diff --git a/packages/cisco_nexus/_dev/build/build.yml b/packages/cisco_nexus/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_nexus/_dev/build/build.yml +++ b/packages/cisco_nexus/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 9ae53bdd01e..6f416d3d96d 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "0.6.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json index 891a9a623d0..0799deb4b0f 100644 --- a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json +++ b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login", "tags": [ diff --git a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml index bd8172f1a21..27e250da8db 100644 --- a/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/cisco_nexus/docs/README.md b/packages/cisco_nexus/docs/README.md index e9e84a23795..36c6117484b 100644 --- a/packages/cisco_nexus/docs/README.md +++ b/packages/cisco_nexus/docs/README.md @@ -177,7 +177,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index f8bacceeaf0..d107f239d05 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: "0.6.0" +version: "0.7.0" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/_dev/build/build.yml b/packages/cisco_secure_email_gateway/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_secure_email_gateway/_dev/build/build.yml +++ b/packages/cisco_secure_email_gateway/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 1338a33a78d..7b27e487851 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "0.2.1" changes: - description: Improve SSL config description and example. diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json index 494d440a724..6aa735a1c26 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json @@ -11,7 +11,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -108,7 +108,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -202,7 +202,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -248,7 +248,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json index 5ab736e0143..a9f299feddb 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json @@ -14,7 +14,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -45,7 +45,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -77,7 +77,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json index 18761672851..78aa96348c0 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json @@ -60,7 +60,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -162,7 +162,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json index 8263d040c8c..36cf4336b24 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -46,7 +46,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json index e74a7cf9af5..6904b6d73e6 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json @@ -13,7 +13,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -83,7 +83,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -119,7 +119,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "'Critical \u003cSystem\u003e example.com: Log Error: Subscription error_logs: Failed to connect to 10....' (attempt #0)", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json index d2410f8b88b..675694d47d9 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json @@ -14,7 +14,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -87,7 +87,7 @@ "ip": "1.128.3.4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -140,7 +140,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -226,7 +226,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -308,7 +308,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -366,7 +366,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -404,7 +404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -442,7 +442,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json index c8be9a1aaf9..90954347e92 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json @@ -96,7 +96,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "0" diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json index c463097f803..a2f697739ae 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -114,7 +114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -143,7 +143,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", diff --git a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json index 095dda2ac40..2b64513a651 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json +++ b/packages/cisco_secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-text-mail.log-expected.json @@ -15,7 +15,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "111" @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -78,7 +78,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -106,7 +106,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "\"Warning \u003cSystem\u003e cisco.esa: URL category definitions have changed.; Added new category '...\"", @@ -149,7 +149,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -186,7 +186,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "6" @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -252,7 +252,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "6", @@ -286,7 +286,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -321,7 +321,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -390,7 +390,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "6" @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "message_id": "6" @@ -455,7 +455,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -512,7 +512,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...", @@ -547,7 +547,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "kind": "event", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "'Warning \u003cSystem\u003e cisco.esa: Your \"Sophos Anti-Virus\" key will expire in under 60 day(s)....'", @@ -610,7 +610,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error", @@ -652,7 +652,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "to": { diff --git a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml index be219a6f621..d28accdced1 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Cisco Secure Email Gateway logs processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: _tmp.filepath value: "{{{log.file.path}}}" diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index f61a734bdff..f96bcb7f895 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "0.2.1" +version: "0.3.0" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/_dev/build/build.yml b/packages/cisco_secure_endpoint/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_secure_endpoint/_dev/build/build.yml +++ b/packages/cisco_secure_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 4a0dcd1f812..82a707c47d8 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "2.5.2" changes: - description: Update package name and description to align with standard wording diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json index fd84bce8919..d31c9ff3107 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp1.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -111,7 +111,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -349,7 +349,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -425,7 +425,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -622,7 +622,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -700,7 +700,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -786,7 +786,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -872,7 +872,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1044,7 +1044,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1130,7 +1130,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1214,7 +1214,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1286,7 +1286,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1430,7 +1430,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1502,7 +1502,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1575,7 +1575,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1675,7 +1675,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1753,7 +1753,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "File Fetch Completed", @@ -1842,7 +1842,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1920,7 +1920,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1992,7 +1992,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "File Fetch Completed", @@ -2069,7 +2069,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -2133,7 +2133,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2204,7 +2204,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -2276,7 +2276,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2355,7 +2355,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2536,7 +2536,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2609,7 +2609,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -2676,7 +2676,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -2762,7 +2762,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -2841,7 +2841,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -2993,7 +2993,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -3058,7 +3058,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3232,7 +3232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3330,7 +3330,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3408,7 +3408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3494,7 +3494,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3594,7 +3594,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3693,7 +3693,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3822,7 +3822,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Vulnerable Application Detected", @@ -3895,7 +3895,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -3958,7 +3958,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Scan Completed, No Detections", @@ -4016,7 +4016,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Scan Started", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json index face51c3357..8c92e8183c5 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp2.log-expected.json @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SecureX Threat Hunting Incident", @@ -175,7 +175,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -278,7 +278,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -377,7 +377,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -481,7 +481,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -589,7 +589,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -697,7 +697,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -805,7 +805,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -913,7 +913,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -1021,7 +1021,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DFC Threat Detected", @@ -1114,7 +1114,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1194,7 +1194,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1287,7 +1287,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Multiple Infected Files", @@ -1365,7 +1365,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1455,7 +1455,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1541,7 +1541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1630,7 +1630,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Executed malware", @@ -1711,7 +1711,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1887,7 +1887,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1973,7 +1973,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2063,7 +2063,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2153,7 +2153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2239,7 +2239,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2339,7 +2339,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Vulnerable Application Detected", @@ -2418,7 +2418,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2508,7 +2508,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2594,7 +2594,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2680,7 +2680,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2770,7 +2770,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2856,7 +2856,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2942,7 +2942,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3021,7 +3021,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3100,7 +3100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3282,7 +3282,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3372,7 +3372,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3458,7 +3458,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3544,7 +3544,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3626,7 +3626,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Executed malware", @@ -3704,7 +3704,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3783,7 +3783,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json index aa76dfb862e..c0d2525e57a 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp3.