Skip to content

Update ECS to 8.4.0 part 3 #3843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
leehinman merged 36 commits into from
Jul 29, 2022
Merged

Update ECS to 8.4.0 part 3 #3843

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
2b434d4
Update ECS version for cisco_meraki
leehinman Jul 27, 2022
851d2f3
Update ECS version for cisco_nexus
leehinman Jul 27, 2022
4abb356
Update ECS version for cisco_secure_email_gateway
leehinman Jul 27, 2022
d7cde24
Update ECS version for cisco_secure_endpoint
leehinman Jul 27, 2022
664e9f7
Update ECS version for cisco_umbrella
leehinman Jul 27, 2022
7ae3655
Update ECS version for citrix_waf
leehinman Jul 27, 2022
f6c0f02
Update ECS version for cloudflare
leehinman Jul 27, 2022
2da3348
Update ECS version for crowdstrike
leehinman Jul 27, 2022
9ecaeff
Update ECS version for cyberark
leehinman Jul 27, 2022
90c2376
Update ECS version for cyberarkpas
leehinman Jul 27, 2022
a5ae1e0
Updated Changelog and Manifests for cisco_meraki
leehinman Jul 27, 2022
0fa0c7a
Updated Changelog and Manifests for cisco_nexus
leehinman Jul 27, 2022
f0e2e82
Updated Changelog and Manifests for cisco_secure_email_gateway
leehinman Jul 27, 2022
f6e41b7
Updated Changelog and Manifests for cisco_secure_endpoint
leehinman Jul 27, 2022
391b84c
Updated Changelog and Manifests for cisco_umbrella
leehinman Jul 27, 2022
c83d092
Updated Changelog and Manifests for citrix_waf
leehinman Jul 27, 2022
461a85c
Updated Changelog and Manifests for cloudflare
leehinman Jul 27, 2022
6a5d808
Updated Changelog and Manifests for crowdstrike
leehinman Jul 27, 2022
5d812dc
Updated Changelog and Manifests for cyberark
leehinman Jul 27, 2022
3a2bdeb
Updated Changelog and Manifests for cyberarkpas
leehinman Jul 27, 2022
7afbb80
Updated pipeline tests for cisco_meraki
leehinman Jul 27, 2022
5826c34
Updated pipeline tests for cisco_nexus
leehinman Jul 27, 2022
6724a1a
Updated pipeline tests for cisco_secure_email_gateway
leehinman Jul 27, 2022
9fe93d7
Updated pipeline tests for cisco_secure_endpoint
leehinman Jul 27, 2022
b1f8071
Updated pipeline tests for cisco_umbrella
leehinman Jul 27, 2022
634f69b
Updated pipeline tests for citrix_waf
leehinman Jul 27, 2022
9cc02a6
Updated pipeline tests for cloudflare
leehinman Jul 27, 2022
10552d1
Updated pipeline tests for crowdstrike
leehinman Jul 27, 2022
a1e3168
Updated pipeline tests for cyberark
leehinman Jul 27, 2022
97f8814
Updated pipeline tests for cyberarkpas
leehinman Jul 27, 2022
0af7d79
Revert "Updated pipeline tests for cisco_meraki"
leehinman Jul 27, 2022
244c5dc
Revert "Updated Changelog and Manifests for cisco_meraki"
leehinman Jul 27, 2022
c574b72
Revert "Update ECS version for cisco_meraki"
leehinman Jul 27, 2022
259f686
Revert "Updated pipeline tests for cyberark"
leehinman Jul 29, 2022
9b81bde
Revert "Updated Changelog and Manifests for cyberark"
leehinman Jul 29, 2022
dbb166a
Revert "Update ECS version for cyberark"
leehinman Jul 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/cisco_nexus/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.3.0
reference: git@v8.4.0-rc1
5 changes: 5 additions & 0 deletions packages/cisco_nexus/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.7.0"
changes:
- description: Update package to ECS 8.4.0
type: enhancement
link: https://github.com/elastic/integrations/pull/3843
- version: "0.6.0"
changes:
- description: Update package to ECS 8.3.0.
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"expected": [
{
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"message": "2012 Dec 18 14:51:08 Nexus5010-B %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user en from 2.2.2.1 - login",
"tags": [
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_nexus/data_stream/log/elasticsearch/ingest_pipeline/default.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ description: Pipeline for Cisco Nexus
processors:
- set:
field: ecs.version
value: '8.3.0'
value: '8.4.0'
# User agent
- user_agent:
field: user_agent.original
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_nexus/docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ An example event for `log` looks as following:
| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text |
| network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword |
| network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long |
| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword |
| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword |
| network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip |
| network.interface.name | | keyword |
| network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long |
