408,7 +18408,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18490,7 +18490,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18572,7 +18572,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18654,7 +18654,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18736,7 +18736,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18818,7 +18818,7 @@ "port": 8307 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18901,7 +18901,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18986,7 +18986,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19067,7 +19067,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19148,7 +19148,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19228,7 +19228,7 @@ "port": 8310 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19311,7 +19311,7 @@ "port": 1306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19391,7 +19391,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19472,7 +19472,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19553,7 +19553,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19634,7 +19634,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19715,7 +19715,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19877,7 +19877,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19958,7 +19958,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20039,7 +20039,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20120,7 +20120,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20201,7 +20201,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20363,7 +20363,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20444,7 +20444,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20525,7 +20525,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20606,7 +20606,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20687,7 +20687,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20768,7 +20768,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20849,7 +20849,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20930,7 +20930,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21011,7 +21011,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21092,7 +21092,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21173,7 +21173,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21254,7 +21254,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21335,7 +21335,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21416,7 +21416,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21497,7 +21497,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21578,7 +21578,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21659,7 +21659,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21740,7 +21740,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21821,7 +21821,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21902,7 +21902,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21983,7 +21983,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index c7a8a6ac25d..c3ca4880622 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index f628e5601ae..26566f2aca2 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -102,7 +102,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index c0d95f0f88e..eee4cc43a51 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -77,7 +77,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index c3cb4660c50..85d7c2556fc 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -176,7 +176,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 9a032bb790a..48b9ef89d59 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -85,7 +85,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -156,7 +156,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -226,7 +226,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -303,7 +303,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ "port": 12834 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -454,7 +454,7 @@ "port": 4952 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 25882 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -597,7 +597,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -669,7 +669,7 @@ "port": 45392 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -745,7 +745,7 @@ "port": 4953 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -815,7 +815,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -893,7 +893,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -973,7 +973,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1037,7 +1037,7 @@ "port": 10879 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1113,7 +1113,7 @@ "port": 4954 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1179,7 +1179,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1241,7 +1241,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1311,7 +1311,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1381,7 +1381,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1451,7 +1451,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1521,7 +1521,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1591,7 +1591,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1661,7 +1661,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1731,7 +1731,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1801,7 +1801,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1871,7 +1871,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1939,7 +1939,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2001,7 +2001,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2063,7 +2063,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2133,7 +2133,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2203,7 +2203,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2273,7 +2273,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2343,7 +2343,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2413,7 +2413,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2483,7 +2483,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2553,7 +2553,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2623,7 +2623,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2694,7 +2694,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2768,7 +2768,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2840,7 +2840,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2913,7 +2913,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2990,7 +2990,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3140,7 +3140,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3217,7 +3217,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3294,7 +3294,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3369,7 +3369,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3435,7 +3435,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3503,7 +3503,7 @@ "port": 5000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3580,7 +3580,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3656,7 +3656,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3728,7 +3728,7 @@ "port": 1235 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3805,7 +3805,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3875,7 +3875,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3938,7 +3938,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4001,7 +4001,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4064,7 +4064,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4127,7 +4127,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4190,7 +4190,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4253,7 +4253,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4316,7 +4316,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4382,7 +4382,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4454,7 +4454,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4521,7 +4521,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4590,7 +4590,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4677,7 +4677,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4757,7 +4757,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4826,7 +4826,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4879,7 +4879,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4936,7 +4936,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5020,7 +5020,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5093,7 +5093,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5178,7 +5178,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5288,7 +5288,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5400,7 +5400,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5495,7 +5495,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5594,7 +5594,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5687,7 +5687,7 @@ "port": 18449 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5764,7 +5764,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5836,7 +5836,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "port": 50120 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6028,7 +6028,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6130,7 +6130,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6227,7 +6227,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6334,7 +6334,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6438,7 +6438,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index 86939376377..90a9c8e4bb1 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -83,7 +83,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -150,7 +150,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -217,7 +217,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d2fa172ad26..c19cbf4e3b7 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # # Parse the syslog header # diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index f7a5c46a9ee..c4ba76cbb37 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -258,7 +258,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 33ffc2f9c6b..fd0deb5170e 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.5.2" +version: "2.6.0" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index beff052ea80..3d41a0988d8 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.4.0" changes: - description: Added support to handle bad values in ip and date fields. diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index f4850dd49f2..60a46a1939b 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_begin", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_activate_duo_push", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_begin", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_set_password", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_self_activate", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_update", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_update", @@ -257,7 +257,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_update", diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 099fa453d12..5fd5a50b841 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo administrator logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index f2e2034ce42..648694d8a84 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -40,7 +40,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -735,7 +735,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -940,7 +940,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1043,7 +1043,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1352,7 +1352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1641,7 +1641,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1726,7 +1726,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 01ee8f8dbf8..be65ae7357b 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo authentication logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index 03f5e9db100..885ea331579 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index d5c19fd4812..3d0d30315c4 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo offline enrollment logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index 77e92617347..5a48cd28d52 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-07-14T12:19:12.108699204Z", + "@timestamp": "2022-07-27T02:23:04.309812405Z", "cisco_duo": { "summary": { "admin_count": 6, @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" @@ -21,7 +21,7 @@ ] }, { - "@timestamp": "2022-07-14T12:19:12.108704244Z", + "@timestamp": "2022-07-27T02:23:04.309819920Z", "cisco_duo": { "summary": { "admin_count": 3, @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index df7918f792d..ca713fd8e03 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo summary logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 9db310847e3..1d088c2d27a 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index af6af21b9f2..3c01afcced9 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo telephony logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.kind value: event diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 513810ae263..88ffdf99582 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: "1.4.0" +version: "1.5.0" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 2cce74dec6d..b908c2d3c91 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.3.1" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index f7d57b865be..3068e9c9cac 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -95,7 +95,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -169,7 +169,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 57621 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -308,7 +308,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index a841d5d6e17..0d439f79cce 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -96,7 +96,7 @@ "port": 1772 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -175,7 +175,7 @@ "port": 1758 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -259,7 +259,7 @@ "port": 1757 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -343,7 +343,7 @@ "port": 1755 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -427,7 +427,7 @@ "port": 1754 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -511,7 +511,7 @@ "port": 1752 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -595,7 +595,7 @@ "port": 1749 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -679,7 +679,7 @@ "port": 1750 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -763,7 +763,7 @@ "port": 1747 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -847,7 +847,7 @@ "port": 1742 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -931,7 +931,7 @@ "port": 1741 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1015,7 +1015,7 @@ "port": 1739 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "port": 1740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1183,7 +1183,7 @@ "port": 1738 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1267,7 +1267,7 @@ "port": 1756 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1351,7 +1351,7 @@ "port": 1737 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1435,7 +1435,7 @@ "port": 1736 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1519,7 +1519,7 @@ "port": 1765 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1602,7 +1602,7 @@ "port": 1188 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1684,7 +1684,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1850,7 +1850,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1929,7 +1929,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2011,7 +2011,7 @@ "port": 8257 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 1773 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2171,7 +2171,7 @@ "port": 8258 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2253,7 +2253,7 @@ "port": 1774 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2336,7 +2336,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2419,7 +2419,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2498,7 +2498,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2581,7 +2581,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2663,7 +2663,7 @@ "port": 8259 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2745,7 +2745,7 @@ "port": 1775 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2823,7 +2823,7 @@ "port": 1189 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2905,7 +2905,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2988,7 +2988,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3150,7 +3150,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3232,7 +3232,7 @@ "port": 8265 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3314,7 +3314,7 @@ "port": 1452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3397,7 +3397,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3480,7 +3480,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3642,7 +3642,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3724,7 +3724,7 @@ "port": 8266 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3806,7 +3806,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3885,7 +3885,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3973,7 +3973,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4052,7 +4052,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4135,7 +4135,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4217,7 +4217,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4299,7 +4299,7 @@ "port": 1454 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4377,7 +4377,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4459,7 +4459,7 @@ "port": 1455 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4537,7 +4537,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4619,7 +4619,7 @@ "port": 1456 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4702,7 +4702,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4781,7 +4781,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4863,7 +4863,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4945,7 +4945,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5023,7 +5023,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5105,7 +5105,7 @@ "port": 1458 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5188,7 +5188,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5267,7 +5267,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5350,7 +5350,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5432,7 +5432,7 @@ "port": 1459 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5511,7 +5511,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5593,7 +5593,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5675,7 +5675,7 @@ "port": 1460 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5745,7 +5745,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5799,7 +5799,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5881,7 +5881,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5951,7 +5951,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5997,7 +5997,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6043,7 +6043,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6089,7 +6089,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6135,7 +6135,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6181,7 +6181,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6236,7 +6236,7 @@ "port": 1382 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6320,7 +6320,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6403,7 +6403,7 @@ "port": 8278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6485,7 +6485,7 @@ "port": 1386 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6564,7 +6564,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6644,7 +6644,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6724,7 +6724,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6804,7 +6804,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6884,7 +6884,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6964,7 +6964,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7044,7 +7044,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7124,7 +7124,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7204,7 +7204,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7284,7 +7284,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7364,7 +7364,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7444,7 +7444,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7524,7 +7524,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7603,7 +7603,7 @@ "port": 8279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7685,7 +7685,7 @@ "port": 1275 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7763,7 +7763,7 @@ "port": 1190 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7845,7 +7845,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7924,7 +7924,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8011,7 +8011,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8090,7 +8090,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8172,7 +8172,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8254,7 +8254,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8332,7 +8332,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8414,7 +8414,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8493,7 +8493,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8576,7 +8576,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8658,7 +8658,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8737,7 +8737,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8820,7 +8820,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8902,7 +8902,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8981,7 +8981,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9065,7 +9065,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9148,7 +9148,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9230,7 +9230,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9309,7 +9309,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9392,7 +9392,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9474,7 +9474,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9552,7 +9552,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9634,7 +9634,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9712,7 +9712,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9794,7 +9794,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9872,7 +9872,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9954,7 +9954,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10033,7 +10033,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10117,7 +10117,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10201,7 +10201,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10284,7 +10284,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10366,7 +10366,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10444,7 +10444,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10526,7 +10526,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10605,7 +10605,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10688,7 +10688,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10770,7 +10770,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10849,7 +10849,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10933,7 +10933,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11021,7 +11021,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11099,7 +11099,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11181,7 +11181,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11260,7 +11260,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11347,7 +11347,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11426,7 +11426,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11508,7 +11508,7 @@ "port": 8293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11590,7 +11590,7 @@ "port": 1289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11669,7 +11669,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11753,7 +11753,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11841,7 +11841,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11920,7 +11920,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12002,7 +12002,7 @@ "port": 8294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12084,7 +12084,7 @@ "port": 1290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12163,7 +12163,7 @@ "port": 68 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12237,7 +12237,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12296,7 +12296,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12379,7 +12379,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12458,7 +12458,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12545,7 +12545,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12624,7 +12624,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12707,7 +12707,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12794,7 +12794,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12873,7 +12873,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12955,7 +12955,7 @@ "port": 8295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13037,7 +13037,7 @@ "port": 1291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13120,7 +13120,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13199,7 +13199,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13281,7 +13281,7 @@ "port": 8296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13363,7 +13363,7 @@ "port": 1292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13441,7 +13441,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13523,7 +13523,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13601,7 +13601,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13683,7 +13683,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13762,7 +13762,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13845,7 +13845,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13927,7 +13927,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14005,7 +14005,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14087,7 +14087,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14166,7 +14166,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14250,7 +14250,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14334,7 +14334,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14417,7 +14417,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14499,7 +14499,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14577,7 +14577,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14659,7 +14659,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14742,7 +14742,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14821,7 +14821,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14904,7 +14904,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14987,7 +14987,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15069,7 +15069,7 @@ "port": 1299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15147,7 +15147,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15229,7 +15229,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15308,7 +15308,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15392,7 +15392,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15475,7 +15475,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15557,7 +15557,7 @@ "port": 1301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15635,7 +15635,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15717,7 +15717,7 @@ "port": 1302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15787,7 +15787,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15833,7 +15833,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15879,7 +15879,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15925,7 +15925,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15971,7 +15971,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16017,7 +16017,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16063,7 +16063,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16109,7 +16109,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16155,7 +16155,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16201,7 +16201,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16247,7 +16247,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16293,7 +16293,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16339,7 +16339,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16385,7 +16385,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16431,7 +16431,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16485,7 +16485,7 @@ "port": 8308 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16567,7 +16567,7 @@ "port": 1304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16637,7 +16637,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16683,7 +16683,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16742,7 +16742,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16825,7 +16825,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16904,7 +16904,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16987,7 +16987,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17069,7 +17069,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17151,7 +17151,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17221,7 +17221,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17267,7 +17267,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17313,7 +17313,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17359,7 +17359,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17405,7 +17405,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17451,7 +17451,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17497,7 +17497,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17552,7 +17552,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17636,7 +17636,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17716,7 +17716,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17796,7 +17796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17875,7 +17875,7 @@ "port": 8310 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17957,7 +17957,7 @@ "port": 1306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18036,7 +18036,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18116,7 +18116,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18196,7 +18196,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18276,7 +18276,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18356,7 +18356,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18436,7 +18436,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18516,7 +18516,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18596,7 +18596,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18676,7 +18676,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18756,7 +18756,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18836,7 +18836,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18916,7 +18916,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18996,7 +18996,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19076,7 +19076,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19156,7 +19156,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19236,7 +19236,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19316,7 +19316,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19396,7 +19396,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19476,7 +19476,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19556,7 +19556,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19636,7 +19636,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19716,7 +19716,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19876,7 +19876,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19956,7 +19956,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20116,7 +20116,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20196,7 +20196,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20276,7 +20276,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20356,7 +20356,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20436,7 +20436,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20516,7 +20516,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20596,7 +20596,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 5cfb56125c5..cf5f1222fd1 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -66,7 +66,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -210,7 +210,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -352,7 +352,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -496,7 +496,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -639,7 +639,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -781,7 +781,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -926,7 +926,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1068,7 +1068,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1211,7 +1211,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1355,7 +1355,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1497,7 +1497,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1633,7 +1633,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1776,7 +1776,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1918,7 +1918,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2061,7 +2061,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2205,7 +2205,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2347,7 +2347,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2489,7 +2489,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2631,7 +2631,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2771,7 +2771,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2915,7 +2915,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 02ab7826062..9dddb30f752 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index 780a0c8be4e..1fdc9b0b368 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -46,7 +46,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -86,7 +86,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -126,7 +126,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -166,7 +166,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -206,7 +206,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -246,7 +246,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -286,7 +286,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -326,7 +326,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -366,7 +366,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -406,7 +406,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -446,7 +446,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -486,7 +486,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -526,7 +526,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -566,7 +566,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -606,7 +606,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -646,7 +646,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -686,7 +686,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -726,7 +726,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -766,7 +766,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -806,7 +806,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -846,7 +846,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -886,7 +886,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -926,7 +926,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -966,7 +966,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1006,7 +1006,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1046,7 +1046,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1086,7 +1086,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1126,7 +1126,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1166,7 +1166,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1206,7 +1206,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1246,7 +1246,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1286,7 +1286,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1327,7 +1327,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index 3dfe0e7fb36..c39e86bb87a 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -154,7 +154,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -265,7 +265,7 @@ "port": 39114 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -374,7 +374,7 @@ "port": 40740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index 5328c4648bd..b34f1959c10 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -18,7 +18,7 @@ "ip": "10.8.12.