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -113,7 +113,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -196,7 +196,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -279,7 +279,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -445,7 +445,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -528,7 +528,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -611,7 +611,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -777,7 +777,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -860,7 +860,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -943,7 +943,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1026,7 +1026,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1109,7 +1109,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1192,7 +1192,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1275,7 +1275,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1358,7 +1358,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1441,7 +1441,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1520,7 +1520,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1603,7 +1603,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1686,7 +1686,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1773,7 +1773,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1872,7 +1872,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1959,7 +1959,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2058,7 +2058,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2145,7 +2145,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2244,7 +2244,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2327,7 +2327,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2426,7 +2426,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2760,7 +2760,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2850,7 +2850,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2940,7 +2940,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3116,7 +3116,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3195,7 +3195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3281,7 +3281,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3360,7 +3360,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3439,7 +3439,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3518,7 +3518,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3608,7 +3608,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3694,7 +3694,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3784,7 +3784,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json index f78c4035be9..c009c421507 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp4.log-expected.json @@ -34,7 +34,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -120,7 +120,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Executed malware", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -276,7 +276,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -352,7 +352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -447,7 +447,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -541,7 +541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -634,7 +634,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -869,7 +869,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -944,7 +944,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1019,7 +1019,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1094,7 +1094,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1244,7 +1244,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1319,7 +1319,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1394,7 +1394,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1469,7 +1469,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1544,7 +1544,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1619,7 +1619,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1694,7 +1694,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1844,7 +1844,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1919,7 +1919,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1994,7 +1994,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2070,7 +2070,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2264,7 +2264,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2365,7 +2365,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2461,7 +2461,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2532,7 +2532,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2603,7 +2603,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2674,7 +2674,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2745,7 +2745,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2820,7 +2820,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2895,7 +2895,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2970,7 +2970,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3045,7 +3045,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3121,7 +3121,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3224,7 +3224,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3322,7 +3322,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3393,7 +3393,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3465,7 +3465,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3555,7 +3555,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3649,7 +3649,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3750,7 +3750,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3847,7 +3847,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3933,7 +3933,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4023,7 +4023,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4126,7 +4126,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4219,7 +4219,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -4274,7 +4274,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -4338,7 +4338,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4413,7 +4413,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4488,7 +4488,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -4560,7 +4560,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -4639,7 +4639,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -4718,7 +4718,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -4800,7 +4800,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -4876,7 +4876,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4975,7 +4975,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -5073,7 +5073,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -5148,7 +5148,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5223,7 +5223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -5294,7 +5294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -5366,7 +5366,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -5445,7 +5445,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -5524,7 +5524,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -5610,7 +5610,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -5685,7 +5685,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -5760,7 +5760,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -5835,7 +5835,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -5910,7 +5910,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6060,7 +6060,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6135,7 +6135,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6210,7 +6210,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6285,7 +6285,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6360,7 +6360,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6435,7 +6435,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6511,7 +6511,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -6610,7 +6610,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -6707,7 +6707,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -6792,7 +6792,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -6867,7 +6867,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -6942,7 +6942,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -7017,7 +7017,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -7089,7 +7089,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7179,7 +7179,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7269,7 +7269,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7359,7 +7359,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7449,7 +7449,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7539,7 +7539,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7629,7 +7629,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7719,7 +7719,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7809,7 +7809,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7899,7 +7899,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -7993,7 +7993,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -8086,7 +8086,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json index 7ce55c7ac27..00b642040b6 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp5.log-expected.json @@ -38,7 +38,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -138,7 +138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -213,7 +213,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -285,7 +285,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -375,7 +375,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -478,7 +478,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -576,7 +576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -651,7 +651,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -723,7 +723,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -813,7 +813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -977,7 +977,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1052,7 +1052,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1127,7 +1127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1198,7 +1198,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -1270,7 +1270,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1349,7 +1349,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1432,7 +1432,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1511,7 +1511,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1593,7 +1593,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1664,7 +1664,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1819,7 +1819,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1905,7 +1905,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1980,7 +1980,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2055,7 +2055,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2127,7 +2127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2206,7 +2206,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2285,7 +2285,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2368,7 +2368,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2566,7 +2566,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detection", @@ -2639,7 +2639,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2714,7 +2714,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2789,7 +2789,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2864,7 +2864,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -2936,7 +2936,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3015,7 +3015,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3173,7 +3173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3252,7 +3252,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3331,7 +3331,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -3492,7 +3492,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3564,7 +3564,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3654,7 +3654,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3736,7 +3736,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3825,7 +3825,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3976,7 +3976,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4070,7 +4070,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -4145,7 +4145,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -4220,7 +4220,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -4292,7 +4292,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4378,7 +4378,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4550,7 +4550,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4636,7 +4636,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4722,7 +4722,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4808,7 +4808,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4894,7 +4894,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4980,7 +4980,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -5065,7 +5065,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json index 0a31f68f31d..98c5a350d4f 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp6.