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_nexus/manifest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
format_version: 1.0.0
name: cisco_nexus
title: Cisco Nexus
version: "0.6.0"
version: "0.7.0"
license: basic
description: Collect logs from Cisco Nexus with Elastic Agent.
type: integration
Expand Down
2 changes: 1 addition & 1 deletion packages/cisco_secure_email_gateway/_dev/build/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
dependencies:
ecs:
reference: git@v8.3.0
reference: git@v8.4.0-rc1
5 changes: 5 additions & 0 deletions packages/cisco_secure_email_gateway/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
# newer versions go on top
- version: "0.3.0"
changes:
- description: Update package to ECS 8.4.0
type: enhancement
link: https://github.com/elastic/integrations/pull/3843
- version: "0.2.1"
changes:
- description: Improve SSL config description and example.
Expand Down
14 changes: 7 additions & 7 deletions ...secure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-amp.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -54,7 +54,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -108,7 +108,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -149,7 +149,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -202,7 +202,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -248,7 +248,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down Expand Up @@ -295,7 +295,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"attachments": {
Expand Down
6 changes: 3 additions & 3 deletions ..._email_gateway/data_stream/log/_dev/test/pipeline/test-common-anti-spam.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -45,7 +45,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -77,7 +77,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down
4 changes: 2 additions & 2 deletions ...teway/data_stream/log/_dev/test/pipeline/test-common-consolidated-event.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"direction": "inbound",
Expand Down Expand Up @@ -162,7 +162,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"direction": "inbound",
Expand Down
4 changes: 2 additions & 2 deletions ..._gateway/data_stream/log/_dev/test/pipeline/test-common-content-scanner.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -46,7 +46,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down
8 changes: 4 additions & 4 deletions ...cure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-error.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -43,7 +43,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"subject": "'Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...': Unrecoverable error",
Expand Down Expand Up @@ -83,7 +83,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"subject": "Warning \u003cSystem\u003e example.com: Your \"IronPort Email Encryption\" key will expire in under 60...",
Expand Down Expand Up @@ -119,7 +119,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"subject": "'Critical \u003cSystem\u003e example.com: Log Error: Subscription error_logs: Failed to connect to 10....' (attempt #0)",
Expand Down
22 changes: 11 additions & 11 deletions ...re_email_gateway/data_stream/log/_dev/test/pipeline/test-common-gui-log.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"ip": "1.128.3.4"
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -87,7 +87,7 @@
"ip": "1.128.3.4"
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -140,7 +140,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -183,7 +183,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"category": [
Expand Down Expand Up @@ -226,7 +226,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -265,7 +265,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -308,7 +308,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -337,7 +337,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -366,7 +366,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -404,7 +404,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -442,7 +442,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down
2 changes: 1 addition & 1 deletion ...ure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-status.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"email": {
"message_id": "0"
Expand Down
10 changes: 5 additions & 5 deletions ...ure_email_gateway/data_stream/log/_dev/test/pipeline/test-common-system.log-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -56,7 +56,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -85,7 +85,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -114,7 +114,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down Expand Up @@ -143,7 +143,7 @@
}
},
"ecs": {
"version": "8.3.0"
"version": "8.4.0"
},
"event": {
"kind": "event",
Expand Down
Loading