From 297f04bdb727fa5465cb5204e6e551a3762e8c4a Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:26 -0500 Subject: [PATCH 01/32] Update ECS version for carbon_black_cloud ECS version updated to 8.4.0 --- packages/carbon_black_cloud/_dev/build/build.yml | 2 +- .../data_stream/alert/elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/audit/elasticsearch/ingest_pipeline/default.yml | 2 +- .../endpoint_event/elasticsearch/ingest_pipeline/default.yml | 2 +- .../watchlist_hit/elasticsearch/ingest_pipeline/default.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/carbon_black_cloud/_dev/build/build.yml b/packages/carbon_black_cloud/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/carbon_black_cloud/_dev/build/build.yml +++ b/packages/carbon_black_cloud/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml index 4692b0a9b01..a302659e9ed 100644 --- a/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts. processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml index 56e9330ce12..5ded16ebb31 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - json: field: event.original target_field: json diff --git a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 95ae448bef1..ebf7661d618 100644 --- a/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml index 0b3eb810370..e4e39bfcb42 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml index cb8a55f4636..06be0aa2afe 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud watchlist hit. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.kind value: event From 057d179455ae75dd3423161c60ea50f49b04aed9 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:27 -0500 Subject: [PATCH 02/32] Update ECS version for carbonblack_edr ECS version updated to 8.4.0 --- packages/carbonblack_edr/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/carbonblack_edr/_dev/build/build.yml b/packages/carbonblack_edr/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/carbonblack_edr/_dev/build/build.yml +++ b/packages/carbonblack_edr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 6b8cdb2e7c9..65c7b199ebf 100644 --- a/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/carbonblack_edr/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing CarbonBlack EDR logs processors: - set: field: ecs.version - value: 8.3.0 + value: '8.4.0' # Validate that the input document conforms to the expected format # to avoid repetitive checks. From 2d93a8f0581275625a19405e158475725fc33222 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:27 -0500 Subject: [PATCH 03/32] Update ECS version for cef ECS version updated to 8.4.0 --- packages/cef/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cef/_dev/build/build.yml b/packages/cef/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cef/_dev/build/build.yml +++ b/packages/cef/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 05a4f607013..01c4ed82c61 100644 --- a/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cef/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for CEF logs. CEF decoding happens in the Agent. This perf processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - convert: field: event.id From 21bf3dacd2cc0e77581f0b7334e4bb9e5aecb8a8 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:28 -0500 Subject: [PATCH 04/32] Update ECS version for checkpoint ECS version updated to 8.4.0 --- packages/checkpoint/_dev/build/build.yml | 2 +- .../firewall/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/checkpoint/_dev/build/build.yml b/packages/checkpoint/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/checkpoint/_dev/build/build.yml +++ b/packages/checkpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml index 21ec0c247d3..e0cc4219a19 100644 --- a/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml +++ b/packages/checkpoint/data_stream/firewall/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing checkpoint firewall logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original From 69ede6d8e3a7b466b0c253d8d8cc59966196cdbe Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:28 -0500 Subject: [PATCH 05/32] Update ECS version for cisco ECS version updated to 8.4.0 --- packages/cisco/_dev/build/build.yml | 2 +- .../data_stream/asa/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ftd/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ios/elasticsearch/ingest_pipeline/default.yml | 2 +- .../meraki/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/nexus/elasticsearch/ingest_pipeline/default.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/cisco/_dev/build/build.yml b/packages/cisco/_dev/build/build.yml index 47cbed9fed8..2254d90483c 100644 --- a/packages/cisco/_dev/build/build.yml +++ b/packages/cisco/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.0.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml index d69265b5550..6b8a0292070 100644 --- a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '1.12.0' + value: '8.4.0' # # Parse the syslog header # diff --git a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml index 6e0f692cb5a..9644bfbe153 100644 --- a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '1.12.0' + value: '8.4.0' # # Parse the syslog header # diff --git a/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml index 23b37b285a2..84ddd13807e 100644 --- a/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '1.12.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml index 9d52405888d..cd91df0057e 100644 --- a/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: # ECS event.ingested - set: field: ecs.version - value: '8.0.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml index 0ae3463d969..a49c0364a5f 100644 --- a/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: # ECS event.ingested - set: field: ecs.version - value: '8.0.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original From 91cba102445bbb08763e65f330c0d091718d0b34 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:29 -0500 Subject: [PATCH 06/32] Update ECS version for cisco_asa ECS version updated to 8.4.0 --- packages/cisco_asa/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_asa/_dev/build/build.yml b/packages/cisco_asa/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_asa/_dev/build/build.yml +++ b/packages/cisco_asa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d2fa172ad26..c19cbf4e3b7 100644 --- a/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_asa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # # Parse the syslog header # From 43d87f43e0b5467aee38fe164242f6dbcc6f87e2 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:30 -0500 Subject: [PATCH 07/32] Update ECS version for cisco_duo ECS version updated to 8.4.0 --- packages/cisco_duo/_dev/build/build.yml | 2 +- .../data_stream/admin/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/auth/elasticsearch/ingest_pipeline/default.yml | 2 +- .../elasticsearch/ingest_pipeline/default.yml | 2 +- .../summary/elasticsearch/ingest_pipeline/default.yml | 2 +- .../telephony/elasticsearch/ingest_pipeline/default.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/cisco_duo/_dev/build/build.yml b/packages/cisco_duo/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_duo/_dev/build/build.yml +++ b/packages/cisco_duo/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml index 099fa453d12..5fd5a50b841 100644 --- a/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/admin/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo administrator logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml index 01ee8f8dbf8..be65ae7357b 100644 --- a/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/auth/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo authentication logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml index d5c19fd4812..3d0d30315c4 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/offline_enrollment/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo offline enrollment logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml index df7918f792d..ca713fd8e03 100644 --- a/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/summary/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo summary logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: "@timestamp" value: "{{{_ingest.timestamp}}}" diff --git a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml index af6af21b9f2..3c01afcced9 100644 --- a/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_duo/data_stream/telephony/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cisco_duo telephony logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.kind value: event From 8ed53795f548746ab985614983f5927c449a4dc0 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:30 -0500 Subject: [PATCH 08/32] Update ECS version for cisco_ftd ECS version updated to 8.4.0 --- packages/cisco_ftd/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_ftd/_dev/build/build.yml b/packages/cisco_ftd/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ftd/_dev/build/build.yml +++ b/packages/cisco_ftd/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 5e2d29fa2ed..641df7c6592 100644 --- a/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ftd/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' # # Parse the syslog header # From 89c73a4bf7a23db33efb3c183bf0be778aa8e62a Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:31 -0500 Subject: [PATCH 09/32] Update ECS version for cisco_ios ECS version updated to 8.4.0 --- packages/cisco_ios/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_ios/_dev/build/build.yml b/packages/cisco_ios/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ios/_dev/build/build.yml +++ b/packages/cisco_ios/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 0e66f85dc52..60b30dcb953 100644 --- a/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ios/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.category value: network From 4752993665488b8eb3441e7f70c254adf0314ad0 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:34:31 -0500 Subject: [PATCH 10/32] Update ECS version for cisco_ise ECS version updated to 8.4.0 --- packages/cisco_ise/_dev/build/build.yml | 2 +- .../data_stream/log/elasticsearch/ingest_pipeline/default.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cisco_ise/_dev/build/build.yml b/packages/cisco_ise/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_ise/_dev/build/build.yml +++ b/packages/cisco_ise/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 7163e5673cf..c9e46cb7cf4 100644 --- a/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_ise/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco ISE logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original From cc284f2b66d56da0928e4dbb1e2753193d0918bf Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:44 -0500 Subject: [PATCH 11/32] Updated Changelog and Manifests for carbon_black_cloud --- packages/carbon_black_cloud/changelog.yml | 5 +++++ packages/carbon_black_cloud/docs/README.md | 8 ++++---- packages/carbon_black_cloud/manifest.yml | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/carbon_black_cloud/changelog.yml b/packages/carbon_black_cloud/changelog.yml index 865d9b442e2..1036108f99c 100644 --- a/packages/carbon_black_cloud/changelog.yml +++ b/packages/carbon_black_cloud/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.1.1" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/carbon_black_cloud/docs/README.md b/packages/carbon_black_cloud/docs/README.md index 03539a47b41..4bc1096317a 100644 --- a/packages/carbon_black_cloud/docs/README.md +++ b/packages/carbon_black_cloud/docs/README.md @@ -402,7 +402,7 @@ An example event for `alert` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | @@ -641,7 +641,7 @@ An example event for `endpoint_event` looks as following: | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | | log.offset | Log offset | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | | process.command_line.text | Multi-field of `process.command_line`. | match_only_text | @@ -873,7 +873,7 @@ An example event for `watchlist_hit` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | @@ -1036,7 +1036,7 @@ An example event for `asset_vulnerability_summary` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Input type | keyword | diff --git a/packages/carbon_black_cloud/manifest.yml b/packages/carbon_black_cloud/manifest.yml index b9140548a07..4b00177d643 100644 --- a/packages/carbon_black_cloud/manifest.yml +++ b/packages/carbon_black_cloud/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: carbon_black_cloud title: VMware Carbon Black Cloud -version: "1.1.1" +version: "1.2.0" license: basic description: Collect logs from VMWare Carbon Black Cloud with Elastic Agent. type: integration From e0f92d89e2eb16a64b716b05b298dabf607d5fa5 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:45 -0500 Subject: [PATCH 12/32] Updated Changelog and Manifests for carbonblack_edr --- packages/carbonblack_edr/changelog.yml | 5 +++++ packages/carbonblack_edr/docs/README.md | 8 ++++---- packages/carbonblack_edr/manifest.yml | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/carbonblack_edr/changelog.yml b/packages/carbonblack_edr/changelog.yml index 1cb7fc25d92..3578edfb852 100644 --- a/packages/carbonblack_edr/changelog.yml +++ b/packages/carbonblack_edr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.4.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/carbonblack_edr/docs/README.md b/packages/carbonblack_edr/docs/README.md index 6ca362b2e87..38298446c11 100644 --- a/packages/carbonblack_edr/docs/README.md +++ b/packages/carbonblack_edr/docs/README.md @@ -303,7 +303,7 @@ An example event for `log` looks as following: | host.os.name | Operating system name, without the version. | keyword | | host.os.name.text | Multi-field of `host.os.name`. | match_only_text | | host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Type of Filebeat input. | keyword | @@ -311,7 +311,7 @@ An example event for `log` looks as following: | log.flags | Flags for the log file. | keyword | | log.offset | Offset of the entry in the log file. | long | | log.source.address | Source address from which the log event was read / sent from. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.name | Custom name of the observer. This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. If no custom name is needed, the field can be left empty. | keyword | @@ -319,7 +319,7 @@ An example event for `log` looks as following: | observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | | observer.vendor | Vendor name of the observer. | keyword | | observer.version | Observer version. | keyword | -| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | | process.command_line.text | Multi-field of `process.command_line`. | match_only_text | | process.entity_id | Unique identifier for the process. The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. | keyword | @@ -343,7 +343,7 @@ An example event for `log` looks as following: | threat.indicator.file.hash.md5 | MD5 hash. | keyword | | threat.indicator.ip | Identifies a threat indicator as an IP address (irrespective of direction). | ip | | threat.indicator.port | Identifies a threat indicator as a port number (irrespective of direction). | long | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | | threat.indicator.url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | tls.client.ja3 | A hash that identifies clients based on how they perform an SSL/TLS handshake. | keyword | | tls.server.ja3s | A hash that identifies servers based on how they perform an SSL/TLS handshake. | keyword | diff --git a/packages/carbonblack_edr/manifest.yml b/packages/carbonblack_edr/manifest.yml index 7f9f0eedd90..dd14ba9e92d 100644 --- a/packages/carbonblack_edr/manifest.yml +++ b/packages/carbonblack_edr/manifest.yml @@ -1,6 +1,6 @@ name: carbonblack_edr title: VMware Carbon Black EDR -version: "1.4.0" +version: "1.5.0" release: ga description: Collect logs from VMware Carbon Black EDR with Elastic Agent. type: integration From 9c4605d36963e7da62ee150abad016dd7e8c5416 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:47 -0500 Subject: [PATCH 13/32] Updated Changelog and Manifests for cef --- packages/cef/changelog.yml | 5 +++++ packages/cef/docs/README.md | 2 +- packages/cef/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/cef/changelog.yml b/packages/cef/changelog.yml index 6f1d91b074e..217287f0bc6 100644 --- a/packages/cef/changelog.yml +++ b/packages/cef/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.2.1" changes: - description: Update package name and description to align with standard wording diff --git a/packages/cef/docs/README.md b/packages/cef/docs/README.md index 996ea05c7fd..03da14097bd 100644 --- a/packages/cef/docs/README.md +++ b/packages/cef/docs/README.md @@ -566,7 +566,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.egress.zone | Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. | keyword | | observer.hostname | Hostname of the observer. | keyword | diff --git a/packages/cef/manifest.yml b/packages/cef/manifest.yml index 59ed7ec93ba..f08e1eed96a 100644 --- a/packages/cef/manifest.yml +++ b/packages/cef/manifest.yml @@ -1,6 +1,6 @@ name: cef title: Common Event Format (CEF) -version: 2.2.1 +version: 2.3.0 release: ga description: Collect logs from CEF Logs with Elastic Agent. type: integration From c0aecb750a57aa9e6c73a454d96316b7ce75ca11 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:48 -0500 Subject: [PATCH 14/32] Updated Changelog and Manifests for checkpoint --- packages/checkpoint/changelog.yml | 5 +++++ packages/checkpoint/docs/README.md | 2 +- packages/checkpoint/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/checkpoint/changelog.yml b/packages/checkpoint/changelog.yml index 98c0af27f97..e42226cd2a2 100644 --- a/packages/checkpoint/changelog.yml +++ b/packages/checkpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.7.1" changes: - description: Fix handling of R81 fields. diff --git a/packages/checkpoint/docs/README.md b/packages/checkpoint/docs/README.md index c0de8faf5e1..c9c43dfc879 100644 --- a/packages/checkpoint/docs/README.md +++ b/packages/checkpoint/docs/README.md @@ -611,7 +611,7 @@ An example event for `firewall` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.name | Name given by operators to sections of their network. | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/checkpoint/manifest.yml b/packages/checkpoint/manifest.yml index 079d9ebd120..fe11a1639a2 100644 --- a/packages/checkpoint/manifest.yml +++ b/packages/checkpoint/manifest.yml @@ -1,6 +1,6 @@ name: checkpoint title: Check Point -version: "1.7.1" +version: "1.8.0" release: ga description: Collect logs from Check Point with Elastic Agent. type: integration From 33f048079ccf3618ea0d870e161bc1596e28cc8e Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:50 -0500 Subject: [PATCH 15/32] Updated Changelog and Manifests for cisco --- packages/cisco/changelog.yml | 5 +++++ packages/cisco/docs/README.md | 8 ++++---- packages/cisco/manifest.yml | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index ed20c974cd2..1649a66fed2 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.14.