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -112,7 +112,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -187,7 +187,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -671,7 +671,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -757,7 +757,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -913,7 +913,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -984,7 +984,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -1056,7 +1056,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1146,7 +1146,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1249,7 +1249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1350,7 +1350,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1449,7 +1449,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1551,7 +1551,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1626,7 +1626,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -1697,7 +1697,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -1769,7 +1769,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1848,7 +1848,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -1927,7 +1927,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2016,7 +2016,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -2095,7 +2095,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -2167,7 +2167,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2250,7 +2250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2332,7 +2332,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2404,7 +2404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2498,7 +2498,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2593,7 +2593,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2683,7 +2683,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2782,7 +2782,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2872,7 +2872,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2957,7 +2957,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3028,7 +3028,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -3104,7 +3104,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3202,7 +3202,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Potential Dropper Infection", @@ -3269,7 +3269,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -3333,7 +3333,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3405,7 +3405,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3491,7 +3491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3580,7 +3580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3655,7 +3655,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3730,7 +3730,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3805,7 +3805,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3880,7 +3880,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -3956,7 +3956,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4053,7 +4053,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -4138,7 +4138,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -4213,7 +4213,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -4288,7 +4288,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json index 9fac9c90b6f..5842e1ee82d 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp7.log-expected.json @@ -37,7 +37,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -195,7 +195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -281,7 +281,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -371,7 +371,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -460,7 +460,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -535,7 +535,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -606,7 +606,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -678,7 +678,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -768,7 +768,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -847,7 +847,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -932,7 +932,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -1010,7 +1010,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected in Low Prevalence Executable", @@ -1078,7 +1078,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -1137,7 +1137,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "File Fetch Completed", @@ -1224,7 +1224,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1322,7 +1322,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -1397,7 +1397,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -1473,7 +1473,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1572,7 +1572,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -1670,7 +1670,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -1736,7 +1736,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Policy Update", @@ -1800,7 +1800,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Executed malware", @@ -1881,7 +1881,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Multiple Infected Files", @@ -1958,7 +1958,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -2030,7 +2030,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", @@ -2116,7 +2116,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2188,7 +2188,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2277,7 +2277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2427,7 +2427,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Quarantine Failure", @@ -2499,7 +2499,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2584,7 +2584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2655,7 +2655,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2727,7 +2727,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2813,7 +2813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -2902,7 +2902,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Quarantined", @@ -2974,7 +2974,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3064,7 +3064,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3154,7 +3154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3248,7 +3248,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Threat Detected", @@ -3351,7 +3351,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malicious Activity Detection", @@ -3452,7 +3452,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3538,7 +3538,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3624,7 +3624,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3710,7 +3710,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -3793,7 +3793,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine Attempt Failed", @@ -3864,7 +3864,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Quarantine", @@ -3936,7 +3936,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Retrospective Detection", diff --git a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json index 4c915a05212..aa3815742b5 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json +++ b/packages/cisco_secure_endpoint/data_stream/event/_dev/test/pipeline/test-cisco-amp8.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -262,7 +262,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Cloud IOC", diff --git a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml index 3fad0cbeeb7..cd0dca31fba 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/elasticsearch/ingest_pipeline/default.yml @@ -40,7 +40,7 @@ processors: ####################### - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: event.kind value: alert diff --git a/packages/cisco_secure_endpoint/docs/README.md b/packages/cisco_secure_endpoint/docs/README.md index 5822dbb4d41..c6375100470 100644 --- a/packages/cisco_secure_endpoint/docs/README.md +++ b/packages/cisco_secure_endpoint/docs/README.md @@ -255,7 +255,7 @@ An example event for `event` looks as following: | host.os.version | Operating system version as a raw string. | keyword | | host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | | input.type | Type of Filebeat input. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword | | process.args_count | Length of the process.args array. This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. | long | diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index ae69fab6b16..ae077ab3621 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint -version: 2.5.2 +version: 2.6.0 license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration diff --git a/packages/cisco_umbrella/_dev/build/build.yml b/packages/cisco_umbrella/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cisco_umbrella/_dev/build/build.yml +++ b/packages/cisco_umbrella/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cisco_umbrella/changelog.yml b/packages/cisco_umbrella/changelog.yml index ff572966bfe..cecc7216077 100644 --- a/packages/cisco_umbrella/changelog.yml +++ b/packages/cisco_umbrella/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "1.2.2" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json index eafd30ce101..4bbcada3d93 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-auditlogs.log-expected.json @@ -12,7 +12,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json index 7c3d7a25eee..05cd34e5d66 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-cloudfirewalllogs.log-expected.json @@ -26,7 +26,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -97,7 +97,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json index 9f0ca115f9f..8662327a7f4 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-dnslogs.log-expected.json @@ -29,7 +29,7 @@ "type": "query" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dns-request-Allowed", @@ -105,7 +105,7 @@ "type": "query" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dns-request-Blocked", @@ -175,7 +175,7 @@ "type": "query" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dns-request-Allowed", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json index b85101542fd..9f11fb0dab4 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-iplogs.log-expected.json @@ -25,7 +25,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -84,7 +84,7 @@ "port": 445 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json index 848e16b055a..1c9dfb1ac4f 100644 --- a/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json +++ b/packages/cisco_umbrella/data_stream/log/_dev/test/pipeline/test-umbrella-proxylogs.log-expected.json @@ -30,7 +30,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -115,7 +115,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d6683ac0423..c64b1e674c5 100644 --- a/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cisco_umbrella/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Cisco Umbrella processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: observer.vendor value: Cisco diff --git a/packages/cisco_umbrella/docs/README.md b/packages/cisco_umbrella/docs/README.md index a95337c2a05..29de50475a7 100644 --- a/packages/cisco_umbrella/docs/README.md +++ b/packages/cisco_umbrella/docs/README.md @@ -226,7 +226,7 @@ An example event for `log` looks as following: | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.product | The product name of the observer. | keyword | | observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | diff --git a/packages/cisco_umbrella/manifest.yml b/packages/cisco_umbrella/manifest.yml index e9fda5c6cfe..19b0d641225 100644 --- a/packages/cisco_umbrella/manifest.yml +++ b/packages/cisco_umbrella/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_umbrella title: Cisco Umbrella -version: "1.2.2" +version: "1.3.0" license: basic description: Collect logs from Cisco Umbrella with Elastic Agent. type: integration diff --git a/packages/citrix_waf/_dev/build/build.yml b/packages/citrix_waf/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/citrix_waf/_dev/build/build.yml +++ b/packages/citrix_waf/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/citrix_waf/changelog.yml b/packages/citrix_waf/changelog.yml index c5e4f276e3a..917b28b5e6c 100644 --- a/packages/citrix_waf/changelog.yml +++ b/packages/citrix_waf/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "1.0.0" changes: - description: Add dashboard. diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_cef.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_cef.log-expected.json index 3ca941e285c..d07306a8c15 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_cef.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_cef.log-expected.json @@ -34,7 +34,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blocked", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -181,7 +181,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -255,7 +255,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blocked", @@ -331,7 +331,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -407,7 +407,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -480,7 +480,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -553,7 +553,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "transformed", @@ -626,7 +626,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", @@ -700,7 +700,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "not blocked", diff --git a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_native.log-expected.json b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_native.log-expected.json index 5a336c7fefd..19e38eace9e 100644 --- a/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_native.log-expected.json +++ b/packages/citrix_waf/data_stream/log/_dev/test/pipeline/citrix_waf_native.log-expected.json @@ -31,7 +31,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "60", @@ -69,7 +69,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "5743593", @@ -107,7 +107,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "4471", @@ -145,7 +145,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "4472", @@ -183,7 +183,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "4473", @@ -221,7 +221,7 @@ "ip": "81.2.69.144" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "id": "4474", diff --git a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 3ab766b75f5..9f40c2447e0 100644 --- a/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/citrix_waf/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Citrix Web App Firewall logs processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/citrix_waf/docs/README.md b/packages/citrix_waf/docs/README.md index 0cd170afeeb..2d2ef7150b0 100644 --- a/packages/citrix_waf/docs/README.md +++ b/packages/citrix_waf/docs/README.md @@ -260,7 +260,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | | network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | diff --git a/packages/citrix_waf/manifest.yml b/packages/citrix_waf/manifest.yml index a84be08783a..8a27cbf1b71 100644 --- a/packages/citrix_waf/manifest.yml +++ b/packages/citrix_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: citrix_waf title: "Citrix Web App Firewall" -version: 1.0.0 +version: 1.1.0 license: basic description: Ingest events from Citrix Systems Web App Firewall. type: integration diff --git a/packages/cloudflare/_dev/build/build.yml b/packages/cloudflare/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cloudflare/_dev/build/build.yml +++ b/packages/cloudflare/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 7dd318aea9e..3c5aceaf9fb 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "2.1.3" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index 57a9f9d6d04..0a1e40976e5 100644 --- a/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/cloudflare/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -27,7 +27,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_create", @@ -109,7 +109,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_revoke", @@ -185,7 +185,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "api_key_view", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "api_key_view", @@ -337,7 +337,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rotate_api_key", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "api_key_created", @@ -493,7 +493,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_create", @@ -569,7 +569,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "purge", @@ -736,7 +736,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tls_settings_deployed", @@ -789,7 +789,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete", @@ -871,7 +871,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_revoke", @@ -953,7 +953,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_revoke", @@ -1035,7 +1035,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_roll", @@ -1115,7 +1115,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_create", @@ -1204,7 +1204,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1294,7 +1294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1384,7 +1384,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1475,7 +1475,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1566,7 +1566,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1657,7 +1657,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1748,7 +1748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1839,7 +1839,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -1929,7 +1929,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -2019,7 +2019,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -2109,7 +2109,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -2199,7 +2199,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_del", @@ -2288,7 +2288,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2377,7 +2377,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2466,7 +2466,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2555,7 +2555,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2644,7 +2644,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2734,7 +2734,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2824,7 +2824,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -2914,7 +2914,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3004,7 +3004,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3094,7 +3094,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3183,7 +3183,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3272,7 +3272,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3361,7 +3361,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rec_add", @@ -3442,7 +3442,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "pending", @@ -3530,7 +3530,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tls_settings_deployed", @@ -3584,7 +3584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add", @@ -3667,7 +3667,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "change_setting", @@ -3748,7 +3748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "token_create", @@ -3824,7 +3824,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login", @@ -3900,7 +3900,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login", diff --git a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index e6eb6fd853a..b059eaae035 100644 --- a/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare audit logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json index 23cb689119b..c8e064da1b6 100644 --- a/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json +++ b/packages/cloudflare/data_stream/logpull/_dev/test/pipeline/test-http-json.log-expected.json @@ -105,7 +105,7 @@ "bytes": 2848 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -283,7 +283,7 @@ "bytes": 24743 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -487,7 +487,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml index c718038236a..de78b1393c0 100644 --- a/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cloudflare/data_stream/logpull/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing cloudflare logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 4e51954f4ac..33e746e059b 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: "2.1.3" +version: 2.2.0 release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration diff --git a/packages/crowdstrike/_dev/build/build.yml b/packages/crowdstrike/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/crowdstrike/_dev/build/build.yml +++ b/packages/crowdstrike/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/crowdstrike/changelog.yml b/packages/crowdstrike/changelog.yml index 94f6bc0a03c..e1a2c68a108 100644 --- a/packages/crowdstrike/changelog.yml +++ b/packages/crowdstrike/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "1.4.2" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json index 0e029734f1d..5c47141d7f4 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-audit-events.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -73,7 +73,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -152,7 +152,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -259,7 +259,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -322,7 +322,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_activity_audit_event", @@ -382,7 +382,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -436,7 +436,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -496,7 +496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -550,7 +550,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -604,7 +604,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -658,7 +658,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -729,7 +729,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json index 3883d706a11..de41be971aa 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-events.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Prevention, process killed.", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "incident", @@ -201,7 +201,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_activity_audit_event", diff --git a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json index 600553e158c..2b5a24da72e 100644 --- a/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json +++ b/packages/crowdstrike/data_stream/falcon/_dev/test/pipeline/test-falcon-sample.log-expected.json @@ -46,7 +46,7 @@ "port": 445 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -121,7 +121,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "incident", @@ -183,7 +183,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -245,7 +245,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user_activity_audit_event", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -356,7 +356,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": [ @@ -484,7 +484,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Detection, process would have been blocked if related prevention policy setting was enabled.", diff --git a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml index 40dbc432e7e..a944e4da7dc 100644 --- a/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/falcon/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Ingest pipeline for normalizing CrowdStrike Falcon logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json index 12c27828caf..174128eb647 100644 --- a/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json +++ b/packages/crowdstrike/data_stream/fdr/_dev/test/pipeline/test-fdr.log-expected.json @@ -18,7 +18,7 @@ "name": "SyntheticProcessRollup2MacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SyntheticProcessRollup2", @@ -119,7 +119,7 @@ "name": "EndOfProcessMacV15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -206,7 +206,7 @@ "port": 546 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "RawBindIP6", @@ -298,7 +298,7 @@ "name": "ProcessRollup2StatsMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2Stats", @@ -397,7 +397,7 @@ "name": "SensorHeartbeatMacV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SensorHeartbeat", @@ -469,7 +469,7 @@ "name": "ProcessRollup2MacV5" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -581,7 +581,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkReceiveAcceptIP4", @@ -670,7 +670,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "RawBindIP4", @@ -769,7 +769,7 @@ "port": 50626 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP6", @@ -858,7 +858,7 @@ "name": "ProcessRollup2LinV6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -963,7 +963,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP6", @@ -1043,7 +1043,7 @@ "name": "OoxmlFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "OoxmlFileWritten", @@ -1139,7 +1139,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP4", @@ -1235,7 +1235,7 @@ "name": "ChannelVersionRequiredLinV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ChannelVersionRequired", @@ -1293,7 +1293,7 @@ "name": "LocalIpAddressIP6LinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressIP6", @@ -1379,7 +1379,7 @@ "name": "ChannelVersionRequiredMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ChannelVersionRequired", @@ -1439,7 +1439,7 @@ "name": "SensorHeartbeatLinV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SensorHeartbeat", @@ -1503,7 +1503,7 @@ "name": "JavaClassFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "JavaClassFileWritten", @@ -1600,7 +1600,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP4", @@ -1690,7 +1690,7 @@ "type": "query" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DnsRequest", @@ -1760,7 +1760,7 @@ "name": "NewScriptWrittenMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewScriptWritten", @@ -1839,7 +1839,7 @@ "name": "LocalIpAddressRemovedIP6LinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -1922,7 +1922,7 @@ "name": "DirectoryCreateMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DirectoryCreate", @@ -2023,7 +2023,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkCloseIP4", @@ -2144,7 +2144,7 @@ "name": "FsVolumeMountedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FsVolumeMounted", @@ -2216,7 +2216,7 @@ "name": "LocalIpAddressIP4LinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressIP4", @@ -2300,7 +2300,7 @@ "name": "LocalIpAddressRemovedIP6MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressRemovedIP6", @@ -2395,7 +2395,7 @@ "name": "LocalIpAddressIP6MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressIP6", @@ -2483,7 +2483,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP4", @@ -2562,7 +2562,7 @@ "name": "ExecutableDeletedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ExecutableDeleted", @@ -2638,7 +2638,7 @@ "name": "GzipFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "GzipFileWritten", @@ -2711,7 +2711,7 @@ "name": "IOServiceRegisterMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "IOServiceRegister", @@ -2776,7 +2776,7 @@ "name": "PtyCreatedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "PtyCreated", @@ -2848,7 +2848,7 @@ "name": "LocalIpAddressRemovedIP4MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressRemovedIP4", @@ -2936,7 +2936,7 @@ "port": 9 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkCloseIP6", @@ -3022,7 +3022,7 @@ "name": "ConfigStateUpdateLinV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ConfigStateUpdate", @@ -3087,7 +3087,7 @@ "name": "SuspiciousDnsRequestMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -3163,7 +3163,7 @@ "name": "ErrorEventLinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ErrorEvent", @@ -3256,7 +3256,7 @@ "name": "ConfigStateUpdateMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ConfigStateUpdate", @@ -3321,7 +3321,7 @@ "name": "KextLoadMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "KextLoad", @@ -3392,7 +3392,7 @@ "name": "ChannelVersionRequiredLinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ChannelVersionRequired", @@ -3452,7 +3452,7 @@ "name": "ProcessRollup2StatsLinV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2Stats", @@ -3541,7 +3541,7 @@ "name": "UserIdentityMacV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserIdentity", @@ -3625,7 +3625,7 @@ "name": "DeliverLocalFXToCloudMacV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DeliverLocalFXToCloud", @@ -3682,7 +3682,7 @@ "name": "CreateProcessArgsMac" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CreateProcessArgs", @@ -3780,7 +3780,7 @@ "name": "PdfFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "PdfFileWritten", @@ -3860,7 +3860,7 @@ "name": "GroupIdentityMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "GroupIdentity", @@ -3929,7 +3929,7 @@ "name": "MachOFileWrittenMacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "MachOFileWritten", @@ -4019,7 +4019,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP6", @@ -4220,7 +4220,7 @@ "name": "CurrentSystemTagsMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CurrentSystemTags", @@ -4285,7 +4285,7 @@ "name": "NewExecutableWrittenMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewExecutableWritten", @@ -4490,7 +4490,7 @@ "name": "LfoUploadDataCompleteMacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LfoUploadDataComplete", @@ -4563,7 +4563,7 @@ "name": "LightningLatencyInfoMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LightningLatencyInfo", @@ -4655,7 +4655,7 @@ "name": "NeighborListIP4MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NeighborListIP4", @@ -4720,7 +4720,7 @@ "name": "ZipFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ZipFileWritten", @@ -4821,7 +4821,7 @@ "name": "AgentOnlineMacV13" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "AgentOnline", @@ -4899,7 +4899,7 @@ "name": "CriticalFileAccessedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CriticalFileAccessed", @@ -4988,7 +4988,7 @@ "name": "OsVersionInfoMacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "OsVersionInfo", @@ -5070,7 +5070,7 @@ "name": "ConfigStateUpdateLinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ConfigStateUpdate", @@ -5134,7 +5134,7 @@ "name": "LFODownloadConfirmationLinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5215,7 +5215,7 @@ "name": "TarFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "TarFileWritten", @@ -5304,7 +5304,7 @@ "name": "AgentConnectMacV5" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "AgentConnect", @@ -5372,7 +5372,7 @@ "name": "LFODownloadConfirmationMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LFODownloadConfirmation", @@ -5455,7 +5455,7 @@ "name": "AsepFileChangeMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "AsepFileChange", @@ -5533,7 +5533,7 @@ "name": "TerminateProcessLinV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "TerminateProcess", @@ -5604,7 +5604,7 @@ "name": "FirewallEnabledMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FirewallEnabled", @@ -5673,7 +5673,7 @@ "name": "FsVolumeUnmountedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FsVolumeUnmounted", @@ -5744,7 +5744,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP4", @@ -5824,7 +5824,7 @@ "name": "ELFFileWrittenMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ELFFileWritten", @@ -5915,7 +5915,7 @@ "name": "OsVersionInfoLinV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "OsVersionInfo", @@ -5982,7 +5982,7 @@ "name": "CriticalFileModifiedMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CriticalFileModified", @@ -6071,7 +6071,7 @@ "name": "NeighborListIP6MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NeighborListIP6", @@ -6137,7 +6137,7 @@ "name": "NewScriptWrittenMacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewScriptWritten", @@ -6232,7 +6232,7 @@ "name": "SystemCapacityMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SystemCapacity", @@ -6302,7 +6302,7 @@ "name": "FirmwareAnalysisStatusMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FirmwareAnalysisStatus", @@ -6381,7 +6381,7 @@ "name": "LocalIpAddressIP4MacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LocalIpAddressIP4", @@ -6471,7 +6471,7 @@ "name": "ProcessRollup2LinV5" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -6579,7 +6579,7 @@ "name": "EndOfProcessMacV14" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -6709,7 +6709,7 @@ "name": "EndOfProcessV15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -6806,7 +6806,7 @@ "name": "EndOfProcessMacV12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -6899,7 +6899,7 @@ "name": "ProcessRollup2V17" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -6997,7 +6997,7 @@ "type": "query" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DnsRequest", @@ -7067,7 +7067,7 @@ "name": "CriticalFileAccessedLinV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CriticalFileAccessed", @@ -7160,7 +7160,7 @@ "name": "ProcessRollup2MacV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -7266,7 +7266,7 @@ "name": "NewScriptWrittenV7" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewScriptWritten", @@ -7362,7 +7362,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP4", @@ -7463,7 +7463,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP4", @@ -7564,7 +7564,7 @@ "name": "UserLogonV8" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserLogon", @@ -7656,7 +7656,7 @@ "name": "PeFileWrittenV14" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "PeFileWritten", @@ -7752,7 +7752,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserLogoff", @@ -7839,7 +7839,7 @@ "name": "NewExecutableWrittenV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewExecutableWritten", @@ -7924,7 +7924,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP4", @@ -8030,7 +8030,7 @@ "ip": "67.43.156.14" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserLogonFailed2", @@ -8115,7 +8115,7 @@ "name": "ExecutableDeletedV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ExecutableDeleted", @@ -8207,7 +8207,7 @@ "name": "EndOfProcessMacV11" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -8283,7 +8283,7 @@ "name": "RegisterRawInputDevicesEtwV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "RegisterRawInputDevicesEtw", @@ -8357,7 +8357,7 @@ "name": "LFODownloadConfirmationV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LFODownloadConfirmation", @@ -8446,7 +8446,7 @@ "name": "NewExecutableRenamedV6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewExecutableRenamed", @@ -8535,7 +8535,7 @@ "name": "DirectoryCreateV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DirectoryCreate", @@ -8620,7 +8620,7 @@ "name": "ServiceStartedV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ServiceStarted", @@ -8711,7 +8711,7 @@ "port": 2181 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP6", @@ -8805,7 +8805,7 @@ "name": "UserIdentityV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserIdentity", @@ -8917,7 +8917,7 @@ "name": "ProcessRollup2V16" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -9020,7 +9020,7 @@ "name": "RansomwareOpenFileV4" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "RansomwareOpenFile", @@ -9152,7 +9152,7 @@ "name": "EndOfProcessV14" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "EndOfProcess", @@ -9245,7 +9245,7 @@ "name": "OoxmlFileWrittenV11" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "OoxmlFileWritten", @@ -9331,7 +9331,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP6", @@ -9424,7 +9424,7 @@ "name": "AsepFileChangeMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "AsepFileChange", @@ -9507,7 +9507,7 @@ "name": "UserLogonFailedV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserLogonFailed", @@ -9600,7 +9600,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkConnectIP6", @@ -9690,7 +9690,7 @@ "name": "NewExecutableRenamedMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NewExecutableRenamed", @@ -9778,7 +9778,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP6", @@ -9860,7 +9860,7 @@ "name": "SuspiciousDnsRequestV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousDnsRequest", @@ -9942,7 +9942,7 @@ "name": "FsVolumeMountedV6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FsVolumeMounted", @@ -10018,7 +10018,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "NetworkListenIP4", @@ -10108,7 +10108,7 @@ "name": "HostedServiceStartedV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "HostedServiceStarted", @@ -10184,7 +10184,7 @@ "name": "HostedServiceStoppedV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "HostedServiceStopped", @@ -10262,7 +10262,7 @@ "name": "PdfFileWrittenV11" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "PdfFileWritten", @@ -10360,7 +10360,7 @@ "name": "ProcessRollup2V18" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ProcessRollup2", @@ -10452,7 +10452,7 @@ "name": "UserIdentityMacV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserIdentity", @@ -10533,7 +10533,7 @@ "name": "HostInfoV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "HostInfo", @@ -10607,7 +10607,7 @@ "name": "GenericFileWrittenV11" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "GenericFileWritten", @@ -10686,7 +10686,7 @@ "name": "FsVolumeUnmountedV2" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FsVolumeUnmounted", @@ -10755,7 +10755,7 @@ "name": "FirewallDisabledMacV1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "FirewallDisabled", @@ -10833,7 +10833,7 @@ "cid": "ffffffff30a3407dae27d0503611022ff" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "created": "2021-11-09T05:47:19.952Z", @@ -10908,7 +10908,7 @@ "name": "UserLogoffV3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UserLogoff", diff --git a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml index 3d80e8e117e..07b1c8e861e 100644 --- a/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml +++ b/packages/crowdstrike/data_stream/fdr/elasticsearch/ingest_pipeline/default.yml @@ -77,7 +77,7 @@ processors: ## ECS fields. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' ## Categorization. - script: diff --git a/packages/crowdstrike/docs/README.md b/packages/crowdstrike/docs/README.md index 8b672a29c1d..b89d9c6f912 100644 --- a/packages/crowdstrike/docs/README.md +++ b/packages/crowdstrike/docs/README.md @@ -186,7 +186,7 @@ Contains endpoint data and CrowdStrike Falcon platform audit data forwarded from | log.flags | Flags for the log file. | keyword | | log.offset | Offset of the entry in the log file. | long | | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | | process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword | | process.command_line | Full command line that started the process, including the absolute path to the executable, and all arguments. Some arguments may be filtered to protect sensitive information. | wildcard | @@ -815,7 +815,7 @@ and/or `session_token`. | log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | | log.offset | | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | | observer.address | | keyword | @@ -831,7 +831,7 @@ and/or `session_token`. | observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | | observer.vendor | Vendor name of the observer. | keyword | | observer.version | Observer version. | keyword | -| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. One of these following values should be used (lowercase): linux, macos, unix, windows. If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | | os.version | Operating system version as a raw string. | keyword | | process.args | Array of process arguments, starting with the absolute path to the executable. May be filtered to protect sensitive information. | keyword | | process.args_count | Length of the process.args array. This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. | long | diff --git a/packages/crowdstrike/manifest.yml b/packages/crowdstrike/manifest.yml index bf7665eb848..de25f3a19b5 100644 --- a/packages/crowdstrike/manifest.yml +++ b/packages/crowdstrike/manifest.yml @@ -1,6 +1,6 @@ name: crowdstrike title: CrowdStrike -version: "1.4.2" +version: "1.5.0" description: Collect logs from Crowdstrike with Elastic Agent. type: integration format_version: 1.0.0 diff --git a/packages/cyberarkpas/_dev/build/build.yml b/packages/cyberarkpas/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/cyberarkpas/_dev/build/build.yml +++ b/packages/cyberarkpas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/cyberarkpas/changelog.yml b/packages/cyberarkpas/changelog.yml index e3e8370b490..4ac375067b9 100644 --- a/packages/cyberarkpas/changelog.yml +++ b/packages/cyberarkpas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3843 - version: "2.5.1" changes: - description: Update package name and description to align with standard wording diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json index d3217e4c782..a9e6abae195 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-105-add-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", @@ -357,7 +357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json index c12dc11be9b..c301bc732e7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-106-update-file-category.log-expected.json @@ -25,7 +25,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", @@ -87,7 +87,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", @@ -154,7 +154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", @@ -222,7 +222,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", @@ -290,7 +290,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", @@ -358,7 +358,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json index 5b20d475efc..42d1b2a59a6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-107-delete-file-category.log-expected.json @@ -26,7 +26,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file category", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json index faa8e095f22..3826c3daa45 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-124-rename-file.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rename file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json index 208fadd25e3..01741bab81e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-125-rename-file-cont.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rename file (cont.)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json index bf18f69310c..b1defe5824c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-126-unlock-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "unlock file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json index f631e85f9f9..8397e92b3aa 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-130-cpm-disable-password.log-expected.json @@ -43,7 +43,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm disable password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json index 635db375ed7..244c1c80fb8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-178-get-user-s-details.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "get user's details", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json index 0f09955bc8c..a79cdfc23fa 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-180-add-user.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -95,7 +95,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -251,7 +251,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -329,7 +329,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -407,7 +407,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -485,7 +485,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -564,7 +564,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -643,7 +643,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -722,7 +722,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -801,7 +801,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", @@ -880,7 +880,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add user", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json index 52f81b73f07..3a2f437a196 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-181-update-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json index d9b41e3d9b1..7fcb8f3e404 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-185-add-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add safe", @@ -80,7 +80,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json index 9e97d41be58..5e3a73a8c81 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-187-add-folder.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add folder", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add folder", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json index 5cfbd294def..dba0e2cd0a7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-19-full-gateway-connection.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -107,7 +107,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -289,7 +289,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -370,7 +370,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -462,7 +462,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -554,7 +554,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "full gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json index 56f46de95c5..f5fc5d89bfe 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-20-partial-gateway-connection.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "partial gateway connection", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json index f41912cc827..67e54f72933 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-202-old-backup-files-deletion-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "old backup files deletion start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json index 309b355b103..2b1de73353e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-203-old-backup-files-deletion-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "old backup files deletion end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json index 2328a2430af..1566f423703 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-22-cpm-verify-password.log-expected.json @@ -44,7 +44,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json index 94967574f35..162709b750f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-23-action-on-closed-safe.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "action on closed safe", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "action on closed safe", @@ -136,7 +136,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "action on closed safe", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json index 83aa70b493e..a48bd2b77b0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-24-cpm-change-password.log-expected.json @@ -42,7 +42,7 @@ "domain": "radiussrv.cyberark.local" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm change password", @@ -136,7 +136,7 @@ "domain": "components" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm change password", @@ -239,7 +239,7 @@ "domain": "components" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm change password", @@ -343,7 +343,7 @@ "domain": "components" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm change password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json index 33df36321e4..2a7aa7cf2a7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-259-add-update-group.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add/update group", @@ -79,7 +79,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add/update group", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add/update group", @@ -203,7 +203,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add/update group", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json index 86551b4ecb9..ca82c2fe529 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-265-add-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -144,7 +144,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -207,7 +207,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -333,7 +333,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -396,7 +396,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -459,7 +459,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -522,7 +522,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -586,7 +586,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -650,7 +650,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -714,7 +714,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -778,7 +778,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", @@ -842,7 +842,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json index 079f26f7d96..6743ee6780c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-266-remove-group-member.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "remove group member", @@ -81,7 +81,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "remove group member", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json index 7cd1ca4e14f..3ee623c1004 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-273-remove-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "remove owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json index 1cec2bb60b3..e1bb3b2ae78 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-278-add-rule.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add rule", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json index 6e902607348..52233d537f1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-288-auto-clear-users-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear users history start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear users history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json index bbf8294c3f3..1d3d8021b09 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-289-auto-clear-users-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear users history end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear users history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json index 7527b5840a9..11d94cded11 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-290-auto-clear-safes-history-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear safes history start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json index ba2d8aaa9f1..7091d048ad4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-291-auto-clear-safes-history-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "auto clear safes history end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json index a1b44921ad0..2bd065b3e51 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-294-store-password.log-expected.json @@ -28,7 +28,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -90,7 +90,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -239,7 +239,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -296,7 +296,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -362,7 +362,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -449,7 +449,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -517,7 +517,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -596,7 +596,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", @@ -674,7 +674,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json index 002f583b88c..af6d7f96042 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-295-retrieve-password.log-expected.json @@ -36,7 +36,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -134,7 +134,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -219,7 +219,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -324,7 +324,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -410,7 +410,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -510,7 +510,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -600,7 +600,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -694,7 +694,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -803,7 +803,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -889,7 +889,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -979,7 +979,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -1073,7 +1073,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", @@ -1169,7 +1169,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json index 22dd021c11d..252cfb68ff4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-300-psm-connect.log-expected.json @@ -47,7 +47,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -153,7 +153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -270,7 +270,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -387,7 +387,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -504,7 +504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -621,7 +621,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -738,7 +738,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -861,7 +861,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -992,7 +992,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1121,7 +1121,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1250,7 +1250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1379,7 +1379,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1504,7 +1504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1629,7 +1629,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1763,7 +1763,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -1897,7 +1897,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", @@ -2031,7 +2031,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm connect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json index 4eb345bb130..1ec873ae3c1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-302-psm-disconnect.log-expected.json @@ -48,7 +48,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -156,7 +156,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -275,7 +275,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -394,7 +394,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -632,7 +632,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -751,7 +751,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -876,7 +876,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1009,7 +1009,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1140,7 +1140,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1271,7 +1271,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1402,7 +1402,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1529,7 +1529,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1656,7 +1656,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1792,7 +1792,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", @@ -1928,7 +1928,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm disconnect", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json index 4daadef5e2a..32baa53d33d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-304-psm-upload-recording.log-expected.json @@ -31,7 +31,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "psm upload recording", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json index 5dd332f4fbb..78c99e247ad 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-308-use-password.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -244,7 +244,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -351,7 +351,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -458,7 +458,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -672,7 +672,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -784,7 +784,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -902,7 +902,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -1025,7 +1025,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", @@ -1148,7 +1148,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "use password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json index 49876f226a4..0f94b53ec3b 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-309-undefined-user-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", @@ -95,7 +95,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", @@ -254,7 +254,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", @@ -338,7 +338,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json index 4ec2672c71d..fbf0af032f8 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-31-cpm-reconcile-password.log-expected.json @@ -44,7 +44,7 @@ "domain": "dbserver.cyberark.local" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json index 0831bd40b2b..b08a5c03ade 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-310-monitor-dr-replication-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor dr replication start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor dr replication start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json index 348d0b0eee2..f00aca8dff0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-311-monitor-dr-replication-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor dr replication end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor dr replication end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json index d19d3d41da0..a5ca3d6f147 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-316-reset-user-password-detailed-information.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "reset user password detailed information", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json index 856bfd57cf4..14e8b03e4e3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-317-reset-user-password.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "reset user password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json index 55fd5b6e78e..d5a69f4a66f 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-32-add-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -179,7 +179,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -260,7 +260,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -422,7 +422,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -503,7 +503,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -584,7 +584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -665,7 +665,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -746,7 +746,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -827,7 +827,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -908,7 +908,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -989,7 +989,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -1070,7 +1070,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -1151,7 +1151,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json index ecaaaf4717a..519bd37a273 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-326-cpm-auto-detection-start.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm auto-detection start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json index f01a69ae35f..98897757ae3 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-327-cpm-auto-detection-end.log-expected.json @@ -25,7 +25,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm auto-detection end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json index 9da5974678a..cd29db3b91e 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-33-update-owner.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -99,7 +99,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -180,7 +180,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -261,7 +261,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -342,7 +342,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -423,7 +423,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", @@ -505,7 +505,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update owner", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json index c5f179c10ad..4e8235d4901 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-355-monitor-license-expiration-date-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor license expiration date start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json index 29730eb6e96..a31ac735615 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-356-monitor-license-expiration-date-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor license expiration date end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json index 81a6535679f..42d7542c9b1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-357-monitor-fw-rules-start.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor fw rules start", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor fw rules start", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json index 855b02fd795..93c4fd309a9 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-358-monitor-fw-rules-end.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor fw rules end", @@ -66,7 +66,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "monitor fw rules end", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json index 28212cd12f9..00cfa39870d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-359-sql-command.log-expected.json @@ -58,7 +58,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -530,7 +530,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -648,7 +648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -766,7 +766,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -884,7 +884,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -1002,7 +1002,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", @@ -1120,7 +1120,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sql command", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json index dccd5fe3523..40154cdc68a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-361-keystroke-logging.log-expected.json @@ -50,7 +50,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -164,7 +164,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -295,7 +295,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -426,7 +426,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -557,7 +557,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -693,7 +693,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", @@ -829,7 +829,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json index 67a428a4325..44e1d053978 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-38-cpm-verify-password-failed.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -176,7 +176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -294,7 +294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -413,7 +413,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -532,7 +532,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -640,7 +640,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -749,7 +749,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -858,7 +858,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -967,7 +967,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1076,7 +1076,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1188,7 +1188,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1300,7 +1300,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1412,7 +1412,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1527,7 +1527,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", @@ -1646,7 +1646,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json index ca15df48bb9..7fb7461c54c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-385-blservice-audit-record.log-expected.json @@ -23,7 +23,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blservice audit record", @@ -86,7 +86,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blservice audit record", @@ -149,7 +149,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blservice audit record", @@ -212,7 +212,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blservice audit record", @@ -275,7 +275,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "blservice audit record", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json index 6a0f963d7ea..f86e0e151dc 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-4-user-authentication.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", @@ -96,7 +96,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_failure", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json index abe2943d6a0..3894b8e7cbe 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-411-window-title.log-expected.json @@ -56,7 +56,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "window title", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json index 9b34947dc5a..116d5c6c2d1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-412-keystroke-logging.log-expected.json @@ -57,7 +57,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "keystroke logging", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json index 8b05f1d0c44..fe559c1becf 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-414-cpm-verify-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm verify ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json index 4e9b88a3712..5aa17213a8c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-427-store-ssh-key.log-expected.json @@ -24,7 +24,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json index c4b02747301..34da2398fc7 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-428-retrieve-ssh-key.log-expected.json @@ -53,7 +53,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve ssh key", @@ -172,7 +172,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve ssh key", @@ -287,7 +287,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve ssh key", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json index 6297a840c20..56b12dde662 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-449-create-discovery-succeeded.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create discovery succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json index 0b157073817..af6c0c6a6c6 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-459-general-audit.log-expected.json @@ -42,7 +42,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "general audit", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "general audit", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "general audit", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json index 70e15d8ed2f..205ba63b166 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-467-the-component-public-key-for-jwt-authentication-was-updated.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "the component public key for jwt authentication was updated", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json index 01fb4295e29..68086e9785a 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-479-security-warning-the-signature-hash-algorithm-of-the-vault-certificate-is-sha1.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", @@ -67,7 +67,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security warning - the signature hash algorithm of the vault certificate is sha1.", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json index 289308600ee..2d8d3c2a173 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-482-update-existing-add-account-bulk-operation-succeeded.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "update existing add account bulk operation succeeded", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json index 655233c53e7..11855876a99 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-50-store-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", @@ -198,7 +198,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", @@ -265,7 +265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", @@ -337,7 +337,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "store file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json index ed754240da0..43ce81225e4 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-51-retrieve-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve file", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve file", @@ -137,7 +137,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json index afa06aa76e9..17e6461b245 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-52-delete-file.log-expected.json @@ -31,7 +31,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -106,7 +106,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -167,7 +167,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -225,7 +225,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -301,7 +301,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -372,7 +372,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -445,7 +445,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -518,7 +518,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -595,7 +595,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", @@ -672,7 +672,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json index 4eb506a6d20..f27d24ded04 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-57-cpm-change-password-failed.log-expected.json @@ -54,7 +54,7 @@ "domain": "rhel7.cybr.com" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm change password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json index e052eeb846c..43110ded512 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-59-clear-safe-history.log-expected.json @@ -17,7 +17,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "clear safe history", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "clear safe history", @@ -116,7 +116,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "clear safe history", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json index 4538af9b9ec..0ddffd4f496 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-60-cpm-reconcile-password-failed.log-expected.json @@ -54,7 +54,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -172,7 +172,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -288,7 +288,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -406,7 +406,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -524,7 +524,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -641,7 +641,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -760,7 +760,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -877,7 +877,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", @@ -997,7 +997,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cpm reconcile password failed", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json index 6712dda627d..62cf8291b7d 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-62-create-file-version.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -84,7 +84,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -216,7 +216,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -283,7 +283,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -341,7 +341,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -413,7 +413,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", @@ -474,7 +474,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create file version", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json index 36986152d71..a5c31739592 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-7-logon.log-expected.json @@ -21,7 +21,7 @@ "ip": "10.2.0.3" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -417,7 +417,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -492,7 +492,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -576,7 +576,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -655,7 +655,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -730,7 +730,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -805,7 +805,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json index 265c13bcdbc..e7169fc0500 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-8-logoff.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -148,7 +148,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -214,7 +214,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -280,7 +280,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -346,7 +346,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -412,7 +412,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -487,7 +487,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -562,7 +562,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -637,7 +637,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -727,7 +727,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -812,7 +812,7 @@ "ip": "67.43.156.13" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -959,7 +959,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", @@ -1049,7 +1049,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logoff", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json index 2c2a7eb9ef3..6a09a4b7008 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-88-set-password.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -68,7 +68,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -118,7 +118,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -165,7 +165,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -217,7 +217,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -269,7 +269,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -330,7 +330,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -391,7 +391,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -452,7 +452,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -513,7 +513,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -574,7 +574,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -635,7 +635,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -697,7 +697,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -759,7 +759,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -821,7 +821,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -883,7 +883,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -945,7 +945,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", @@ -1007,7 +1007,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "set password", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json index 1fa37156028..2bb8aa594e1 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-98-open-file-write-only.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "open file (write only)", @@ -75,7 +75,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "open file (write only)", @@ -141,7 +141,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "open file (write only)", @@ -213,7 +213,7 @@ "ip": "10.0.1.20" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "open file (write only)", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json index ae170815f81..8a60664d4e0 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-99-open-file.log-expected.json @@ -18,7 +18,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "open file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json index 2f8438b0884..72cb42efe91 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-legacysyslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve file", diff --git a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json index caf0d3c726c..c9659ded41c 100644 --- a/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json +++ b/packages/cyberarkpas/data_stream/audit/_dev/test/pipeline/test-rfc5424syslog.log-expected.json @@ -16,7 +16,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -82,7 +82,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", @@ -150,7 +150,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "retrieve file", @@ -205,7 +205,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "authentication_success", diff --git a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 18cfd4eb989..6ef36b3b734 100644 --- a/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/cyberarkpas/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: # - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # # Set event.original from message, unless reindexing. diff --git a/packages/cyberarkpas/docs/README.md b/packages/cyberarkpas/docs/README.md index bf010d475e8..8cc10ed7c8a 100644 --- a/packages/cyberarkpas/docs/README.md +++ b/packages/cyberarkpas/docs/README.md @@ -263,7 +263,7 @@ An example event for `audit` looks as following: | log.source.address | Source address from which the log event was read / sent from. | keyword | | log.syslog.priority | Syslog numeric priority of the event, if available. According to RFCs 5424 and 3164, the priority is 8 \* facility + severity. This number is therefore expected to contain a value between 0 and 191. | long | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | observer.hostname | Hostname of the observer. | keyword | | observer.product | The product name of the observer. | keyword | | observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | diff --git a/packages/cyberarkpas/manifest.yml b/packages/cyberarkpas/manifest.yml index 7d3e3d94c9d..b06d3acc45c 100644 --- a/packages/cyberarkpas/manifest.yml +++ b/packages/cyberarkpas/manifest.yml @@ -1,6 +1,6 @@ name: cyberarkpas title: CyberArk Privileged Access Security -version: 2.5.1 +version: 2.6.0 release: ga description: Collect logs from CyberArk Privileged Access Security with Elastic Agent. type: integration