Skip to content

Update ECS to 8.4.0 part 2 #3842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
leehinman merged 32 commits into from
Jul 29, 2022
Merged

Update ECS to 8.4.0 part 2 #3842

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
297f04b
Update ECS version for carbon_black_cloud
leehinman Jul 27, 2022
057d179
Update ECS version for carbonblack_edr
leehinman Jul 27, 2022
2d93a8f
Update ECS version for cef
leehinman Jul 27, 2022
21bf3da
Update ECS version for checkpoint
leehinman Jul 27, 2022
69ede6d
Update ECS version for cisco
leehinman Jul 27, 2022
91cba10
Update ECS version for cisco_asa
leehinman Jul 27, 2022
43d87f4
Update ECS version for cisco_duo
leehinman Jul 27, 2022
8ed5379
Update ECS version for cisco_ftd
leehinman Jul 27, 2022
89c73a4
Update ECS version for cisco_ios
leehinman Jul 27, 2022
4752993
Update ECS version for cisco_ise
leehinman Jul 27, 2022
cc284f2
Updated Changelog and Manifests for carbon_black_cloud
leehinman Jul 27, 2022
e0f92d8
Updated Changelog and Manifests for carbonblack_edr
leehinman Jul 27, 2022
9c4605d
Updated Changelog and Manifests for cef
leehinman Jul 27, 2022
c0aecb7
Updated Changelog and Manifests for checkpoint
leehinman Jul 27, 2022
33f0480
Updated Changelog and Manifests for cisco
leehinman Jul 27, 2022
641c73c
Updated Changelog and Manifests for cisco_asa
leehinman Jul 27, 2022
b5280d9
Updated Changelog and Manifests for cisco_duo
leehinman Jul 27, 2022
52369fb
Updated Changelog and Manifests for cisco_ftd
leehinman Jul 27, 2022
ce3f771
Updated Changelog and Manifests for cisco_ios
leehinman Jul 27, 2022
a7c200e
Updated Changelog and Manifests for cisco_ise
leehinman Jul 27, 2022
6167c2e
Revert "Updated Changelog and Manifests for cisco"
leehinman Jul 27, 2022
01b2a63
Revert "Update ECS version for cisco"
leehinman Jul 27, 2022
1d35fff
Updated pipeline tests for carbon_black_cloud
leehinman Jul 27, 2022
714e206
Updated pipeline tests for carbonblack_edr
leehinman Jul 27, 2022
c7e9f48
Updated pipeline tests for cef
leehinman Jul 27, 2022
fec2c8c
Updated pipeline tests for checkpoint
leehinman Jul 27, 2022
57f0073
Updated pipeline tests for cisco_asa
leehinman Jul 27, 2022
b0671cf
Updated pipeline tests for cisco_duo
leehinman Jul 27, 2022
9e40edc
Updated pipeline tests for cisco_ftd
leehinman Jul 27, 2022
b85bcee
Updated pipeline tests for cisco_ios
leehinman Jul 27, 2022
36c22c8
Updated pipeline tests for cisco_ise
leehinman Jul 27, 2022
91fb92e
updated order of hashes for carbon_black_cloud tests
leehinman Jul 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/carbon_black_cloud/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.3.0
reference: git@v8.4.0-rc1
5 changes: 5 additions & 0 deletions packages/carbon_black_cloud/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "1.2.0"
changes:
- description: Update package to ECS 8.4.0
type: enhancement
link: https://github.com/elastic/integrations/pull/3842
- version: "1.1.1"
changes:
- description: Fix proxy URL documentation rendering.
Expand Down
6 changes: 3 additions & 3 deletions ...ages/carbon_black_cloud/data_stream/alert/_dev/test/pipeline/test-alert.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"end": "2021-01-04T23:25:58Z",
Expand Down Expand Up @@ -158,7 +158,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"end": "2020-11-17T22:02:16Z",
Expand Down Expand Up @@ -295,7 +295,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"end": "2021-01-04T22:22:42Z",
Expand Down
2 changes: 1 addition & 1 deletion packages/carbon_black_cloud/data_stream/alert/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud alerts.
processors:
- set:
field: ecs.version
value: "8.3.0"
value: '8.4.0'
- rename:
field: message
target_field: event.original
Expand Down
16 changes: 8 additions & 8 deletions ...lnerability_summary/_dev/test/pipeline/test-asset-vulnerability-summary.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":1,\"highest_risk_score\":5.3,\"host_name\":\"DESKTOP-001\",\"last_sync_ts\":\"2022-02-14T08:32:37.105065Z\",\"name\":\"DESKTOP-001KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows Server 2019 Datacenter\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":137}"
Expand Down Expand Up @@ -66,7 +66,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":2,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-002\",\"last_sync_ts\":\"2021-12-31T22:16:06.970164Z\",\"name\":\"DESKTOP-002KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19044\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":342}"
Expand Down Expand Up @@ -114,7 +114,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":3,\"highest_risk_score\":8.4,\"host_name\":\"DESKTOP-003\",\"last_sync_ts\":\"2022-02-03T15:27:28.681106Z\",\"name\":\"DESKTOP-003KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Enterprise\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18363\"},\"severity\":\"IMPORTANT\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"WORKLOAD\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":499}"
Expand Down Expand Up @@ -162,7 +162,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":4,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-004\",\"last_sync_ts\":\"2022-01-06T03:51:45.460029Z\",\"name\":\"DESKTOP-004KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":885}"
Expand Down Expand Up @@ -210,7 +210,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":5,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-005\",\"last_sync_ts\":\"2022-01-10T02:46:08.236117Z\",\"name\":\"DESKTOP-005KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.18362\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":893}"
Expand Down Expand Up @@ -258,7 +258,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":6,\"highest_risk_score\":6,\"host_name\":\"DESKTOP-006\",\"last_sync_ts\":\"2022-01-10T03:11:44.097219Z\",\"name\":\"DESKTOP-006KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"MODERATE\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":276}"
Expand Down Expand Up @@ -306,7 +306,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":7,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-007\",\"last_sync_ts\":\"2022-01-11T08:41:31.573863Z\",\"name\":\"DESKTOP-007KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Pro\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.19043\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"MANUAL\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":542}"
Expand Down Expand Up @@ -354,7 +354,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"original": "{\"cve_ids\":null,\"device_id\":8,\"highest_risk_score\":10,\"host_name\":\"DESKTOP-008\",\"last_sync_ts\":\"2022-01-17T08:33:37.384932Z\",\"name\":\"DESKTOP-008KK\",\"os_info\":{\"os_arch\":\"64-bit\",\"os_name\":\"Microsoft Windows 10 Education\",\"os_type\":\"WINDOWS\",\"os_version\":\"10.0.17763\"},\"severity\":\"CRITICAL\",\"sync_status\":\"COMPLETED\",\"sync_type\":\"SCHEDULED\",\"type\":\"ENDPOINT\",\"vm_id\":\"\",\"vm_name\":\"\",\"vuln_count\":1770}"
Expand Down
2 changes: 1 addition & 1 deletion ...k_cloud/data_stream/asset_vulnerability_summary/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ processors:
ignore_missing: true
- set:
field: ecs.version
value: '8.3.0'
value: '8.4.0'
- json:
field: event.original
target_field: json
Expand Down
14 changes: 7 additions & 7 deletions ...ages/carbon_black_cloud/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "16xxxxxxxxxx8ac7bd",
Expand Down Expand Up @@ -51,7 +51,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "21xxxxxxxxxx93ff7c",
Expand Down Expand Up @@ -87,7 +87,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "28xxxxxxxxxx8ac7bd",
Expand Down Expand Up @@ -123,7 +123,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "34xxxxxxxxxxd9ccf9",
Expand Down Expand Up @@ -159,7 +159,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "3axxxxxxxxxx2e5035",
Expand Down Expand Up @@ -195,7 +195,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "32xxxxxxxxxx189c6d",
Expand Down Expand Up @@ -231,7 +231,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"id": "a9xxxxxxxxxx4b3d2c",
Expand Down
2 changes: 1 addition & 1 deletion packages/carbon_black_cloud/data_stream/audit/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud audit logs
processors:
- set:
field: ecs.version
value: '8.3.0'
value: '8.4.0'
- rename:
field: message
target_field: event.original
Expand Down
30 changes: 15 additions & 15 deletions ...cloud/data_stream/endpoint_event/_dev/test/pipeline/test-endpoint-event.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_CREATE_KEY",
Expand Down Expand Up @@ -139,7 +139,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_WRITE_VALUE",
Expand Down Expand Up @@ -262,7 +262,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_OPEN_PROCESS_HANDLE",
Expand Down Expand Up @@ -385,7 +385,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_OPEN_PROCESS_HANDLE",
Expand Down Expand Up @@ -504,7 +504,7 @@
"path": "c:\\windows\\system32\\fltlib.dll"
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_LOAD_MODULE",
Expand Down Expand Up @@ -625,7 +625,7 @@
"path": "c:\\windows\\system32\\dnsapi.dll"
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_LOAD_MODULE",
Expand Down Expand Up @@ -746,7 +746,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_CREATE_PROCESS",
Expand Down Expand Up @@ -867,7 +867,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_CREATE_PROCESS",
Expand Down Expand Up @@ -968,7 +968,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_PROCESS_TERMINATE",
Expand Down Expand Up @@ -1067,7 +1067,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_PROCESS_TERMINATE",
Expand Down Expand Up @@ -1162,7 +1162,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_DELETE",
Expand Down Expand Up @@ -1260,7 +1260,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_FILE_MOD_OPEN | ACTION_FILE_OPEN_READ | ACTION_FILE_OPEN_WRITE",
Expand Down Expand Up @@ -1362,7 +1362,7 @@
"port": 62909
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_CONNECTION_CREATE",
Expand Down Expand Up @@ -1470,7 +1470,7 @@
"port": 9716
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_CONNECTION_LISTEN",
Expand Down Expand Up @@ -1587,7 +1587,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"action": "ACTION_LOAD_SCRIPT",
Expand Down
2 changes: 1 addition & 1 deletion ...s/carbon_black_cloud/data_stream/endpoint_event/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ description: Pipeline for parsing Carbon Black Cloud Endpoint Events.
processors:
- set:
field: ecs.version
value: '8.3.0'
value: '8.4.0'
- rename:
field: message
target_field: event.original
Expand Down
Loading