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -209,7 +209,7 @@ "port": 64311 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 40cab18f060..b2b3e9b382e 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -175,7 +175,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 13bd2c2ebe4..e50a3d31da3 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -84,7 +84,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -154,7 +154,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -299,7 +299,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -374,7 +374,7 @@ "port": 12834 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -448,7 +448,7 @@ "port": 4952 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -515,7 +515,7 @@ "port": 25882 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -589,7 +589,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -660,7 +660,7 @@ "port": 45392 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -735,7 +735,7 @@ "port": 4953 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -804,7 +804,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -878,7 +878,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -947,7 +947,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1010,7 +1010,7 @@ "port": 10879 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1085,7 +1085,7 @@ "port": 4954 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1150,7 +1150,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1211,7 +1211,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1280,7 +1280,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1349,7 +1349,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1418,7 +1418,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1487,7 +1487,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1556,7 +1556,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1625,7 +1625,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1694,7 +1694,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1832,7 +1832,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1899,7 +1899,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1960,7 +1960,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2021,7 +2021,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2090,7 +2090,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2159,7 +2159,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2228,7 +2228,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2297,7 +2297,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2366,7 +2366,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2435,7 +2435,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2504,7 +2504,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2573,7 +2573,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2643,7 +2643,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2716,7 +2716,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2791,7 +2791,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2867,7 +2867,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2947,7 +2947,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3026,7 +3026,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3101,7 +3101,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3181,7 +3181,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3261,7 +3261,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3339,7 +3339,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3408,7 +3408,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3479,7 +3479,7 @@ "port": 5000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3638,7 +3638,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3713,7 +3713,7 @@ "port": 1235 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3793,7 +3793,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3862,7 +3862,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3925,7 +3925,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3988,7 +3988,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4051,7 +4051,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4114,7 +4114,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4177,7 +4177,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4240,7 +4240,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4303,7 +4303,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4369,7 +4369,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4507,7 +4507,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4575,7 +4575,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4664,7 +4664,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4747,7 +4747,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4815,7 +4815,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4868,7 +4868,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4925,7 +4925,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index e6f543375d8..19ddf72218c 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -42,7 +42,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -157,7 +157,7 @@ "packets": 1 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -296,7 +296,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -436,7 +436,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -565,7 +565,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -698,7 +698,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -845,7 +845,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -977,7 +977,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1108,7 +1108,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -1229,7 +1229,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index a49552919ed..ecb41ff16d1 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -31,7 +31,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -132,7 +132,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -233,7 +233,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -334,7 +334,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -439,7 +439,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -551,7 +551,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -667,7 +667,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -794,7 +794,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -909,7 +909,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -1036,7 +1036,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -1166,7 +1166,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index e0822d23fab..c795eee96f6 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -64,7 +64,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 5e2d29fa2ed..641df7c6592 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' # # Parse the syslog header # diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index 43cf57e5920..afec5f3f06c 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -318,7 +318,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index edf8dc52825..f6298da7224 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: "2.3.1" +version: "2.4.0" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 1785dc6a0c3..a1ed43a6245 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.7.2" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index eae37c1fbbc..138b3f0a0ec 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -13,7 +13,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -66,7 +66,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -122,7 +122,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -184,7 +184,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "allow", @@ -247,7 +247,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -301,7 +301,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -444,7 +444,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -511,7 +511,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -560,7 +560,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -595,7 +595,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -665,7 +665,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -718,7 +718,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -830,7 +830,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "multicast-join", @@ -890,7 +890,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "multicast-join", @@ -936,7 +936,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -966,7 +966,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index 1e837fac928..8412583213a 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index 2760d6a4491..a9bccd285da 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -194,7 +194,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -380,7 +380,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -411,7 +411,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -473,7 +473,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index b45d868763a..b2bc1e4f554 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -72,7 +72,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0e66f85dc52..60b30dcb953 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.category value: network diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index dfab4411bd5..1d0692f8bfe 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: "1.7.2" +version: "1.8.0" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ise/_dev/build/build.yml +++ b/packages/cisco_ise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 027e55a153b..5f57fea238a 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "0.2.