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "0.13.3" changes: - description: Update readme file diff --git a/packages/cisco/docs/README.md b/packages/cisco/docs/README.md index 1b440cf6289..8166b733c6d 100644 --- a/packages/cisco/docs/README.md +++ b/packages/cisco/docs/README.md @@ -256,7 +256,7 @@ An example event for `asa` looks as following: | log.source.address | Source address from which the log event was read / sent from. | keyword | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | @@ -634,7 +634,7 @@ An example event for `ftd` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | @@ -1091,7 +1091,7 @@ An example event for `nexus` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | @@ -2032,7 +2032,7 @@ An example event for `meraki` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 2b4ec970c68..72348419bdf 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.13.3 +version: 0.14.0 license: basic description: Deprecated. Use a specific Cisco package instead. type: integration From 641c73cb4a5e46761a27139c1cc9305678a1e1d4 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:52 -0500 Subject: [PATCH 16/32] Updated Changelog and Manifests for cisco_asa --- packages/cisco_asa/changelog.yml | 5 +++++ packages/cisco_asa/docs/README.md | 2 +- packages/cisco_asa/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 0aff02cbf6e..8c74634d90f 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.5.2" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_asa/docs/README.md b/packages/cisco_asa/docs/README.md index f7a5c46a9ee..c4ba76cbb37 100644 --- a/packages/cisco_asa/docs/README.md +++ b/packages/cisco_asa/docs/README.md @@ -258,7 +258,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index 33ffc2f9c6b..fd0deb5170e 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.5.2" +version: "2.6.0" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration From b5280d96b2f55b0e7cac800ad2ea8d3c1b895c4d Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:54 -0500 Subject: [PATCH 17/32] Updated Changelog and Manifests for cisco_duo --- packages/cisco_duo/changelog.yml | 5 +++++ packages/cisco_duo/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/cisco_duo/changelog.yml b/packages/cisco_duo/changelog.yml index beff052ea80..3d41a0988d8 100644 --- a/packages/cisco_duo/changelog.yml +++ b/packages/cisco_duo/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.4.0" changes: - description: Added support to handle bad values in ip and date fields. diff --git a/packages/cisco_duo/manifest.yml b/packages/cisco_duo/manifest.yml index 513810ae263..88ffdf99582 100644 --- a/packages/cisco_duo/manifest.yml +++ b/packages/cisco_duo/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_duo title: Cisco Duo -version: "1.4.0" +version: "1.5.0" license: basic description: Collect logs from Cisco Duo with Elastic Agent. type: integration From 52369fb6a08de0a3c511b74247cf21f6cc632310 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:55 -0500 Subject: [PATCH 18/32] Updated Changelog and Manifests for cisco_ftd --- packages/cisco_ftd/changelog.yml | 5 +++++ packages/cisco_ftd/docs/README.md | 2 +- packages/cisco_ftd/manifest.yml | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index 2cce74dec6d..b908c2d3c91 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "2.3.1" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_ftd/docs/README.md b/packages/cisco_ftd/docs/README.md index 43cf57e5920..afec5f3f06c 100644 --- a/packages/cisco_ftd/docs/README.md +++ b/packages/cisco_ftd/docs/README.md @@ -318,7 +318,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index edf8dc52825..f6298da7224 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: "2.3.1" +version: "2.4.0" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration From ce3f77119b687f9670ba56e31f5c45c0b8022a5a Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:56 -0500 Subject: [PATCH 19/32] Updated Changelog and Manifests for cisco_ios --- packages/cisco_ios/changelog.yml | 5 +++++ packages/cisco_ios/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 1785dc6a0c3..a1ed43a6245 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.8.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "1.7.2" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index dfab4411bd5..1d0692f8bfe 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: "1.7.2" +version: "1.8.0" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration From a7c200e2cafc33595174d450910dd4ca0d9cf4e3 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:39:58 -0500 Subject: [PATCH 20/32] Updated Changelog and Manifests for cisco_ise --- packages/cisco_ise/changelog.yml | 5 +++++ packages/cisco_ise/manifest.yml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 027e55a153b..5f57fea238a 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3842 - version: "0.2.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index fe02ed6d8aa..3ee8ea8f718 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "0.2.0" +version: "0.3.0" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration From 6167c2ed59f3a34061d66cd2913ecb39afaa714a Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:47:30 -0500 Subject: [PATCH 21/32] Revert "Updated Changelog and Manifests for cisco" This reverts commit a078d70a189fc7433264000409b31e461c88201a. --- packages/cisco/changelog.yml | 5 ----- packages/cisco/docs/README.md | 8 ++++---- packages/cisco/manifest.yml | 2 +- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/packages/cisco/changelog.yml b/packages/cisco/changelog.yml index 1649a66fed2..ed20c974cd2 100644 --- a/packages/cisco/changelog.yml +++ b/packages/cisco/changelog.yml @@ -1,9 +1,4 @@ # newer versions go on top -- version: "0.14.0" - changes: - - description: Update package to ECS 8.4.0 - type: enhancement - link: https://github.com/elastic/integrations/pull/3842 - version: "0.13.3" changes: - description: Update readme file diff --git a/packages/cisco/docs/README.md b/packages/cisco/docs/README.md index 8166b733c6d..1b440cf6289 100644 --- a/packages/cisco/docs/README.md +++ b/packages/cisco/docs/README.md @@ -256,7 +256,7 @@ An example event for `asa` looks as following: | log.source.address | Source address from which the log event was read / sent from. | keyword | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | @@ -634,7 +634,7 @@ An example event for `ftd` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | @@ -1091,7 +1091,7 @@ An example event for `nexus` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | @@ -2032,7 +2032,7 @@ An example event for `meraki` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/cisco/manifest.yml b/packages/cisco/manifest.yml index 72348419bdf..2b4ec970c68 100644 --- a/packages/cisco/manifest.yml +++ b/packages/cisco/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco title: Cisco -version: 0.14.0 +version: 0.13.3 license: basic description: Deprecated. Use a specific Cisco package instead. type: integration From 01b2a63702f2c63183b6eca055c0726dc1c59fec Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 20:47:59 -0500 Subject: [PATCH 22/32] Revert "Update ECS version for cisco" This reverts commit a7a8a90c6b90e31351bab263c61219ab452ae5f5. --- packages/cisco/_dev/build/build.yml | 2 +- .../data_stream/asa/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ftd/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/ios/elasticsearch/ingest_pipeline/default.yml | 2 +- .../meraki/elasticsearch/ingest_pipeline/default.yml | 2 +- .../data_stream/nexus/elasticsearch/ingest_pipeline/default.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/cisco/_dev/build/build.yml b/packages/cisco/_dev/build/build.yml index 2254d90483c..47cbed9fed8 100644 --- a/packages/cisco/_dev/build/build.yml +++ b/packages/cisco/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.4.0-rc1 + reference: git@v8.0.0 diff --git a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml index 6b8a0292070..d69265b5550 100644 --- a/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/asa/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '1.12.0' # # Parse the syslog header # diff --git a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml index 9644bfbe153..6e0f692cb5a 100644 --- a/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/ftd/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: '8.4.0' + value: '1.12.0' # # Parse the syslog header # diff --git a/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml index 84ddd13807e..23b37b285a2 100644 --- a/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/ios/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco IOS logs. processors: - set: field: ecs.version - value: '8.4.0' + value: '1.12.0' - rename: field: message target_field: event.original diff --git a/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml index cd91df0057e..9d52405888d 100644 --- a/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/meraki/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: # ECS event.ingested - set: field: ecs.version - value: '8.4.0' + value: '8.0.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml b/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml index a49c0364a5f..0ae3463d969 100644 --- a/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco/data_stream/nexus/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ processors: # ECS event.ingested - set: field: ecs.version - value: '8.4.0' + value: '8.0.0' # User agent - user_agent: field: user_agent.original From 1d35fff2390e20ed92541feab7b8381095fc65af Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:22:55 -0500 Subject: [PATCH 23/32] Updated pipeline tests for carbon_black_cloud --- .../pipeline/test-alert.log-expected.json | 6 +-- ...et-vulnerability-summary.log-expected.json | 16 ++++---- .../pipeline/test-audit.log-expected.json | 14 +++---- .../test-endpoint-event.log-expected.json | 38 +++++++++---------- .../test-watchlist-hit.log-expected.json | 12 +++--- 5 files changed, 43 insertions(+), 43 deletions(-) diff --git a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json index 9f909602052..6a68f0318ac 100644 --- a/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2021-01-04T23:25:58Z", @@ -158,7 +158,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2020-11-17T22:02:16Z", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "end": "2021-01-04T22:22:42Z", diff --git a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json index 075579c742b..7f73190e13c 100644 --- a/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/asset_vulnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":1,\"highest_risk_score\":5.3,\"host_name\":\"DESKTOP-001\",\"last_sync_ts\":\"2022-02-14T08:32:37.105065Z\",\"name\":\"DESKTOP-001KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows Server 2019 Datacenter\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":137}" @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":2,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-002\",\"last_sync_ts\":\"2021-12-31T22:16:06.970164Z\",\"name\":\"DESKTOP-002KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19044\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":342}" @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":3,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-003\",\"last_sync_ts\":\"2022-02-03T15:27:28.681106Z\",\"name\":\"DESKTOP-003KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Enterprise\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18363\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":499}" @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":4,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-004\",\"last_sync_ts\":\"2022-01-06T03:51:45.460029Z\",\"name\":\"DESKTOP-004KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":885}" @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":5,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-005\",\"last_sync_ts\":\"2022-01-10T02:46:08.236117Z\",\"name\":\"DESKTOP-005KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":893}" @@ -258,7 +258,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":6,\"highest_risk_score\":6,\"host_name\":\"DESKTOP-006\",\"last_sync_ts\":\"2022-01-10T03:11:44.097219Z\",\"name\":\"DESKTOP-006KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":276}" @@ -306,7 +306,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":7,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-007\",\"last_sync_ts\":\"2022-01-11T08:41:31.573863Z\",\"name\":\"DESKTOP-007KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19043\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":542}" @@ -354,7 +354,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"cve_ids\":null,\"device_id\":8,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-008\",\"last_sync_ts\":\"2022-01-17T08:33:37.384932Z\",\"name\":\"DESKTOP-008KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":1770}" diff --git a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 5169f5fe617..23a0decfadf 100644 --- a/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "16xxxxxxxxxx8ac7bd", @@ -51,7 +51,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "21xxxxxxxxxx93ff7c", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "28xxxxxxxxxx8ac7bd", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "34xxxxxxxxxxd9ccf9", @@ -159,7 +159,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "3axxxxxxxxxx2e5035", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "32xxxxxxxxxx189c6d", @@ -231,7 +231,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "a9xxxxxxxxxx4b3d2c", diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index 18f5ee6919d..fad465a0471 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_KEY", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_WRITE_VALUE", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -301,10 +301,10 @@ }, "related": { "hash": [ - "fae441a6ec7fd8f55a404797a25c8910", "9520a99e77d6196d0d09833146424113", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", "9e9c7696859b94b1c33a532fa4d5c648226cf3361121dd899e502b8949fb11a6", + "fae441a6ec7fd8f55a404797a25c8910", "2498272dc48446891182747428d02a30", "dd191a5b23df92e12a8852291f9fb5ed594b76a28a5a464418442584afd1e048" ], @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_OPEN_PROCESS_HANDLE", @@ -504,7 +504,7 @@ "path": "c:\\windows\\system32\\fltlib.dll" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -546,8 +546,8 @@ "baf97b2a629723947539cff84e896cd29565ab4bb68b0cec515eb5c5d6637b69", "353f8d4e647a11f235f4262d913f7bac4c4f266eac4601ea416e861afd611912", "e202dd92848c5103c9abf8ecd22bc539", - "2445dece99deedbd701dc6dfe10e648e", "c5e9b1d1103edcea2e408e9497a5a88f", + "2445dece99deedbd701dc6dfe10e648e", "5a780d6630639ffb7fd3d295c182eaa2a7cad2c70248c5ba8f334bb3803353ca" ], "hosts": [ @@ -625,7 +625,7 @@ "path": "c:\\windows\\system32\\dnsapi.dll" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_MODULE", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -785,9 +785,9 @@ }, "related": { "hash": [ - "fae441a6ec7fd8f55a404797a25c8910", "03dd698da2671383c9b4f868c9931879", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", + "fae441a6ec7fd8f55a404797a25c8910", "2445dece99deedbd701dc6dfe10e648e", "5a780d6630639ffb7fd3d295c182eaa2a7cad2c70248c5ba8f334bb3803353ca", "44a1975b2197484bb22a0eb673e67e7ee9ec20265e9f6347f5e06b6447ac82c5" @@ -867,7 +867,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CREATE_PROCESS", @@ -906,10 +906,10 @@ }, "related": { "hash": [ - "fae441a6ec7fd8f55a404797a25c8910", "70cc03d968b1e7446d30af1037c228bf", "03dd698da2671383c9b4f868c9931879", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", + "fae441a6ec7fd8f55a404797a25c8910", "44a1975b2197484bb22a0eb673e67e7ee9ec20265e9f6347f5e06b6447ac82c5", "28aba00ae4f5f93b6b60ffcd9037167880eff26ff8116086342a22841d69fd6b" ], @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1067,7 +1067,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_PROCESS_TERMINATE", @@ -1162,7 +1162,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE", @@ -1260,7 +1260,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE", @@ -1362,7 +1362,7 @@ "port": 62909 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CONNECTION_CREATE", @@ -1470,7 +1470,7 @@ "port": 9716 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_CONNECTION_LISTEN", @@ -1587,7 +1587,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ACTION_LOAD_SCRIPT", diff --git a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json index 4c750bb15d9..b32c3bb334d 100644 --- a/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/watchlist_hit/_dev/test/pipeline/test-watchlist-hit.log-expected.json @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -683,7 +683,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", From 714e2061224104dc4db9dbfee91a676657f77d87 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:22:56 -0500 Subject: [PATCH 24/32] Updated pipeline tests for carbonblack_edr --- .../pipeline/test-events.json-expected.json | 198 +++++++++--------- 1 file changed, 99 insertions(+), 99 deletions(-) diff --git a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json index fb49692bedb..89f1346840a 100644 --- a/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/carbonblack_edr/data_stream/log/_dev/test/pipeline/test-events.json-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -89,7 +89,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -127,7 +127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -315,7 +315,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -361,7 +361,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -428,7 +428,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -470,7 +470,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -590,7 +590,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -633,7 +633,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -702,7 +702,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -748,7 +748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -791,7 +791,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -823,7 +823,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1000,7 +1000,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1032,7 +1032,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1082,7 +1082,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1136,7 +1136,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1220,7 +1220,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1257,7 +1257,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1334,7 +1334,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1452,7 +1452,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1528,7 +1528,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1565,7 +1565,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1601,7 +1601,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -1645,7 +1645,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -1679,7 +1679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -1731,7 +1731,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -1808,7 +1808,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -1879,7 +1879,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -1916,7 +1916,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -1952,7 +1952,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -1993,7 +1993,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2039,7 +2039,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2123,7 +2123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2194,7 +2194,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -2255,7 +2255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -2292,7 +2292,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -2328,7 +2328,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -2369,7 +2369,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2415,7 +2415,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2457,7 +2457,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -2501,7 +2501,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2551,7 +2551,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2590,7 +2590,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -2630,7 +2630,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -2667,7 +2667,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -2703,7 +2703,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -2744,7 +2744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -2790,7 +2790,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -2832,7 +2832,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -2876,7 +2876,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -2925,7 +2925,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -2969,7 +2969,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -3016,7 +3016,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3063,7 +3063,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -3136,7 +3136,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -3177,7 +3177,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3223,7 +3223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -3265,7 +3265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -3309,7 +3309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3359,7 +3359,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -3396,7 +3396,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unknown", @@ -3444,7 +3444,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3542,7 +3542,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.childproc", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -3616,7 +3616,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.tamper", @@ -3661,7 +3661,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -3707,7 +3707,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -3749,7 +3749,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -3842,7 +3842,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -3888,7 +3888,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -3942,7 +3942,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", @@ -3989,7 +3989,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.regmod", @@ -4040,7 +4040,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.childproc", @@ -4078,7 +4078,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.observed", @@ -4127,7 +4127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.filemod", @@ -4167,7 +4167,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.host.observed", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.moduleload", @@ -4255,7 +4255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.module", @@ -4299,7 +4299,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "binaryinfo.group.observed", @@ -4348,7 +4348,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.netconn", @@ -4396,7 +4396,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.filemod", @@ -4447,7 +4447,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ingress.event.remotethread", From c7e9f487247c875597b1a3616f5242f4081ee319 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:22:57 -0500 Subject: [PATCH 25/32] Updated pipeline tests for cef --- .../pipeline/test-arcsight.json-expected.json | 8 ++++---- .../test/pipeline/test-cef.json-expected.json | 8 ++++---- .../test-checkpoint.json-expected.json | 6 +++--- .../test-cisco-asa.json-expected.json | 2 +- .../test-fp-ngfw-smc.json-expected.json | 20 +++++++++---------- .../test-netscaler.json-expected.json | 10 +++++----- .../pipeline/test-syslog.json-expected.json | 2 +- .../test-trend-micro.json-expected.json | 16 +++++++-------- 8 files changed, 36 insertions(+), 36 deletions(-) diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json index 77f2dd25ca4..c0db053c3b8 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-arcsight.json-expected.json @@ -50,7 +50,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:016", @@ -129,7 +129,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:030", @@ -200,7 +200,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:044", @@ -279,7 +279,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "agent:031", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json index 7a80996e520..a5fb51150f5 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cef.json-expected.json @@ -31,7 +31,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -146,7 +146,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -227,7 +227,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", @@ -272,7 +272,7 @@ "ip": "192.168.1.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "18", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json index a49ee1778a5..02c76804e2d 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-checkpoint.json-expected.json @@ -77,7 +77,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Bypass", @@ -235,7 +235,7 @@ "ip": "::1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json index 8bc36f75b92..e2df8834f3e 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-cisco-asa.json-expected.json @@ -88,7 +88,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "305012", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json index fc22abc9dd9..b7ed142165a 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-fp-ngfw-smc.json-expected.json @@ -21,7 +21,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "0", @@ -66,7 +66,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "9005", @@ -122,7 +122,7 @@ "ip": "10.1.1.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Allow", @@ -213,7 +213,7 @@ "port": 67 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "70019", @@ -284,7 +284,7 @@ "ip": "192.168.1.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Refuse", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "70021", @@ -416,7 +416,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72714", @@ -474,7 +474,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72715", @@ -532,7 +532,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "72716", @@ -589,7 +589,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "78002", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json index ff52dd0538d..7f2030856d7 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-netscaler.json-expected.json @@ -28,7 +28,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blocked", @@ -86,7 +86,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -144,7 +144,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -202,7 +202,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -260,7 +260,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json index 5d17e684045..bde8532dfe1 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-syslog.json-expected.json @@ -56,7 +56,7 @@ "domain": "centos7" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Started", diff --git a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json index d0487cfd2be..271d6753a11 100644 --- a/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json +++ b/packages/cef/data_stream/log/_dev/test/pipeline/test-trend-micro.json-expected.json @@ -19,7 +19,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "600", @@ -82,7 +82,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Delete", @@ -143,7 +143,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "detectOnly", @@ -231,7 +231,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Log", @@ -286,7 +286,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updated", @@ -379,7 +379,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "IDS:Reset", @@ -446,7 +446,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "3002795", @@ -502,7 +502,7 @@ "version": "0" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "5000000", From fec2c8c1f8135d1db8e50bd4518f6a1671ded1aa Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:22:59 -0500 Subject: [PATCH 26/32] Updated pipeline tests for checkpoint --- .../pipeline/test-R80.X.log-expected.json | 4 +- .../pipeline/test-R81.X.log-expected.json | 2 +- ...est-checkpoint-with-time.log-expected.json | 4 +- .../test-checkpoint.log-expected.json | 42 +++++++++---------- .../test-trailing-space.log-expected.json | 2 +- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json index ac7b8506a6d..888c20e07e4 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R80.X.log-expected.json @@ -4,7 +4,7 @@ "@timestamp": "2022-07-06T15:53:08.000Z", "checkpoint": {}, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-failed", @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logged-in", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json index 1a42e608908..1d053e0abd3 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-R81.X.log-expected.json @@ -12,7 +12,7 @@ "packets": 30 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json index 96c19e2293d..b8bacc4ad15 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint-with-time.log-expected.json @@ -13,7 +13,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -91,7 +91,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json index f7a9fb25eb6..9d5138ef564 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-checkpoint.log-expected.json @@ -6,7 +6,7 @@ "sys_message": "The eth0 interface is not protected by the anti-spoofing feature. Your network may be at risk" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -41,7 +41,7 @@ "sys_message": "installed Standard" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -83,7 +83,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -166,7 +166,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -238,7 +238,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -302,7 +302,7 @@ "status": "Finished" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -353,7 +353,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -439,7 +439,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -498,7 +498,7 @@ "status": "Started" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -549,7 +549,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -621,7 +621,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -685,7 +685,7 @@ "status": "Finished" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -722,7 +722,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -786,7 +786,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -819,7 +819,7 @@ "update_status": "updated" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -937,7 +937,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Drop", @@ -992,7 +992,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1061,7 +1061,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1130,7 +1130,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", @@ -1199,7 +1199,7 @@ "port": 514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", diff --git a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json index 98eb790aee5..c4595c01ed1 100644 --- a/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json +++ b/packages/checkpoint/data_stream/firewall/_dev/test/pipeline/test-trailing-space.log-expected.json @@ -13,7 +13,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Accept", From 57f00733567022646d8fecf987b56f993dceb4bc Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:23:03 -0500 Subject: [PATCH 27/32] Updated pipeline tests for cisco_asa --- ...test-additional-messages.log-expected.json | 186 +++--- ...test-anyconnect-messages.log-expected.json | 24 +- .../pipeline/test-asa-fix.log-expected.json | 28 +- .../test-asa-missing-groups.log-expected.json | 10 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test-dap-records.log-expected.json | 2 +- .../pipeline/test-filtered.log-expected.json | 6 +- .../pipeline/test-hostnames.log-expected.json | 4 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 174 +++--- .../test/pipeline/test-sip.log-expected.json | 8 +- 11 files changed, 492 insertions(+), 492 deletions(-) diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json index 03359439d90..3f3848d737c 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log-expected.json @@ -22,7 +22,7 @@ "port": 53500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -109,7 +109,7 @@ "port": 53500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -188,7 +188,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -249,7 +249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -309,7 +309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -372,7 +372,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -447,7 +447,7 @@ "port": 111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -530,7 +530,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -603,7 +603,7 @@ "port": 67 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -679,7 +679,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -746,7 +746,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -790,7 +790,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -849,7 +849,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -911,7 +911,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -968,7 +968,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1032,7 +1032,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1167,7 +1167,7 @@ "port": 55225 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1255,7 +1255,7 @@ "port": 54839 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1334,7 +1334,7 @@ "port": 54230 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1411,7 +1411,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1481,7 +1481,7 @@ "port": 57006 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1554,7 +1554,7 @@ "port": 14322 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1627,7 +1627,7 @@ "port": 53356 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1713,7 +1713,7 @@ "port": 22638 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1800,7 +1800,7 @@ "port": 22638 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1880,7 +1880,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1954,7 +1954,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2022,7 +2022,7 @@ "port": 65020 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2163,7 +2163,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2233,7 +2233,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2304,7 +2304,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2378,7 +2378,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2452,7 +2452,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2525,7 +2525,7 @@ "port": 10051 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2604,7 +2604,7 @@ "port": 39222 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2677,7 +2677,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2729,7 +2729,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2788,7 +2788,7 @@ "port": 3452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2865,7 +2865,7 @@ "port": 6007 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2933,7 +2933,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2975,7 +2975,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 1985 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3087,7 +3087,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3129,7 +3129,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3178,7 +3178,7 @@ "ip": "10.10.10.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3255,7 +3255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3305,7 +3305,7 @@ "port": 2 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3380,7 +3380,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3450,7 +3450,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3511,7 +3511,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3572,7 +3572,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3633,7 +3633,7 @@ "ip": "10.20.30.40" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3711,7 +3711,7 @@ "port": 9101 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3803,7 +3803,7 @@ "port": 51635 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3880,7 +3880,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3947,7 +3947,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3997,7 +3997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4059,7 +4059,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4115,7 +4115,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4182,7 +4182,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4246,7 +4246,7 @@ "ip": "10.10.1.254" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4313,7 +4313,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4371,7 +4371,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4451,7 +4451,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4517,7 +4517,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4576,7 +4576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4648,7 +4648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4711,7 +4711,7 @@ "port": 23 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4794,7 +4794,7 @@ "port": 123123 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "bypass", @@ -4880,7 +4880,7 @@ "port": 514514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "drop", @@ -4957,7 +4957,7 @@ "port": 123412 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5039,7 +5039,7 @@ "port": 514514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5122,7 +5122,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "created", @@ -5194,7 +5194,7 @@ "ip": "192.168.2.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted", @@ -5274,7 +5274,7 @@ "port": 7777 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -5350,7 +5350,7 @@ "port": 7777 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5420,7 +5420,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5472,7 +5472,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5522,7 +5522,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5573,7 +5573,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5617,7 +5617,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5660,7 +5660,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5704,7 +5704,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "error", @@ -5755,7 +5755,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5830,7 +5830,7 @@ "ip": "172.31.98.44" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6024,7 +6024,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6117,7 +6117,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6169,7 +6169,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6221,7 +6221,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6273,7 +6273,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json index 741b94a1064..58bcc60068e 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-anyconnect-messages.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -82,7 +82,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -158,7 +158,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -234,7 +234,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -310,7 +310,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -386,7 +386,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -462,7 +462,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -538,7 +538,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -614,7 +614,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -662,7 +662,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-error", @@ -738,7 +738,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-connected", @@ -814,7 +814,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "client-vpn-disconnected", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index a30edfa1956..8d2acafcade 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -102,7 +102,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -247,7 +247,7 @@ "port": 57621 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -324,7 +324,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -452,7 +452,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -592,7 +592,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -663,7 +663,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -751,7 +751,7 @@ "port": 8080 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -852,7 +852,7 @@ "port": 9803 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -963,7 +963,7 @@ "port": 9803 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1080,7 +1080,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json index 8712d6d5bd8..119535207e5 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-missing-groups.log-expected.json @@ -25,7 +25,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -98,7 +98,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -152,7 +152,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -185,7 +185,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index 5eed00a66b2..d53b28a5a66 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -97,7 +97,7 @@ "port": 1772 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -177,7 +177,7 @@ "port": 1758 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -262,7 +262,7 @@ "port": 1757 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -347,7 +347,7 @@ "port": 1755 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -432,7 +432,7 @@ "port": 1754 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -517,7 +517,7 @@ "port": 1752 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -602,7 +602,7 @@ "port": 1749 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -687,7 +687,7 @@ "port": 1750 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -772,7 +772,7 @@ "port": 1747 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -857,7 +857,7 @@ "port": 1742 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -942,7 +942,7 @@ "port": 1741 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1027,7 +1027,7 @@ "port": 1739 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1112,7 +1112,7 @@ "port": 1740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1197,7 +1197,7 @@ "port": 1738 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1282,7 +1282,7 @@ "port": 1756 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1367,7 +1367,7 @@ "port": 1737 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1452,7 +1452,7 @@ "port": 1736 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1537,7 +1537,7 @@ "port": 1765 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1621,7 +1621,7 @@ "port": 1188 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1704,7 +1704,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1784,7 +1784,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1872,7 +1872,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1952,7 +1952,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2035,7 +2035,7 @@ "port": 8257 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2118,7 +2118,7 @@ "port": 1773 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2197,7 +2197,7 @@ "port": 8258 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2280,7 +2280,7 @@ "port": 1774 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2364,7 +2364,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2448,7 +2448,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2528,7 +2528,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2612,7 +2612,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2695,7 +2695,7 @@ "port": 8259 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2778,7 +2778,7 @@ "port": 1775 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2857,7 +2857,7 @@ "port": 1189 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2940,7 +2940,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3024,7 +3024,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3104,7 +3104,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3188,7 +3188,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3271,7 +3271,7 @@ "port": 8265 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3354,7 +3354,7 @@ "port": 1452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3438,7 +3438,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3522,7 +3522,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3602,7 +3602,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3686,7 +3686,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3769,7 +3769,7 @@ "port": 8266 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3852,7 +3852,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3932,7 +3932,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4021,7 +4021,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4101,7 +4101,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4185,7 +4185,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4268,7 +4268,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4351,7 +4351,7 @@ "port": 1454 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4430,7 +4430,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4513,7 +4513,7 @@ "port": 1455 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4592,7 +4592,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4675,7 +4675,7 @@ "port": 1456 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4759,7 +4759,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4839,7 +4839,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4922,7 +4922,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5005,7 +5005,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5084,7 +5084,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5167,7 +5167,7 @@ "port": 1458 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5251,7 +5251,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5331,7 +5331,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5415,7 +5415,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5498,7 +5498,7 @@ "port": 1459 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5578,7 +5578,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5661,7 +5661,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5744,7 +5744,7 @@ "port": 1460 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5823,7 +5823,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5905,7 +5905,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5988,7 +5988,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6067,7 +6067,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6149,7 +6149,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6231,7 +6231,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6313,7 +6313,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6395,7 +6395,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6477,7 +6477,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6560,7 +6560,7 @@ "port": 1382 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6645,7 +6645,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6729,7 +6729,7 @@ "port": 8278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6812,7 +6812,7 @@ "port": 1386 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6892,7 +6892,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6973,7 +6973,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7054,7 +7054,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7135,7 +7135,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7216,7 +7216,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7297,7 +7297,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7378,7 +7378,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7459,7 +7459,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7540,7 +7540,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7621,7 +7621,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7702,7 +7702,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7783,7 +7783,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7864,7 +7864,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7944,7 +7944,7 @@ "port": 8279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8027,7 +8027,7 @@ "port": 1275 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8106,7 +8106,7 @@ "port": 1190 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8189,7 +8189,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8269,7 +8269,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8357,7 +8357,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8437,7 +8437,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8520,7 +8520,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8603,7 +8603,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8682,7 +8682,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8765,7 +8765,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8845,7 +8845,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8929,7 +8929,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9012,7 +9012,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9092,7 +9092,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9176,7 +9176,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9259,7 +9259,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9339,7 +9339,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9424,7 +9424,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9508,7 +9508,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9591,7 +9591,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9671,7 +9671,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9755,7 +9755,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9838,7 +9838,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9917,7 +9917,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10000,7 +10000,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10079,7 +10079,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10162,7 +10162,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10241,7 +10241,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10324,7 +10324,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10404,7 +10404,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10489,7 +10489,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10574,7 +10574,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10658,7 +10658,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10741,7 +10741,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10820,7 +10820,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10903,7 +10903,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10983,7 +10983,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11067,7 +11067,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11150,7 +11150,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11230,7 +11230,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11315,7 +11315,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11404,7 +11404,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11483,7 +11483,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11566,7 +11566,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11646,7 +11646,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11734,7 +11734,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11814,7 +11814,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11897,7 +11897,7 @@ "port": 8293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11980,7 +11980,7 @@ "port": 1289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12060,7 +12060,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12145,7 +12145,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12234,7 +12234,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12314,7 +12314,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12397,7 +12397,7 @@ "port": 8294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12480,7 +12480,7 @@ "port": 1290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12560,7 +12560,7 @@ "port": 68 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12643,7 +12643,7 @@ "port": 8276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12730,7 +12730,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12814,7 +12814,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12894,7 +12894,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12982,7 +12982,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13062,7 +13062,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13146,7 +13146,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13234,7 +13234,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13314,7 +13314,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13397,7 +13397,7 @@ "port": 8295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13480,7 +13480,7 @@ "port": 1291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13564,7 +13564,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13644,7 +13644,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13727,7 +13727,7 @@ "port": 8296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13810,7 +13810,7 @@ "port": 1292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13889,7 +13889,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13972,7 +13972,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14051,7 +14051,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14134,7 +14134,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14214,7 +14214,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14298,7 +14298,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14381,7 +14381,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14460,7 +14460,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14543,7 +14543,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14623,7 +14623,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14708,7 +14708,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14793,7 +14793,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14877,7 +14877,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14960,7 +14960,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15039,7 +15039,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15122,7 +15122,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15206,7 +15206,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15286,7 +15286,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15370,7 +15370,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15454,7 +15454,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15537,7 +15537,7 @@ "port": 1299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15616,7 +15616,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15699,7 +15699,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15779,7 +15779,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15864,7 +15864,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15948,7 +15948,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16031,7 +16031,7 @@ "port": 1301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16110,7 +16110,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16193,7 +16193,7 @@ "port": 1302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16272,7 +16272,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16354,7 +16354,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16436,7 +16436,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16518,7 +16518,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16600,7 +16600,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16682,7 +16682,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16764,7 +16764,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16846,7 +16846,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16928,7 +16928,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17010,7 +17010,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17092,7 +17092,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17174,7 +17174,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17256,7 +17256,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17338,7 +17338,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17420,7 +17420,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17502,7 +17502,7 @@ "port": 8308 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17585,7 +17585,7 @@ "port": 1304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17664,7 +17664,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17746,7 +17746,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17833,7 +17833,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17917,7 +17917,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17997,7 +17997,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18081,7 +18081,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18164,7 +18164,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18247,7 +18247,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18326,7 +18326,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18408,7 +18408,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18490,7 +18490,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18572,7 +18572,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18654,7 +18654,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18736,7 +18736,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18818,7 +18818,7 @@ "port": 8307 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18901,7 +18901,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -18986,7 +18986,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19067,7 +19067,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19148,7 +19148,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19228,7 +19228,7 @@ "port": 8310 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19311,7 +19311,7 @@ "port": 1306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19391,7 +19391,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19472,7 +19472,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19553,7 +19553,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19634,7 +19634,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19715,7 +19715,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19877,7 +19877,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19958,7 +19958,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20039,7 +20039,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20120,7 +20120,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20201,7 +20201,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20282,7 +20282,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20363,7 +20363,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20444,7 +20444,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20525,7 +20525,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20606,7 +20606,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20687,7 +20687,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20768,7 +20768,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20849,7 +20849,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20930,7 +20930,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21011,7 +21011,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21092,7 +21092,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21173,7 +21173,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21254,7 +21254,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21335,7 +21335,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21416,7 +21416,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21497,7 +21497,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21578,7 +21578,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21659,7 +21659,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21740,7 +21740,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21821,7 +21821,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21902,7 +21902,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -21983,7 +21983,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json index c7a8a6ac25d..c3ca4880622 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-dap-records.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index f628e5601ae..26566f2aca2 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "asa": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -102,7 +102,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json index c0d95f0f88e..eee4cc43a51 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-hostnames.log-expected.json @@ -11,7 +11,7 @@ "domain": "target.destination.hostname.local" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -77,7 +77,7 @@ "ip": "192.168.2.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index c3cb4660c50..85d7c2556fc 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -176,7 +176,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 9a032bb790a..48b9ef89d59 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -85,7 +85,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -156,7 +156,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -226,7 +226,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -303,7 +303,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -379,7 +379,7 @@ "port": 12834 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -454,7 +454,7 @@ "port": 4952 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -522,7 +522,7 @@ "port": 25882 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -597,7 +597,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -669,7 +669,7 @@ "port": 45392 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -745,7 +745,7 @@ "port": 4953 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -815,7 +815,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -893,7 +893,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -973,7 +973,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1037,7 +1037,7 @@ "port": 10879 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1113,7 +1113,7 @@ "port": 4954 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1179,7 +1179,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1241,7 +1241,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1311,7 +1311,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1381,7 +1381,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1451,7 +1451,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1521,7 +1521,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1591,7 +1591,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1661,7 +1661,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1731,7 +1731,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1801,7 +1801,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1871,7 +1871,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1939,7 +1939,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2001,7 +2001,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2063,7 +2063,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2133,7 +2133,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2203,7 +2203,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2273,7 +2273,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2343,7 +2343,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2413,7 +2413,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2483,7 +2483,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2553,7 +2553,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2623,7 +2623,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2694,7 +2694,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2768,7 +2768,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2840,7 +2840,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2913,7 +2913,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2990,7 +2990,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3140,7 +3140,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3217,7 +3217,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3294,7 +3294,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3369,7 +3369,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3435,7 +3435,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3503,7 +3503,7 @@ "port": 5000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3580,7 +3580,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3656,7 +3656,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3728,7 +3728,7 @@ "port": 1235 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3805,7 +3805,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3875,7 +3875,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3938,7 +3938,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4001,7 +4001,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4064,7 +4064,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4127,7 +4127,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4190,7 +4190,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4253,7 +4253,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4316,7 +4316,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4382,7 +4382,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4454,7 +4454,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4521,7 +4521,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4590,7 +4590,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4677,7 +4677,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4757,7 +4757,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4826,7 +4826,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4879,7 +4879,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4936,7 +4936,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5020,7 +5020,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5093,7 +5093,7 @@ "ip": "172.17.6.211" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5178,7 +5178,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5288,7 +5288,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5400,7 +5400,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5495,7 +5495,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5594,7 +5594,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5687,7 +5687,7 @@ "port": 18449 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5764,7 +5764,7 @@ "ip": "ff02::1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5836,7 +5836,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5925,7 +5925,7 @@ "port": 50120 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6028,7 +6028,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6130,7 +6130,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6227,7 +6227,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6334,7 +6334,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6438,7 +6438,7 @@ "ip": "81.2.69.193" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted", diff --git a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json index 86939376377..90a9c8e4bb1 100644 --- a/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json +++ b/packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-sip.log-expected.json @@ -16,7 +16,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -83,7 +83,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -150,7 +150,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -217,7 +217,7 @@ "port": 5060 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", From b0671cf267cb1fffb59633772413e90447549f8b Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:23:04 -0500 Subject: [PATCH 28/32] Updated pipeline tests for cisco_duo --- .../pipeline/test-admin.log-expected.json | 16 ++++----- .../test/pipeline/test-auth.log-expected.json | 34 +++++++++---------- .../test-offline-enrollment.log-expected.json | 2 +- .../pipeline/test-summary.log-expected.json | 8 ++--- .../pipeline/test-telephony.log-expected.json | 6 ++-- 5 files changed, 33 insertions(+), 33 deletions(-) diff --git a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json index f4850dd49f2..60a46a1939b 100644 --- a/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json +++ b/packages/cisco_duo/data_stream/admin/_dev/test/pipeline/test-admin.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_begin", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_activate_duo_push", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_begin", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "activation_set_password", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_self_activate", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "admin_update", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_update", @@ -257,7 +257,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_update", diff --git a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json index f2e2034ce42..648694d8a84 100644 --- a/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json +++ b/packages/cisco_duo/data_stream/auth/_dev/test/pipeline/test-auth.log-expected.json @@ -40,7 +40,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -284,7 +284,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -735,7 +735,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -837,7 +837,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -940,7 +940,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1043,7 +1043,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1352,7 +1352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1451,7 +1451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1546,7 +1546,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1641,7 +1641,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", @@ -1726,7 +1726,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "authentication", diff --git a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json index 03f5e9db100..885ea331579 100644 --- a/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json +++ b/packages/cisco_duo/data_stream/offline_enrollment/_dev/test/pipeline/test-offline-enrollment.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"action\": \"o2fa_user_provisioned\",\"description\": \"{\\\"user_agent\\\": \\\"DuoCredProv/4.0.6.413 (Windows NT 6.3.9600; x64; Server)\\\", \\\"hostname\\\": \\\"WKSW10x64\\\", \\\"factor\\\": \\\"duo_otp\\\"}\",\"isotimestamp\": \"2019-08-30T16:10:05+00:00\",\"object\": \"Acme Laptop Windows Logon\",\"timestamp\": 1567181405,\"username\": \"narroway\"}" diff --git a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json index 77e92617347..5a48cd28d52 100644 --- a/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json +++ b/packages/cisco_duo/data_stream/summary/_dev/test/pipeline/test-summary.log-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2022-07-14T12:19:12.108699204Z", + "@timestamp": "2022-07-27T02:23:04.309812405Z", "cisco_duo": { "summary": { "admin_count": 6, @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"response\":{\"admin_count\":6,\"integration_count\":5,\"telephony_credits_remaining\":473,\"user_count\":4},\"stat\":\"OK\"}" @@ -21,7 +21,7 @@ ] }, { - "@timestamp": "2022-07-14T12:19:12.108704244Z", + "@timestamp": "2022-07-27T02:23:04.309819920Z", "cisco_duo": { "summary": { "admin_count": 3, @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "{\"response\":{\"admin_count\":3,\"integration_count\":9,\"telephony_credits_remaining\":960,\"user_count\":8},\"stat\":\"OK\"}" diff --git a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json index 9db310847e3..1d088c2d27a 100644 --- a/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json +++ b/packages/cisco_duo/data_stream/telephony/_dev/test/pipeline/test-telephony.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", From 9e40edcfcc32743fc6b0963e319086abb2ded0e1 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:23:07 -0500 Subject: [PATCH 29/32] Updated pipeline tests for cisco_ftd --- .../pipeline/test-asa-fix.log-expected.json | 10 +- .../test/pipeline/test-asa.log-expected.json | 536 +++++++++--------- .../test/pipeline/test-dns.log-expected.json | 42 +- .../pipeline/test-filtered.log-expected.json | 4 +- ...est-firepower-management.log-expected.json | 68 +-- .../pipeline/test-intrusion.log-expected.json | 8 +- .../test-no-type-id.log-expected.json | 8 +- .../pipeline/test-not-ip.log-expected.json | 6 +- .../pipeline/test-sample.log-expected.json | 142 ++--- ...test-security-connection.log-expected.json | 20 +- ...st-security-file-malware.log-expected.json | 22 +- ...st-security-malware-site.log-expected.json | 2 +- 12 files changed, 434 insertions(+), 434 deletions(-) diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json index f7d57b865be..3068e9c9cac 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa-fix.log-expected.json @@ -17,7 +17,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -95,7 +95,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -169,7 +169,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -238,7 +238,7 @@ "port": 57621 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -308,7 +308,7 @@ "ip": "10.123.123.123" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json index a841d5d6e17..0d439f79cce 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-asa.log-expected.json @@ -14,7 +14,7 @@ "port": 8256 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -96,7 +96,7 @@ "port": 1772 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -175,7 +175,7 @@ "port": 1758 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -259,7 +259,7 @@ "port": 1757 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -343,7 +343,7 @@ "port": 1755 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -427,7 +427,7 @@ "port": 1754 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -511,7 +511,7 @@ "port": 1752 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -595,7 +595,7 @@ "port": 1749 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -679,7 +679,7 @@ "port": 1750 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -763,7 +763,7 @@ "port": 1747 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -847,7 +847,7 @@ "port": 1742 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -931,7 +931,7 @@ "port": 1741 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1015,7 +1015,7 @@ "port": 1739 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1099,7 +1099,7 @@ "port": 1740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1183,7 +1183,7 @@ "port": 1738 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1267,7 +1267,7 @@ "port": 1756 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1351,7 +1351,7 @@ "port": 1737 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1435,7 +1435,7 @@ "port": 1736 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1519,7 +1519,7 @@ "port": 1765 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1602,7 +1602,7 @@ "port": 1188 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1684,7 +1684,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1850,7 +1850,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1929,7 +1929,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2011,7 +2011,7 @@ "port": 8257 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2093,7 +2093,7 @@ "port": 1773 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2171,7 +2171,7 @@ "port": 8258 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2253,7 +2253,7 @@ "port": 1774 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2336,7 +2336,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2419,7 +2419,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2498,7 +2498,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2581,7 +2581,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -2663,7 +2663,7 @@ "port": 8259 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2745,7 +2745,7 @@ "port": 1775 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2823,7 +2823,7 @@ "port": 1189 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2905,7 +2905,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2988,7 +2988,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3067,7 +3067,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3150,7 +3150,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3232,7 +3232,7 @@ "port": 8265 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3314,7 +3314,7 @@ "port": 1452 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3397,7 +3397,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3480,7 +3480,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3642,7 +3642,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3724,7 +3724,7 @@ "port": 8266 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3806,7 +3806,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3885,7 +3885,7 @@ "port": 1453 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3973,7 +3973,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4052,7 +4052,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4135,7 +4135,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4217,7 +4217,7 @@ "port": 8267 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4299,7 +4299,7 @@ "port": 1454 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4377,7 +4377,7 @@ "port": 8268 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4459,7 +4459,7 @@ "port": 1455 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4537,7 +4537,7 @@ "port": 8269 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4619,7 +4619,7 @@ "port": 1456 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4702,7 +4702,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4781,7 +4781,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -4863,7 +4863,7 @@ "port": 8270 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4945,7 +4945,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5023,7 +5023,7 @@ "port": 8271 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5105,7 +5105,7 @@ "port": 1458 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5188,7 +5188,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5267,7 +5267,7 @@ "port": 1457 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5350,7 +5350,7 @@ "port": 8272 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5432,7 +5432,7 @@ "port": 1459 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5511,7 +5511,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -5593,7 +5593,7 @@ "port": 8273 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5675,7 +5675,7 @@ "port": 1460 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5745,7 +5745,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5799,7 +5799,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5881,7 +5881,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5951,7 +5951,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -5997,7 +5997,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6043,7 +6043,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6089,7 +6089,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6135,7 +6135,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6181,7 +6181,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6236,7 +6236,7 @@ "port": 1382 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6320,7 +6320,7 @@ "port": 1385 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -6403,7 +6403,7 @@ "port": 8278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6485,7 +6485,7 @@ "port": 1386 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6564,7 +6564,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6644,7 +6644,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6724,7 +6724,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6804,7 +6804,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6884,7 +6884,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -6964,7 +6964,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7044,7 +7044,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7124,7 +7124,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7204,7 +7204,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7284,7 +7284,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7364,7 +7364,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7444,7 +7444,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7524,7 +7524,7 @@ "port": 8277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7603,7 +7603,7 @@ "port": 8279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7685,7 +7685,7 @@ "port": 1275 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7763,7 +7763,7 @@ "port": 1190 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7845,7 +7845,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -7924,7 +7924,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8011,7 +8011,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8090,7 +8090,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8172,7 +8172,7 @@ "port": 8280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8254,7 +8254,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8332,7 +8332,7 @@ "port": 8281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8414,7 +8414,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8493,7 +8493,7 @@ "port": 1276 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8576,7 +8576,7 @@ "port": 8282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8658,7 +8658,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8737,7 +8737,7 @@ "port": 1277 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -8820,7 +8820,7 @@ "port": 8283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8902,7 +8902,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -8981,7 +8981,7 @@ "port": 1278 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9065,7 +9065,7 @@ "port": 1279 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9148,7 +9148,7 @@ "port": 8284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9230,7 +9230,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9309,7 +9309,7 @@ "port": 1280 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -9392,7 +9392,7 @@ "port": 8285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9474,7 +9474,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9552,7 +9552,7 @@ "port": 8286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9634,7 +9634,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9712,7 +9712,7 @@ "port": 8287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9794,7 +9794,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9872,7 +9872,7 @@ "port": 8288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -9954,7 +9954,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10033,7 +10033,7 @@ "port": 1281 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10117,7 +10117,7 @@ "port": 1282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10201,7 +10201,7 @@ "port": 1283 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10284,7 +10284,7 @@ "port": 8289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10366,7 +10366,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10444,7 +10444,7 @@ "port": 8290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10526,7 +10526,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10605,7 +10605,7 @@ "port": 1284 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10688,7 +10688,7 @@ "port": 8291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10770,7 +10770,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -10849,7 +10849,7 @@ "port": 1285 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -10933,7 +10933,7 @@ "port": 1286 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11021,7 +11021,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11099,7 +11099,7 @@ "port": 8292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11181,7 +11181,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11260,7 +11260,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11347,7 +11347,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11426,7 +11426,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11508,7 +11508,7 @@ "port": 8293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11590,7 +11590,7 @@ "port": 1289 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11669,7 +11669,7 @@ "port": 1288 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11753,7 +11753,7 @@ "port": 1287 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -11841,7 +11841,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -11920,7 +11920,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12002,7 +12002,7 @@ "port": 8294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12084,7 +12084,7 @@ "port": 1290 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12163,7 +12163,7 @@ "port": 68 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12237,7 +12237,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12296,7 +12296,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12379,7 +12379,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12458,7 +12458,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12545,7 +12545,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12624,7 +12624,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12707,7 +12707,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12794,7 +12794,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -12873,7 +12873,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -12955,7 +12955,7 @@ "port": 8295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13037,7 +13037,7 @@ "port": 1291 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13120,7 +13120,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13199,7 +13199,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13281,7 +13281,7 @@ "port": 8296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13363,7 +13363,7 @@ "port": 1292 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13441,7 +13441,7 @@ "port": 8297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13523,7 +13523,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13601,7 +13601,7 @@ "port": 8298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13683,7 +13683,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13762,7 +13762,7 @@ "port": 1293 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -13845,7 +13845,7 @@ "port": 8299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -13927,7 +13927,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14005,7 +14005,7 @@ "port": 8300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14087,7 +14087,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14166,7 +14166,7 @@ "port": 1294 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14250,7 +14250,7 @@ "port": 1295 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14334,7 +14334,7 @@ "port": 1296 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14417,7 +14417,7 @@ "port": 8301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14499,7 +14499,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14577,7 +14577,7 @@ "port": 8302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14659,7 +14659,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14742,7 +14742,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -14821,7 +14821,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14904,7 +14904,7 @@ "port": 1297 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -14987,7 +14987,7 @@ "port": 8303 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15069,7 +15069,7 @@ "port": 1299 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15147,7 +15147,7 @@ "port": 8304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15229,7 +15229,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15308,7 +15308,7 @@ "port": 1298 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15392,7 +15392,7 @@ "port": 1300 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -15475,7 +15475,7 @@ "port": 8305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15557,7 +15557,7 @@ "port": 1301 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15635,7 +15635,7 @@ "port": 8306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15717,7 +15717,7 @@ "port": 1302 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15787,7 +15787,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15833,7 +15833,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15879,7 +15879,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15925,7 +15925,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -15971,7 +15971,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16017,7 +16017,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16063,7 +16063,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16109,7 +16109,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16155,7 +16155,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16201,7 +16201,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16247,7 +16247,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16293,7 +16293,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16339,7 +16339,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16385,7 +16385,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16431,7 +16431,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16485,7 +16485,7 @@ "port": 8308 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16567,7 +16567,7 @@ "port": 1304 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16637,7 +16637,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16683,7 +16683,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16742,7 +16742,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16825,7 +16825,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -16904,7 +16904,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -16987,7 +16987,7 @@ "port": 56132 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17069,7 +17069,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17151,7 +17151,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17221,7 +17221,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17267,7 +17267,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17313,7 +17313,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17359,7 +17359,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17405,7 +17405,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17451,7 +17451,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17497,7 +17497,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17552,7 +17552,7 @@ "port": 1305 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -17636,7 +17636,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17716,7 +17716,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17796,7 +17796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17875,7 +17875,7 @@ "port": 8310 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -17957,7 +17957,7 @@ "port": 1306 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18036,7 +18036,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18116,7 +18116,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18196,7 +18196,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18276,7 +18276,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18356,7 +18356,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18436,7 +18436,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18516,7 +18516,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18596,7 +18596,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18676,7 +18676,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18756,7 +18756,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18836,7 +18836,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18916,7 +18916,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -18996,7 +18996,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19076,7 +19076,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19156,7 +19156,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19236,7 +19236,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19316,7 +19316,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19396,7 +19396,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19476,7 +19476,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19556,7 +19556,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19636,7 +19636,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19716,7 +19716,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19796,7 +19796,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19876,7 +19876,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -19956,7 +19956,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20036,7 +20036,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20116,7 +20116,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20196,7 +20196,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20276,7 +20276,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20356,7 +20356,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20436,7 +20436,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20516,7 +20516,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -20596,7 +20596,7 @@ "port": 8309 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json index 5cfb56125c5..cf5f1222fd1 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -66,7 +66,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -210,7 +210,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -352,7 +352,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -496,7 +496,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -639,7 +639,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -781,7 +781,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -926,7 +926,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1068,7 +1068,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1211,7 +1211,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1355,7 +1355,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1497,7 +1497,7 @@ "response_code": "REFUSED" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1633,7 +1633,7 @@ "response_code": "SERVFAIL" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1776,7 +1776,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1918,7 +1918,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2061,7 +2061,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2205,7 +2205,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2347,7 +2347,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2489,7 +2489,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2631,7 +2631,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2771,7 +2771,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -2915,7 +2915,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json index 02ab7826062..9dddb30f752 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-filtered.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -52,7 +52,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json index 780a0c8be4e..1fdc9b0b368 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-firepower-management.log-expected.json @@ -6,7 +6,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -46,7 +46,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -86,7 +86,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -126,7 +126,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -166,7 +166,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -206,7 +206,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -246,7 +246,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -286,7 +286,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -326,7 +326,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -366,7 +366,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -406,7 +406,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -446,7 +446,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -486,7 +486,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -526,7 +526,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -566,7 +566,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -606,7 +606,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -646,7 +646,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -686,7 +686,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -726,7 +726,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -766,7 +766,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -806,7 +806,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -846,7 +846,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -886,7 +886,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -926,7 +926,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -966,7 +966,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1006,7 +1006,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1046,7 +1046,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1086,7 +1086,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1126,7 +1126,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1166,7 +1166,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1206,7 +1206,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1246,7 +1246,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1286,7 +1286,7 @@ "ftd": {} }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", @@ -1327,7 +1327,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json index 3dfe0e7fb36..c39e86bb87a 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-intrusion.log-expected.json @@ -41,7 +41,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -154,7 +154,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -265,7 +265,7 @@ "port": 39114 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -374,7 +374,7 @@ "port": 40740 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json index 5328c4648bd..b34f1959c10 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-no-type-id.log-expected.json @@ -18,7 +18,7 @@ "ip": "10.8.12.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "intrusion-detected", @@ -139,7 +139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -209,7 +209,7 @@ "port": 64311 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json index 40cab18f060..b2b3e9b382e 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-not-ip.log-expected.json @@ -27,7 +27,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -104,7 +104,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -175,7 +175,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json index 13bd2c2ebe4..e50a3d31da3 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-sample.log-expected.json @@ -15,7 +15,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -84,7 +84,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -154,7 +154,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -223,7 +223,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -299,7 +299,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -374,7 +374,7 @@ "port": 12834 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -448,7 +448,7 @@ "port": 4952 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -515,7 +515,7 @@ "port": 25882 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -589,7 +589,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -660,7 +660,7 @@ "port": 45392 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -735,7 +735,7 @@ "port": 4953 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -804,7 +804,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -878,7 +878,7 @@ "port": 52925 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -947,7 +947,7 @@ "ip": "172.24.177.29" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -1010,7 +1010,7 @@ "port": 10879 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1085,7 +1085,7 @@ "port": 4954 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1150,7 +1150,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1211,7 +1211,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1280,7 +1280,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1349,7 +1349,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1418,7 +1418,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1487,7 +1487,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1556,7 +1556,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1625,7 +1625,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1694,7 +1694,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1763,7 +1763,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1832,7 +1832,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1899,7 +1899,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -1960,7 +1960,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2021,7 +2021,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2090,7 +2090,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2159,7 +2159,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2228,7 +2228,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2297,7 +2297,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2366,7 +2366,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2435,7 +2435,7 @@ "port": 8111 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2504,7 +2504,7 @@ "port": 40443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2573,7 +2573,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2643,7 +2643,7 @@ "port": 2000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2716,7 +2716,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2791,7 +2791,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2867,7 +2867,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -2947,7 +2947,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3026,7 +3026,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3101,7 +3101,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3181,7 +3181,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3261,7 +3261,7 @@ "port": 5678 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3339,7 +3339,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3408,7 +3408,7 @@ "port": 5679 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3479,7 +3479,7 @@ "port": 5000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3559,7 +3559,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3638,7 +3638,7 @@ "port": 65000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3713,7 +3713,7 @@ "port": 1235 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3793,7 +3793,7 @@ "port": 500 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow-expiration", @@ -3862,7 +3862,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3925,7 +3925,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -3988,7 +3988,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4051,7 +4051,7 @@ "ip": "192.168.99.47" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4114,7 +4114,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4177,7 +4177,7 @@ "ip": "192.168.99.57" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4240,7 +4240,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4303,7 +4303,7 @@ "ip": "192.168.1.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4369,7 +4369,7 @@ "port": 25 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4440,7 +4440,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4507,7 +4507,7 @@ "ip": "172.16.1.10" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4575,7 +4575,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4664,7 +4664,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4747,7 +4747,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4815,7 +4815,7 @@ "ip": "192.168.2.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4868,7 +4868,7 @@ "ip": "192.168.2.32" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", @@ -4925,7 +4925,7 @@ "ip": "192.168.0.19" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "firewall-rule", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json index e6f543375d8..19ddf72218c 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-connection.log-expected.json @@ -42,7 +42,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -157,7 +157,7 @@ "packets": 1 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -296,7 +296,7 @@ "response_code": "NOERROR" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -436,7 +436,7 @@ "response_code": "NXDOMAIN" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -565,7 +565,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -698,7 +698,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -845,7 +845,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -977,7 +977,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", @@ -1108,7 +1108,7 @@ "packets": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-started", @@ -1229,7 +1229,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json index a49552919ed..ecb41ff16d1 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-file-malware.log-expected.json @@ -31,7 +31,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -132,7 +132,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -233,7 +233,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -334,7 +334,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -439,7 +439,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -551,7 +551,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file-detected", @@ -667,7 +667,7 @@ "port": 8000 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -794,7 +794,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -909,7 +909,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -1036,7 +1036,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", @@ -1166,7 +1166,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware-detected", diff --git a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json index e0822d23fab..c795eee96f6 100644 --- a/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json +++ b/packages/cisco_ftd/data_stream/log/_dev/test/pipeline/test-security-malware-site.log-expected.json @@ -64,7 +64,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connection-finished", From b85bcee9623c2a87feb610e3020038bec4e83199 Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:23:09 -0500 Subject: [PATCH 30/32] Updated pipeline tests for cisco_ios --- .../pipeline/test-cisco-ios.log-expected.json | 38 +++++++++---------- ...est-date-format-tzoffset.log-expected.json | 4 +- .../test-date-format.log-expected.json | 36 +++++++++--------- .../pipeline/test-syslog.log-expected.json | 8 ++-- 4 files changed, 43 insertions(+), 43 deletions(-) diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json index eae37c1fbbc..138b3f0a0ec 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-cisco-ios.log-expected.json @@ -13,7 +13,7 @@ "ip": "224.0.0.22" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -66,7 +66,7 @@ "ip": "224.0.0.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -122,7 +122,7 @@ "ip": "255.255.255.255" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -184,7 +184,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "allow", @@ -247,7 +247,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -301,7 +301,7 @@ "ip": "192.168.100.2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -359,7 +359,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -444,7 +444,7 @@ "port": 15600 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -511,7 +511,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -560,7 +560,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -595,7 +595,7 @@ "ip": "192.168.100.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -665,7 +665,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -718,7 +718,7 @@ "port": 22 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -830,7 +830,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "multicast-join", @@ -890,7 +890,7 @@ "ip": "10.3.66.3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "multicast-join", @@ -936,7 +936,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -966,7 +966,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json index 1e837fac928..8412583213a 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format-tzoffset.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json index 2760d6a4491..a9bccd285da 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-date-format.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -39,7 +39,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -70,7 +70,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -101,7 +101,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -132,7 +132,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -163,7 +163,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -194,7 +194,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -256,7 +256,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -380,7 +380,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -411,7 +411,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -473,7 +473,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json index b45d868763a..b2bc1e4f554 100644 --- a/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json +++ b/packages/cisco_ios/data_stream/log/_dev/test/pipeline/test-syslog.log-expected.json @@ -8,7 +8,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -72,7 +72,7 @@ "ip": "10.100.8.34" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deny", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", From 36c22c8ccd9e1603a99589cf90914b6e9ddb4e0e Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 21:23:14 -0500 Subject: [PATCH 31/32] Updated pipeline tests for cisco_ise --- ...st-pipeline-ad-connector.log-expected.json | 26 ++++---- ...ve-and-operational-audit.log-expected.json | 66 +++++++++---------- ...ication-flow-diagnostics.log-expected.json | 20 +++--- ...pipeline-failed-attempts.log-expected.json | 14 ++-- .../test-pipeline-guest.log-expected.json | 10 +-- ...ntity-stores-diagnostics.log-expected.json | 34 +++++----- ...l-operations-diagnostics.log-expected.json | 12 ++-- ...test-pipeline-my-devices.log-expected.json | 8 +-- ...e-passed-authentications.log-expected.json | 10 +-- ...eline-policy-diagnostics.log-expected.json | 16 ++--- ...lient-provisioning-audit.log-expected.json | 4 +- ...peline-radius-accounting.log-expected.json | 6 +- ...eline-radius-diagnostics.log-expected.json | 54 +++++++-------- ...peline-system-statistics.log-expected.json | 12 ++-- ...peline-tacacs-accounting.log-expected.json | 8 +-- ...eline-threat-centric-nac.log-expected.json | 8 +-- 16 files changed, 154 insertions(+), 154 deletions(-) diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json index 9895ae95e3c..dfa9c98785c 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-ad-connector.log-expected.json @@ -35,7 +35,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -181,7 +181,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -250,7 +250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -385,7 +385,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -451,7 +451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -589,7 +589,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -652,7 +652,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -717,7 +717,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ad-connector", @@ -780,7 +780,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -830,7 +830,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json index e2feede14c5..9d10dded8c8 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-administrative-and-operational-audit.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -191,7 +191,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -268,7 +268,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -437,7 +437,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -525,7 +525,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -607,7 +607,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "feedservice", @@ -668,7 +668,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "feedservice", @@ -743,7 +743,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -981,7 +981,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap-tls", @@ -1058,7 +1058,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap-tls", @@ -1138,7 +1138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -1241,7 +1241,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -1324,7 +1324,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -1417,7 +1417,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "process-management", @@ -1499,7 +1499,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1580,7 +1580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1661,7 +1661,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -1737,7 +1737,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1813,7 +1813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1890,7 +1890,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -1967,7 +1967,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -2044,7 +2044,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "administrator-login", @@ -2113,7 +2113,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -2173,7 +2173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -2249,7 +2249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2357,7 +2357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2451,7 +2451,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2541,7 +2541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", @@ -2626,7 +2626,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "configuration-changes", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json index 8a22bed20f2..0eea31ce52f 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-authentication-flow-diagnostics.log-expected.json @@ -63,7 +63,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -171,7 +171,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -277,7 +277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication", @@ -383,7 +383,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -491,7 +491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -597,7 +597,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -713,7 +713,7 @@ "ip": "10.0.9.204" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -824,7 +824,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "workflow", @@ -916,7 +916,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication", @@ -997,7 +997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json index 4de3127c61c..5b4d50e3147 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-failed-attempts.log-expected.json @@ -84,7 +84,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -269,7 +269,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -355,7 +355,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -495,7 +495,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -680,7 +680,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1108,7 +1108,7 @@ "port": 1645 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "failed-attempt", @@ -1193,7 +1193,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json index d51bd954028..2babb749ea8 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-guest.log-expected.json @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -215,7 +215,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -318,7 +318,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json index 895eaeccc95..b01cda2bcfc 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-identity-stores-diagnostics.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -235,7 +235,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -331,7 +331,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -618,7 +618,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -741,7 +741,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -825,7 +825,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -917,7 +917,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -1100,7 +1100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "local-user-db", @@ -1195,7 +1195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1265,7 +1265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "external-active-directory", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json index 62489bee2e7..bb412e007c7 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-internal-operations-diagnostics.log-expected.json @@ -28,7 +28,7 @@ "port": 9025 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "profiler", @@ -152,7 +152,7 @@ "port": 9005 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -217,7 +217,7 @@ "port": 9005 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "system-management", @@ -282,7 +282,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logging", @@ -339,7 +339,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json index 0db18437781..7f65ce027f4 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-my-devices.log-expected.json @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -233,7 +233,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mydevices", @@ -304,7 +304,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json index e0976aff12e..f5d0603cf15 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-passed-authentications.log-expected.json @@ -197,7 +197,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "passed-authentication", @@ -297,7 +297,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "guest", @@ -451,7 +451,7 @@ "port": 1645 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "passed-authentication", @@ -536,7 +536,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -608,7 +608,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json index 5cb299e1213..b17a0b055ab 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-policy-diagnostics.log-expected.json @@ -41,7 +41,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -138,7 +138,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -259,7 +259,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -373,7 +373,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -467,7 +467,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -566,7 +566,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -658,7 +658,7 @@ "ip": "81.2.69.143" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "policy", @@ -744,7 +744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json index 6b5586ab7e5..7d859d4d481 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-posture-client-provisioning-audit.log-expected.json @@ -32,7 +32,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eps", @@ -102,7 +102,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json index be86fa4f86f..cddf0a9d4c2 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-accounting.log-expected.json @@ -114,7 +114,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius-accounting", @@ -231,7 +231,7 @@ "ip": "81.2.69.145" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius-accounting", @@ -346,7 +346,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json index 85a01a1fc6d..3e66735afc5 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-radius-diagnostics.log-expected.json @@ -59,7 +59,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -183,7 +183,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -269,7 +269,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -379,7 +379,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -501,7 +501,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -605,7 +605,7 @@ "port": 73 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -684,7 +684,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -784,7 +784,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -894,7 +894,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -994,7 +994,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1098,7 +1098,7 @@ "port": 1813 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1197,7 +1197,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -1313,7 +1313,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1437,7 +1437,7 @@ "port": 72 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1553,7 +1553,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1669,7 +1669,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1788,7 +1788,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -1913,7 +1913,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2038,7 +2038,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2164,7 +2164,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2284,7 +2284,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2399,7 +2399,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2519,7 +2519,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2638,7 +2638,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2757,7 +2757,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2877,7 +2877,7 @@ "port": 1812 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "eap", @@ -2991,7 +2991,7 @@ "port": 1892 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json index 8c214c59c06..02cf32428bf 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-system-statistics.log-expected.json @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -174,7 +174,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -316,7 +316,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -408,7 +408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -568,7 +568,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json index 88c27421ebd..0acc65ae709 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-tacacs-accounting.log-expected.json @@ -112,7 +112,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -263,7 +263,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -433,7 +433,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tacacs-accounting", @@ -578,7 +578,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json index c89939c7542..7efaa934a0a 100644 --- a/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json +++ b/packages/cisco_ise/data_stream/log/_dev/test/pipeline/test-pipeline-threat-centric-nac.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "irf", @@ -94,7 +94,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "irf", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "radius", @@ -210,7 +210,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", From 91fb92e42da4b95a542e5bdc0f4c93d533481ddb Mon Sep 17 00:00:00 2001 From: "Lee E. Hinman" Date: Tue, 26 Jul 2022 22:06:31 -0500 Subject: [PATCH 32/32] updated order of hashes for carbon_black_cloud tests --- .../test/pipeline/test-endpoint-event.log-expected.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json index fad465a0471..4716e760d0c 100644 --- a/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json +++ b/packages/carbon_black_cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json @@ -301,10 +301,10 @@ }, "related": { "hash": [ + "fae441a6ec7fd8f55a404797a25c8910", "9520a99e77d6196d0d09833146424113", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", "9e9c7696859b94b1c33a532fa4d5c648226cf3361121dd899e502b8949fb11a6", - "fae441a6ec7fd8f55a404797a25c8910", "2498272dc48446891182747428d02a30", "dd191a5b23df92e12a8852291f9fb5ed594b76a28a5a464418442584afd1e048" ], @@ -546,8 +546,8 @@ "baf97b2a629723947539cff84e896cd29565ab4bb68b0cec515eb5c5d6637b69", "353f8d4e647a11f235f4262d913f7bac4c4f266eac4601ea416e861afd611912", "e202dd92848c5103c9abf8ecd22bc539", - "c5e9b1d1103edcea2e408e9497a5a88f", "2445dece99deedbd701dc6dfe10e648e", + "c5e9b1d1103edcea2e408e9497a5a88f", "5a780d6630639ffb7fd3d295c182eaa2a7cad2c70248c5ba8f334bb3803353ca" ], "hosts": [ @@ -785,9 +785,9 @@ }, "related": { "hash": [ + "fae441a6ec7fd8f55a404797a25c8910", "03dd698da2671383c9b4f868c9931879", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", - "fae441a6ec7fd8f55a404797a25c8910", "2445dece99deedbd701dc6dfe10e648e", "5a780d6630639ffb7fd3d295c182eaa2a7cad2c70248c5ba8f334bb3803353ca", "44a1975b2197484bb22a0eb673e67e7ee9ec20265e9f6347f5e06b6447ac82c5" @@ -906,10 +906,10 @@ }, "related": { "hash": [ + "fae441a6ec7fd8f55a404797a25c8910", "70cc03d968b1e7446d30af1037c228bf", "03dd698da2671383c9b4f868c9931879", "70d7571253e091f646f78a4dd078ce7fe8d796625bfa3c0a466df03971175fb4", - "fae441a6ec7fd8f55a404797a25c8910", "44a1975b2197484bb22a0eb673e67e7ee9ec20265e9f6347f5e06b6447ac82c5", "28aba00ae4f5f93b6b60ffcd9037167880eff26ff8116086342a22841d69fd6b" ],