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json index 9895ae95e3c..dfa9c98785c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -250,7 +250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -589,7 +589,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -652,7 +652,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -717,7 +717,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -830,7 +830,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json index e2feede14c5..9d10dded8c8 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -191,7 +191,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -525,7 +525,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "feedservice", @@ -668,7 +668,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "feedservice", @@ -743,7 +743,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -981,7 +981,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap-tls", @@ -1058,7 +1058,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap-tls", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -1241,7 +1241,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -1324,7 +1324,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -1417,7 +1417,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "process-management", @@ -1499,7 +1499,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1661,7 +1661,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1813,7 +1813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1967,7 +1967,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -2044,7 +2044,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -2113,7 +2113,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -2173,7 +2173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -2249,7 +2249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2357,7 +2357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2451,7 +2451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2541,7 +2541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2626,7 +2626,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json index 8a22bed20f2..0eea31ce52f 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -491,7 +491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -597,7 +597,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -713,7 +713,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -916,7 +916,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication", @@ -997,7 +997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json index 4de3127c61c..5b4d50e3147 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -84,7 +84,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -269,7 +269,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -355,7 +355,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -495,7 +495,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -680,7 +680,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1108,7 +1108,7 @@ "port": 1645 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -1193,7 +1193,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json index d51bd954028..2babb749ea8 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json index 895eaeccc95..b01cda2bcfc 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -235,7 +235,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -618,7 +618,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -741,7 +741,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -825,7 +825,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -917,7 +917,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -1100,7 +1100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -1195,7 +1195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1265,7 +1265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json index 62489bee2e7..bb412e007c7 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -28,7 +28,7 @@ "port": 9025 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "profiler", @@ -152,7 +152,7 @@ "port": 9005 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -217,7 +217,7 @@ "port": 9005 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logging", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json index 0db18437781..7f65ce027f4 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json index e0976aff12e..f5d0603cf15 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -197,7 +197,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "passed-authentication", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -451,7 +451,7 @@ "port": 1645 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "passed-authentication", @@ -536,7 +536,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -608,7 +608,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json index 5cb299e1213..b17a0b055ab 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -41,7 +41,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -138,7 +138,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -259,7 +259,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -373,7 +373,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -467,7 +467,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -566,7 +566,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -658,7 +658,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json index 6b5586ab7e5..7d859d4d481 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eps", @@ -102,7 +102,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json index be86fa4f86f..cddf0a9d4c2 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -114,7 +114,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius-accounting", @@ -231,7 +231,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius-accounting", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json index 85a01a1fc6d..3e66735afc5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -59,7 +59,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -183,7 +183,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -269,7 +269,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -379,7 +379,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -501,7 +501,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -605,7 +605,7 @@ "port": 73 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -684,7 +684,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -784,7 +784,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -894,7 +894,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -994,7 +994,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1098,7 +1098,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1197,7 +1197,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1313,7 +1313,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1437,7 +1437,7 @@ "port": 72 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1553,7 +1553,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1669,7 +1669,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1788,7 +1788,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1913,7 +1913,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2038,7 +2038,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2164,7 +2164,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2284,7 +2284,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2399,7 +2399,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2519,7 +2519,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2638,7 +2638,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2757,7 +2757,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2877,7 +2877,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2991,7 +2991,7 @@ "port": 1892 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json index 8c214c59c06..02cf32428bf 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -174,7 +174,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -568,7 +568,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json index 88c27421ebd..0acc65ae709 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -112,7 +112,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -263,7 +263,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -433,7 +433,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -578,7 +578,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json index c89939c7542..7efaa934a0a 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "irf", @@ -94,7 +94,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "irf", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 7163e5673cf..c9e46cb7cf4 100644 --- a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco ISE logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index fe02ed6d8aa..3ee8ea8f718 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "0.2.0" +version: "0.3.0" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration