diff --git a/packages/juniper_netscreen/_dev/build/build.yml b/packages/juniper_netscreen/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/juniper_netscreen/_dev/build/build.yml +++ b/packages/juniper_netscreen/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/juniper_netscreen/changelog.yml b/packages/juniper_netscreen/changelog.yml index 35cfb24cfba..dc1a3b59df0 100644 --- a/packages/juniper_netscreen/changelog.yml +++ b/packages/juniper_netscreen/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "0.3.1" changes: - description: Add documentation link to juniper documentation diff --git a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json index 86ee750bcfe..2a89fa3b7c7 100644 --- a/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/juniper_netscreen/data_stream/log/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "modtempo: NetScreen device_id=olab system-low-00628(rci): audit log queue Event Alarm Log is overwritten (2016-1-29 06:09:59)", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "luptat: NetScreen device_id=isiutal [moenimi]system-low-00620(gnaali): RTSYNC: Timer to purge the DRP backup routes is stopped. (2016-2-12 13:12:33)", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "deomni: NetScreen device_id=tquovol [ntsuntin]system-medium-00062(tatno): Track IP IP address 10.159.227.210 succeeded. (ofdeF)", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "untutlab: NetScreen device_id=tem [ons]system-medium-00004: DNS lookup time has been changed to start at ationu:ali with an interval of nsect", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "eve: NetScreen device_id=tatiset [eprehen]system-medium-00034(piscing): Ethernet driver ran out of rx bd (port 1044)", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "eomnisis: NetScreen device_id=mqui [civeli]system-high-00026: SCS: SCS has been tasuntex for enp0s5377 .", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "rehender: NetScreen device_id=eporroqu [uat]system-high-00026(atquovo): SSH: Maximum number of PKA keys (suntinc) has been bound to user 'xeac' Key not bound. (Key ID nidolo)", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "intoccae: NetScreen device_id=ents [pida]system-low-00535(idolor): PKCS #7 data cannot be decapsulated", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "numqu: NetScreen device_id=qui [No Name]system-medium-00520: Active Server Switchover: New requests for equi server will try agnaali from now on. (2016-5-22 14:30:33)", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ipitla: NetScreen device_id=quae [maccusa]system-high-00072(rQuisau): NSRP: Unit idex of VSD group xerci aqu", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "atu: NetScreen device_id=umexerci [ern]system-low-00084(iadese): RTSYNC: NSRP route synchronization is nsectet", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "dol: NetScreen device_id=leumiu [namali]system-medium-00527(atevel): MAC address 01:00:5e:11:0a:26 has detected an IP conflict and has declined address 10.90.127.74", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "acc: NetScreen device_id=amc [atur]system-low-00050(corp): Track IP enabled (2016-7-18 18:40:50)", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "tper: NetScreen device_id=olor [Neque]system-medium-00524(xerc): SNMP request from an unknown SNMP community public at 10.61.30.190:2509 has been received. (2016-8-2 01:43:25)", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "etdol: NetScreen device_id=uela [boN]system-medium-00521: Can't connect to E-mail server 10.210.240.175", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ati: NetScreen device_id=tlabo [uames]system-medium-00553(mpo): SCAN-MGR: Set maximum content size to offi.", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "umwr: NetScreen device_id=oluptate [issus]system-high-00005(uaUteni): SYN flood udantium has been changed to pre", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "tate: NetScreen device_id=imvenia [spi]system-high-00038(etdo): OSPF routing instance in vrouter urerepr is ese", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "smo: NetScreen device_id=etcons [iusmodi]system-medium-00012: ate Service group uiac has epte member idolo from host 10.170.139.87", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ersp: NetScreen device_id=tquov [diconseq]system-high-00551(mod): Rapid Deployment cannot start because gateway has undergone configuration changes. (2016-10-26 19:58:50)", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "mquame: NetScreen device_id=nihilmol [xercita]system-medium-00071(tiumt): The local device reetdolo in the Virtual Security Device group norum changed state", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "isnisi: NetScreen device_id=ritatise [uamei]system-medium-00057(quatur): uisa: static multicast route src=10.198.41.214, grp=cusant input ifp = lo2786 output ifp = eth3657 added", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "isis: NetScreen device_id=uasiar [utlab]system-high-00075(loremqu): The local device dantium in the Virtual Security Device group lor velillu", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "bor: NetScreen device_id=rauto [ationev]system-low-00039(mdol): BGP instance name created for vr itation", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "iaeco: NetScreen device_id=equaturv [siu]system-high-00262(veniamqu): Admin user rum has been rejected via the quaea server at 10.11.251.51", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "orroq: NetScreen device_id=vitaedic [orin]system-high-00038(ons): OSPF routing instance in vrouter remagn ecillu", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "enderit: NetScreen device_id=taut [tanimi]system-medium-00515(commodi): emporain Admin User \"ntiumto\" logged in for umetMalo(https) management (port 2206) from 10.80.237.27:2883", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ori: NetScreen device_id=tconsect [rum]system-high-00073(eporroq): NSRP: Unit ulla of VSD group iqu oin", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "mipsum: NetScreen device_id=lmo [aliquamq]system-medium-00030: X509 certificate for ScreenOS image authentication is invalid", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "orroqu: NetScreen device_id=elitsed [labore]system-medium-00034(erc): PPPoE Settings changed", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ntNe: NetScreen device_id=itanim [nesciun]system-medium-00612: Switch event: the status of ethernet port mollita changed to link down , duplex full , speed 10 M. (2017-4-2 01:27:07)", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "quide: NetScreen device_id=quaU [undeomni]system-medium-00077(acomm): NSRP: local unit= iutali of VSD group itat stlaboru", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "emq: NetScreen device_id=plicaboN [amc]system-high-00536(acommo): IKE 10.10.77.119: Dropped packet because remote gateway OK is not used in any VPN tunnel configurations", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "scivel: NetScreen device_id=henderi [iusmodt]system-medium-00536(tquas): IKE 10.200.22.41: Received incorrect ID payload: IP address lorinr instead of IP address ercita", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "equu: NetScreen device_id=sintoc [atae]system-medium-00203(tem): mestq lsa flood on interface eth82 has dropped a packet.", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "iqui: NetScreen device_id=tesseci [tat]system-high-00011(cive): The virtual router nse has been made unsharable", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "rroqui: NetScreen device_id=ursin [utemvel]system-medium-00002: ADMIN AUTH: Privilege requested for unknown user atu. Possible HA syncronization problem.", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "orumSe: NetScreen device_id=dolor [isiut]system-high-00206(emagn): OSPF instance with router-id emulla received a Hello packet flood from neighbor (IP address 10.219.1.151, router ID mnihilm) on Interface enp0s3375 forcing the interface to drop the packet.", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "eque: NetScreen device_id=eufug [est]system-medium-00075: The local device ntincul in the Virtual Security Device group reet tquo", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "imadmini: NetScreen device_id=ide [edq]system-medium-00026(tise): SSH: Attempt to unbind PKA key from admin user 'ntut' (Key ID emullam)", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ihilmole: NetScreen device_id=saquaea [ons]system-high-00048(quas): Route map entry with sequence number gia in route map binck-ospf in virtual router itatio was porinc (2017-8-22 23:52:50)", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "orum: NetScreen device_id=oinBCSed [orem]system-medium-00050(ilm): Track IP enabled (2017-9-6 06:55:24)", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ncididun: NetScreen device_id=hen [periamea]system-medium-00555: Vrouter ali PIMSM cannot process non-multicast address 10.158.18.51", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "umwri: NetScreen device_id=odoc [atura]system-high-00030: SYSTEM CPU utilization is high (oreeu \u003e nvo ) iamqui times in tassita minute (2017-10-4 21:00:32)\u003c\u003ccolabori\u003e", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "inc: NetScreen device_id=tect [uiad]system-low-00003: The console debug buffer has been roinBCSe", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "nseq: NetScreen device_id=borumSec [tatemseq]system-medium-00026(dmi): SCS has been tam for eth7686 .", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "uiineavo: NetScreen device_id=sistena [uidexeac]system-high-00620(amquisno): RTSYNC: Event posted to send all the DRP routes to backup device. (2017-11-16 18:08:15)", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "sunt: NetScreen device_id=dquianon [urExc]system-high-00025(iamqui): PKI: The current device quide to save the certificate authority configuration.", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "etdol: NetScreen device_id=Sed [oremeumf]system-high-00076: The local device etur in the Virtual Security Device group fugiatn enima", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "giatquo: NetScreen device_id=lors [its]system-low-00524: SNMP request from an unknown SNMP community public at 10.46.217.155:76 has been received. (2017-12-29 15:15:58)", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "magnaa: NetScreen device_id=sumquiad [No Name]system-high-00628: audit log queue Event Log is overwritten (2018-1-12 22:18:32)", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "tnulapa: NetScreen device_id=madmi [No Name]system-high-00628(adeser): audit log queue Event Log is overwritten (2018-1-27 05:21:06)", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "laboree: NetScreen device_id=udantiu [itametco]system-high-00556(stiaecon): UF-MGR: usBono CPA server port changed to rumexe.", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "nturmag: NetScreen device_id=uredol [maliqua]system-medium-00058(mquia): PIMSM protocol configured on interface eth2266", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ueporroq: NetScreen device_id=ute [No Name]system-low-00625: Session (id tationu src-ip 10.142.21.251 dst-ip 10.154.16.147 dst port 6881) route is valid. (2018-3-11 02:28:49)", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "adipi: NetScreen device_id=mquis [ratvo]system-low-00042(isno): Replay packet detected on IPSec tunnel on enp0s1170 with tunnel ID nderiti! From 10.105.212.51 to 10.119.53.68/1783, giatqu (2018-3-25 09:31:24)", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "emvel: NetScreen device_id=pta [dolo]system-medium-00057(eacommod): uamqu: static multicast route src=10.174.2.175, grp=aparia input ifp = lo6813 output ifp = enp0s90 added", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "giat: NetScreen device_id=ttenb [eirure]system-high-00549(rem): add-route-\u003e untrust-vr: exer", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "lapari: NetScreen device_id=rcitat [cinge]system-high-00536(luptate): IKE gateway eritqu has been elites. pariat", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "accus: NetScreen device_id=CSed [tiu]system-low-00049(upta): The router-id of virtual router \"asper\" used by OSPF, BGP routing instances id has been uninitialized. (dictasun)", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "itanimi: NetScreen device_id=onoru [data]system-high-00064(eosqui): Can not create track-ip list", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "int: NetScreen device_id=ionevo [llitani]system-high-00541(itametco): The system killed OSPF neighbor because the current router could not see itself in the hello packet. Neighbor changed state from etcons to etco state, (neighbor router-id 1iuntN, ip-address 10.89.179.48). (2018-6-19 03:46:49)", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "mmodicon: NetScreen device_id=eetdo [mquisno]system-low-00017(lup): mipsamv From 10.57.108.5:5523 using protocol icmp on interface enp0s4987. The attack occurred 2282 times", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "inimve: NetScreen device_id=aea [emipsumd]system-low-00263(ptat): Admin user saq has been accepted via the asiarch server at 10.197.10.110", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "tlab: NetScreen device_id=vel [ionevo]system-high-00622: NHRP : NHRP instance in virtual router ptate is created. (2018-8-1 00:54:32)", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "qui: NetScreen device_id=caboN [imipsam]system-high-00528(catcupid): SSH: Admin user 'ritquiin' at host 10.59.51.171 requested unsupported authentication method texplica", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "udexerci: NetScreen device_id=uae [imveni]system-medium-00071(ptatemse): NSRP: Unit itationu of VSD group setquas nbyCi", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "isno: NetScreen device_id=luptatev [occaeca]system-high-00018(urau): aeca Policy (oNem, itaedict ) was eroi from host 10.80.103.229 by admin fugitsed (2018-9-12 22:02:15)", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "utlabore: NetScreen device_id=edquiano [mSecti]system-high-00207(tDuisaut): RIP database size limit exceeded for uel, RIP route dropped.", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "agn: NetScreen device_id=iqu [quamqua]system-high-00075: NSRP: Unit equeporr of VSD group amremap oremagna", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ntium: NetScreen device_id=ide [quunturm]system-low-00040(isautem): High watermark for early aging has been changed to the default usan", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "catcu: NetScreen device_id=quame [tionemu]system-low-00524(eursi): SNMP host 10.163.9.35 cannot be removed from community uatDu because failure", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "cteturad: NetScreen device_id=modi [No Name]system-low-00625(ecatcu): Session (id ntoccae src-ip 10.51.161.245 dst-ip 10.193.80.21 dst port 5657) route is valid. (2018-11-23 09:15:06)", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "chit: NetScreen device_id=iusmodit [lor]system-high-00524(adeserun): SNMP request has been received, but success", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "vento: NetScreen device_id=litsed [ciun]system-medium-00072: The local device inrepr in the Virtual Security Device group lla changed state", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "rissusci: NetScreen device_id=uaturQ [iusmod]system-medium-00533(mips): VIP server 10.41.222.7 is now responding", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "upta: NetScreen device_id=ivel [tmollita]system-low-00070(deFinib): NSRP: nsrp control channel change to lo4065", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ommodic: NetScreen device_id=mmodic [essequam]system-low-00040(nihi): VPN 'xeaco' from 10.134.20.213 is eavolupt (2019-2-2 20:27:57)", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ptasnul: NetScreen device_id=utaliqui [mcorpor]system-medium-00023(ostru): VIP/load balance server 10.110.144.189 cannot be contacted", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "luptatem: NetScreen device_id=ing [hen]system-medium-00034(umquid): SCS: SCS has been olabo for tasnu with conse existing PKA keys already bound to ruredolo SSH users.", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "iat: NetScreen device_id=orain [equaturQ]system-low-00554: SCAN-MGR: Attempted to load AV pattern file created quia after the AV subscription expired. (Exp: Exce)", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "dese: NetScreen device_id=ptasn [liqui]system-low-00541: ScreenOS invol serial # Loremips: Asset recovery has been cidun", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ole: NetScreen device_id=odi [tper]system-medium-00628(ectetur): audit log queue Event Log is overwritten (2019-4-15 07:40:49)", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "iadolo: NetScreen device_id=ecatcup [No Name]system-high-00628: audit log queue Traffic Log is overwritten (2019-4-29 14:43:23)", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "qui: NetScreen device_id=iaecon [dminima]system-high-00538(psaquaea): NACN failed to register to Policy Manager eabillo because of success", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "eosqu: NetScreen device_id=reetdolo [umquam]system-low-00075(enderi): The local device labore in the Virtual Security Device group uasiarch changed state from iamquisn to inoperable. (2019-5-28 04:48:31)", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "veleumi: NetScreen device_id=volupt [equ]system-high-00535(ure): SCEP_FAILURE message has been received from the CA", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "reseo: NetScreen device_id=entoreve [rudexer]system-medium-00026(iruredol): IKE iad: Missing heartbeats have exceeded the threshold. All Phase 1 and 2 SAs have been removed", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "ptate: NetScreen device_id=oloreeu [imipsa]system-high-00038: OSPF routing instance in vrouter uame taevitae", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "archi: NetScreen device_id=caboNe [ptate]system-high-00003(ius): Multiple authentication failures have been detected!", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "remap: NetScreen device_id=ntium [veniamqu]system-high-00529: DNS entries have been refreshed by HA", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "llumdo: NetScreen device_id=tot [itquii]system-high-00625(erspici): Session (id oreeu src-ip 10.126.150.15 dst-ip 10.185.50.112 dst port 7180) route is invalid. (2019-8-21 23:03:57)", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "quepo: NetScreen device_id=tDuisa [iscive]system-medium-00521: Can't connect to E-mail server 10.152.90.59", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "lorem: NetScreen device_id=icons [hende]system-low-00077(usBonor): HA link disconnect. Begin to use second path of HA", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "preh: NetScreen device_id=dol [No Name]system-low-00625: Session (id gnamal src-ip 10.119.181.171 dst-ip 10.166.144.66 dst port 3051) route is invalid. (2019-10-3 20:11:40)", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "avolup: NetScreen device_id=litse [archit]system-high-00041(untutlab): A route-map name in virtual router estqu has been removed", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "eddoeiu: NetScreen device_id=consect [eetdolo]system-medium-00038(remipsum): OSPF routing instance in vrouter ons emporin", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "texpl: NetScreen device_id=isquames [No Name]system-low-00021: DIP port-translation stickiness was atio by utla via ntm from host 10.96.165.147 to 10.96.218.99:277 (2019-11-15 17:19:22)", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "elaudant: NetScreen device_id=ratvolu [odte]system-medium-00021(eum): DIP port-translation stickiness was uidol by repr via idu from host 10.201.72.59 to 10.230.29.67:7478 (2019-11-30 00:21:57)", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "toc: NetScreen device_id=rau [sciuntN]system-low-00602: PIMSM Error in initializing interface state change", "tags": [ diff --git a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml index f14a2cebc8e..0598bf2e411 100644 --- a/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_netscreen/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Netscreen processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/juniper_netscreen/docs/README.md b/packages/juniper_netscreen/docs/README.md index 1dd31a6505c..4d463459751 100644 --- a/packages/juniper_netscreen/docs/README.md +++ b/packages/juniper_netscreen/docs/README.md @@ -175,7 +175,7 @@ An example event for `log` looks as following: | message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.interface.name | | keyword | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | diff --git a/packages/juniper_netscreen/manifest.yml b/packages/juniper_netscreen/manifest.yml index 92bde889f09..923caef65f5 100644 --- a/packages/juniper_netscreen/manifest.yml +++ b/packages/juniper_netscreen/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_netscreen title: Juniper NetScreen -version: "0.3.1" +version: "0.4.0" description: Collect logs from Juniper NetScreen with Elastic Agent. categories: ["network", "security"] release: experimental diff --git a/packages/juniper_srx/_dev/build/build.yml b/packages/juniper_srx/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/juniper_srx/_dev/build/build.yml +++ b/packages/juniper_srx/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/juniper_srx/changelog.yml b/packages/juniper_srx/changelog.yml index 907d6ab1d0e..b6b1f655458 100644 --- a/packages/juniper_srx/changelog.yml +++ b/packages/juniper_srx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.4.1" changes: - description: Improve TCP, SSL config description and example. diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json index dafb879a818..a3c472b1886 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-atp.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware_detected", @@ -105,7 +105,7 @@ { "@timestamp": "2016-09-20T17:43:30.330Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware_detected", @@ -168,7 +168,7 @@ { "@timestamp": "2016-09-20T17:40:30.050Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -246,7 +246,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json index a907d5fde1f..4174f181ff2 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-flow.log-expected.json @@ -30,7 +30,7 @@ "port": 10400 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -131,7 +131,7 @@ "port": 161 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_deny", @@ -225,7 +225,7 @@ "port": 2003 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_deny", @@ -337,7 +337,7 @@ "port": 902 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -463,7 +463,7 @@ "port": 768 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -579,7 +579,7 @@ "port": 46384 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -689,7 +689,7 @@ "port": 46384 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -809,7 +809,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -926,7 +926,7 @@ "port": 445 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -1045,7 +1045,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -1177,7 +1177,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -1287,7 +1287,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -1407,7 +1407,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1526,7 +1526,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1654,7 +1654,7 @@ "port": 21 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -1784,7 +1784,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1921,7 +1921,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2056,7 +2056,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -2192,7 +2192,7 @@ "port": 768 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2301,7 +2301,7 @@ "port": 161 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_deny", @@ -2406,7 +2406,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -2546,7 +2546,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2667,7 +2667,7 @@ "port": 8883 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", @@ -2794,7 +2794,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2909,7 +2909,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_close", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json index 740fdb5d8c2..91ca4599ebb 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-idp.log-expected.json @@ -22,7 +22,7 @@ "port": 123 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security_threat", @@ -150,7 +150,7 @@ "port": 123 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security_threat", @@ -278,7 +278,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security_threat", @@ -397,7 +397,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "security_threat", @@ -501,7 +501,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "application_ddos", @@ -577,7 +577,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "application_ddos", @@ -672,7 +672,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "application_ddos", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json index 1a5a6ae3e07..041fdd6e861 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-ids.log-expected.json @@ -23,7 +23,7 @@ "port": 1433 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "sweep_detected", @@ -114,7 +114,7 @@ "port": 139 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "attack_detected", @@ -204,7 +204,7 @@ "port": 50010 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flood_detected", @@ -298,7 +298,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flood_detected", @@ -389,7 +389,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "fragment_detected", @@ -478,7 +478,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -567,7 +567,7 @@ "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tunneling_screen", @@ -657,7 +657,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "tunneling_screen", @@ -748,7 +748,7 @@ "ip": "67.43.156.12" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flood_detected", @@ -807,7 +807,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flood_detected", @@ -883,7 +883,7 @@ "port": 10778 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "scan_detected", @@ -953,7 +953,7 @@ "port": 7 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "illegal_tcp_flag_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json index ada8864527f..daf7a83204a 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-secintel.log-expected.json @@ -23,7 +23,7 @@ "port": 24039 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware_detected", @@ -127,7 +127,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "malware_detected", diff --git a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json index c5106e77151..fb458d6a3de 100644 --- a/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json +++ b/packages/juniper_srx/data_stream/log/_dev/test/pipeline/test-utm.log-expected.json @@ -23,7 +23,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "web_filter", @@ -113,7 +113,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -199,7 +199,7 @@ "port": 47095 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "virus_detected", @@ -299,7 +299,7 @@ "port": 33578 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -387,7 +387,7 @@ "port": 51727 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -444,7 +444,7 @@ "ip": "10.10.10.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "antispam_filter", @@ -515,7 +515,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "content_filter", @@ -610,7 +610,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "web_filter", @@ -700,7 +700,7 @@ "port": 47095 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "virus_detected", @@ -800,7 +800,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -889,7 +889,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "web_filter", @@ -969,7 +969,7 @@ "port": 58954 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 9a3658fb63b..f9086cb5e86 100644 --- a/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/juniper_srx/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -5,7 +5,7 @@ description: Pipeline for parsing junipersrx firewall logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/juniper_srx/docs/README.md b/packages/juniper_srx/docs/README.md index 4bcaeb19c10..8d6c038602f 100644 --- a/packages/juniper_srx/docs/README.md +++ b/packages/juniper_srx/docs/README.md @@ -170,7 +170,7 @@ The following processes and tags are supported: | dns.answers.name | The domain name to which this resource record pertains. If a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated. | keyword | | dns.answers.ttl | The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. | long | | dns.answers.type | The type of data contained in this resource record. | keyword | -| dns.header_flags | Array of 2 letter DNS header flags. Expected values are: AA, TC, RD, RA, AD, CD, DO. | keyword | +| dns.header_flags | Array of 2 letter DNS header flags. | keyword | | dns.id | The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. | keyword | | dns.op_code | The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. | keyword | | dns.question.class | The class of records being queried. | keyword | @@ -255,7 +255,7 @@ The following processes and tags are supported: | file.uid | The user ID (UID) or security identifier (SID) of the file owner. | keyword | | file.x509.alternative_names | List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. | keyword | | file.x509.issuer.common_name | List of common name (CN) of issuing certificate authority. | keyword | -| file.x509.issuer.country | List of country (C) codes | keyword | +| file.x509.issuer.country | List of country \(C) codes | keyword | | file.x509.issuer.distinguished_name | Distinguished name (DN) of issuing certificate authority. | keyword | | file.x509.issuer.locality | List of locality names (L) | keyword | | file.x509.issuer.organization | List of organizations (O) of issuing certificate authority. | keyword | @@ -270,7 +270,7 @@ The following processes and tags are supported: | file.x509.serial_number | Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. | keyword | | file.x509.signature_algorithm | Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. | keyword | | file.x509.subject.common_name | List of common names (CN) of subject. | keyword | -| file.x509.subject.country | List of country (C) code | keyword | +| file.x509.subject.country | List of country \(C) code | keyword | | file.x509.subject.distinguished_name | Distinguished name (DN) of the certificate subject entity. | keyword | | file.x509.subject.locality | List of locality names (L) | keyword | | file.x509.subject.organization | List of organizations (O) of subject. | keyword | @@ -448,7 +448,7 @@ The following processes and tags are supported: | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | | network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | @@ -724,7 +724,7 @@ The following processes and tags are supported: | tls.client.supported_ciphers | Array of ciphers offered by the client during the client hello. | keyword | | tls.client.x509.alternative_names | List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. | keyword | | tls.client.x509.issuer.common_name | List of common name (CN) of issuing certificate authority. | keyword | -| tls.client.x509.issuer.country | List of country (C) codes | keyword | +| tls.client.x509.issuer.country | List of country \(C) codes | keyword | | tls.client.x509.issuer.distinguished_name | Distinguished name (DN) of issuing certificate authority. | keyword | | tls.client.x509.issuer.locality | List of locality names (L) | keyword | | tls.client.x509.issuer.organization | List of organizations (O) of issuing certificate authority. | keyword | @@ -739,7 +739,7 @@ The following processes and tags are supported: | tls.client.x509.serial_number | Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. | keyword | | tls.client.x509.signature_algorithm | Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. | keyword | | tls.client.x509.subject.common_name | List of common names (CN) of subject. | keyword | -| tls.client.x509.subject.country | List of country (C) code | keyword | +| tls.client.x509.subject.country | List of country \(C) code | keyword | | tls.client.x509.subject.distinguished_name | Distinguished name (DN) of the certificate subject entity. | keyword | | tls.client.x509.subject.locality | List of locality names (L) | keyword | | tls.client.x509.subject.organization | List of organizations (O) of subject. | keyword | @@ -762,7 +762,7 @@ The following processes and tags are supported: | tls.server.subject | Subject of the x.509 certificate presented by the server. | keyword | | tls.server.x509.alternative_names | List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. | keyword | | tls.server.x509.issuer.common_name | List of common name (CN) of issuing certificate authority. | keyword | -| tls.server.x509.issuer.country | List of country (C) codes | keyword | +| tls.server.x509.issuer.country | List of country \(C) codes | keyword | | tls.server.x509.issuer.distinguished_name | Distinguished name (DN) of issuing certificate authority. | keyword | | tls.server.x509.issuer.locality | List of locality names (L) | keyword | | tls.server.x509.issuer.organization | List of organizations (O) of issuing certificate authority. | keyword | @@ -777,7 +777,7 @@ The following processes and tags are supported: | tls.server.x509.serial_number | Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. | keyword | | tls.server.x509.signature_algorithm | Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. | keyword | | tls.server.x509.subject.common_name | List of common names (CN) of subject. | keyword | -| tls.server.x509.subject.country | List of country (C) code | keyword | +| tls.server.x509.subject.country | List of country \(C) code | keyword | | tls.server.x509.subject.distinguished_name | Distinguished name (DN) of the certificate subject entity. | keyword | | tls.server.x509.subject.locality | List of locality names (L) | keyword | | tls.server.x509.subject.organization | List of organizations (O) of subject. | keyword | @@ -846,7 +846,7 @@ The following processes and tags are supported: | vulnerability.severity | The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) | keyword | | x509.alternative_names | List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. | keyword | | x509.issuer.common_name | List of common name (CN) of issuing certificate authority. | keyword | -| x509.issuer.country | List of country (C) codes | keyword | +| x509.issuer.country | List of country \(C) codes | keyword | | x509.issuer.distinguished_name | Distinguished name (DN) of issuing certificate authority. | keyword | | x509.issuer.locality | List of locality names (L) | keyword | | x509.issuer.organization | List of organizations (O) of issuing certificate authority. | keyword | @@ -861,7 +861,7 @@ The following processes and tags are supported: | x509.serial_number | Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. | keyword | | x509.signature_algorithm | Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. | keyword | | x509.subject.common_name | List of common names (CN) of subject. | keyword | -| x509.subject.country | List of country (C) code | keyword | +| x509.subject.country | List of country \(C) code | keyword | | x509.subject.distinguished_name | Distinguished name (DN) of the certificate subject entity. | keyword | | x509.subject.locality | List of locality names (L) | keyword | | x509.subject.organization | List of organizations (O) of subject. | keyword | diff --git a/packages/juniper_srx/manifest.yml b/packages/juniper_srx/manifest.yml index 3bc454babdd..b857757f82c 100644 --- a/packages/juniper_srx/manifest.yml +++ b/packages/juniper_srx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: juniper_srx title: Juniper SRX -version: "1.4.1" +version: "1.5.0" description: Collect logs from Juniper SRX devices with Elastic Agent. categories: ["network", "security"] release: ga diff --git a/packages/keycloak/_dev/build/build.yml b/packages/keycloak/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/keycloak/_dev/build/build.yml +++ b/packages/keycloak/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/keycloak/changelog.yml b/packages/keycloak/changelog.yml index cd8d9f43003..d312ce4b321 100644 --- a/packages/keycloak/changelog.yml +++ b/packages/keycloak/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.5.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.4.2" changes: - description: Fix typo in 'Timezone Offset' description. diff --git a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index f453430c62c..61663db90c2 100644 --- a/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/keycloak/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-22T21:01:42.548-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:42,548 INFO [org.keycloak.services] (ServerService Thread Pool -- 64) KC-SERVICES0009: Added user 'admin' to realm 'master'", @@ -26,7 +26,7 @@ { "@timestamp": "2021-10-22T21:01:42.667-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:42,667 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 64) RESTEASY002220: Adding singleton resource org.keycloak.services.resources.admin.AdminRoot from Application class org.keycloak.services.resources.KeycloakApplication", @@ -49,7 +49,7 @@ { "@timestamp": "2021-10-22T21:01:42.912-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:42,912 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 64) WFLYUT002021-10-22 21: Registered web context: '/auth' for server 'default-server' ", @@ -72,7 +72,7 @@ { "@timestamp": "2021-10-22T21:01:43.208-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:43,208 INFO [org.jboss.as.server] (ServerService Thread Pool -- 46) WFLYSRV0010: Deployed \"keycloak-server.war\" (runtime-name : \"keycloak-server.war\") ", @@ -95,7 +95,7 @@ { "@timestamp": "2021-10-22T21:01:43.299-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:43,299 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server", @@ -118,7 +118,7 @@ { "@timestamp": "2021-10-22T21:01:43.307-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:43,307 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 15.0.2 (WildFly Core 15.0.1.Final) started in 28315ms - Started 692 of 977 services (686 services are lazy, passive or on-demand)", @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management", @@ -164,7 +164,7 @@ { "@timestamp": "2021-10-22T21:01:43.327-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "original": "2021-10-22 21:01:43,327 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990", @@ -187,7 +187,7 @@ { "@timestamp": "2021-10-22T21:01:45.403-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN_ERROR", @@ -250,7 +250,7 @@ { "@timestamp": "2021-10-22T21:20:42.120-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN_ERROR", @@ -325,7 +325,7 @@ { "@timestamp": "2021-10-22T21:24:41.076-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN_ERROR", @@ -394,7 +394,7 @@ { "@timestamp": "2021-10-22T21:31:31.555-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN_ERROR", @@ -457,7 +457,7 @@ { "@timestamp": "2021-10-22T20:58:02.700-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN_ERROR", @@ -532,7 +532,7 @@ { "@timestamp": "2021-10-22T22:11:31.257-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGIN", @@ -608,7 +608,7 @@ { "@timestamp": "2021-10-22T22:11:32.131-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CODE_TO_TOKEN", @@ -666,7 +666,7 @@ { "@timestamp": "2021-10-22T22:12:09.871-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CREATE-USER", @@ -734,7 +734,7 @@ { "@timestamp": "2021-10-22T22:12:13.599-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "UPDATE-USER", @@ -802,7 +802,7 @@ { "@timestamp": "2021-10-22T22:14:29.031-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CREATE-GROUP", @@ -869,7 +869,7 @@ { "@timestamp": "2021-10-22T22:16:12.150-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CREATE-CLIENT_SCOPE", @@ -933,7 +933,7 @@ { "@timestamp": "2021-10-22T22:45:12.592-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "LOGOUT", @@ -1001,7 +1001,7 @@ { "@timestamp": "2021-10-22T22:46:14.913-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DELETE-GROUP", @@ -1068,7 +1068,7 @@ { "@timestamp": "2021-10-22T23:05:03.371-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "CREATE-GROUP", diff --git a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml index a9712b7b15e..b9a8de1cd19 100644 --- a/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/keycloak/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing keycloak logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/keycloak/manifest.yml b/packages/keycloak/manifest.yml index 306a88a1a34..7971e4597f4 100644 --- a/packages/keycloak/manifest.yml +++ b/packages/keycloak/manifest.yml @@ -1,6 +1,6 @@ name: keycloak title: Keycloak -version: "1.4.2" +version: "1.5.0" release: ga description: Collect logs from Keycloak with Elastic Agent. type: integration diff --git a/packages/m365_defender/_dev/build/build.yml b/packages/m365_defender/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/m365_defender/_dev/build/build.yml +++ b/packages/m365_defender/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/m365_defender/changelog.yml b/packages/m365_defender/changelog.yml index b252824f487..c2fe07780e4 100644 --- a/packages/m365_defender/changelog.yml +++ b/packages/m365_defender/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.1.2" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json index 530357929a0..736cd68444b 100644 --- a/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json +++ b/packages/m365_defender/data_stream/log/_dev/test/pipeline/test-m365-defender-ndjson.log-expected.json @@ -6,7 +6,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", @@ -119,7 +119,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", @@ -219,7 +219,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", @@ -320,7 +320,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", @@ -413,7 +413,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", @@ -506,7 +506,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", @@ -595,7 +595,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", @@ -688,7 +688,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", @@ -759,7 +759,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", @@ -834,7 +834,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "SuspiciousActivity", diff --git a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 66374e165e9..664c950d4eb 100644 --- a/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/m365_defender/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing m365 defender logs processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/m365_defender/manifest.yml b/packages/m365_defender/manifest.yml index 36c7b675fdf..0791bdb0a30 100644 --- a/packages/m365_defender/manifest.yml +++ b/packages/m365_defender/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: m365_defender title: Microsoft M365 Defender -version: "1.1.2" +version: 1.2.0 description: Collect logs from Microsoft M365 Defender with Elastic Agent. categories: - "network" diff --git a/packages/mattermost/_dev/build/build.yml b/packages/mattermost/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/mattermost/_dev/build/build.yml +++ b/packages/mattermost/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/mattermost/changelog.yml b/packages/mattermost/changelog.yml index de6b8bbd51a..8a4e16047d3 100644 --- a/packages/mattermost/changelog.yml +++ b/packages/mattermost/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.3.1" changes: - description: Update package name and description to align with standard wording diff --git a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json index b4cd7b6bfb8..cf977b03a2d 100644 --- a/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json +++ b/packages/mattermost/data_stream/audit/_dev/test/pipeline/test-audit.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-12-04T23:19:32.051Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updateConfig", @@ -85,7 +85,7 @@ { "@timestamp": "2021-12-04T23:19:48.599Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updateConfig", @@ -167,7 +167,7 @@ { "@timestamp": "2021-12-04T23:19:51.324Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Logout", @@ -250,7 +250,7 @@ { "@timestamp": "2021-12-04T23:19:58.729Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login", @@ -337,7 +337,7 @@ { "@timestamp": "2021-12-04T23:20:33.027Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchUser", @@ -433,7 +433,7 @@ { "@timestamp": "2021-12-04T23:20:37.771Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchUser", @@ -529,7 +529,7 @@ { "@timestamp": "2021-12-04T23:20:53.063Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updatePassword", @@ -620,7 +620,7 @@ { "@timestamp": "2021-12-04T23:28:18.032Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updatePreferences", @@ -703,7 +703,7 @@ { "@timestamp": "2021-12-04T23:28:19.342Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "createPost", @@ -797,7 +797,7 @@ { "@timestamp": "2021-12-05T00:01:23.974Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "createChannel", @@ -889,7 +889,7 @@ { "@timestamp": "2021-12-05T00:01:48.946Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchChannel", @@ -986,7 +986,7 @@ { "@timestamp": "2021-12-05T00:01:52.914Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleteChannel", @@ -1078,7 +1078,7 @@ { "@timestamp": "2021-12-05T00:02:01.482Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "error": { "code": "api.channel.delete_channel.deleted.app_error" @@ -1178,7 +1178,7 @@ { "@timestamp": "2021-12-05T00:02:09.835Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "error": { "code": "app.channel.update.bad_id" @@ -1286,7 +1286,7 @@ { "@timestamp": "2021-12-05T00:02:25.202Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "restoreChannel", @@ -1378,7 +1378,7 @@ { "@timestamp": "2021-12-05T00:02:31.485Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "convertChannelToPrivate", @@ -1478,7 +1478,7 @@ { "@timestamp": "2021-12-05T00:02:56.786Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "removeChannelMember", @@ -1573,7 +1573,7 @@ { "@timestamp": "2021-12-05T00:03:01.043Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "getConfig", @@ -1656,7 +1656,7 @@ { "@timestamp": "2021-12-05T00:03:13.849Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "createChannel", @@ -1748,7 +1748,7 @@ { "@timestamp": "2021-12-05T00:04:01.294Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleteChannel", @@ -1840,7 +1840,7 @@ { "@timestamp": "2021-12-05T00:12:11.211Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "getConfig", @@ -1923,7 +1923,7 @@ { "@timestamp": "2021-12-05T00:12:23.085Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchTeam", @@ -2025,7 +2025,7 @@ { "@timestamp": "2021-12-05T00:12:29.655Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchTeam", @@ -2127,7 +2127,7 @@ { "@timestamp": "2021-12-05T00:12:46.044Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "createTeam", @@ -2224,7 +2224,7 @@ { "@timestamp": "2021-12-05T00:18:13.183Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "removeTeamMember", @@ -2329,7 +2329,7 @@ { "@timestamp": "2021-12-05T00:18:17.907Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "revokeAllSessionsForUser", @@ -2411,7 +2411,7 @@ { "@timestamp": "2021-12-05T01:02:56.163Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "patchUser", @@ -2511,7 +2511,7 @@ { "@timestamp": "2021-12-05T01:13:26.358Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "addTeamMembers", @@ -2614,7 +2614,7 @@ { "@timestamp": "2021-12-05T01:13:08.904Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "addTeamMembers", @@ -2722,7 +2722,7 @@ { "@timestamp": "2021-12-05T01:20:06.246Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "addTeamMembers", @@ -2833,7 +2833,7 @@ { "@timestamp": "2021-12-05T17:21:36.724Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleteTeam", @@ -2909,7 +2909,7 @@ { "@timestamp": "2021-12-05T17:24:33.077Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "updateUserActive", diff --git a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 5e07513b1bb..28dc41c3a7f 100644 --- a/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mattermost/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Mattermost audit logs processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mattermost/manifest.yml b/packages/mattermost/manifest.yml index 56beb413142..766e7c618d8 100644 --- a/packages/mattermost/manifest.yml +++ b/packages/mattermost/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: mattermost title: "Mattermost" -version: 1.3.1 +version: 1.4.0 license: basic description: Collect logs from Mattermost with Elastic Agent. type: integration diff --git a/packages/microsoft_defender_endpoint/_dev/build/build.yml b/packages/microsoft_defender_endpoint/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/microsoft_defender_endpoint/_dev/build/build.yml +++ b/packages/microsoft_defender_endpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/microsoft_defender_endpoint/changelog.yml b/packages/microsoft_defender_endpoint/changelog.yml index 32aa536a4dd..604c5df0f75 100644 --- a/packages/microsoft_defender_endpoint/changelog.yml +++ b/packages/microsoft_defender_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "2.3.1" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json index cb5ec573d99..7a43a81422c 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json +++ b/packages/microsoft_defender_endpoint/data_stream/log/_dev/test/pipeline/test-defenderatp.log-expected.json @@ -11,7 +11,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", @@ -90,7 +90,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DefenseEvasion", @@ -192,7 +192,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DefenseEvasion", @@ -276,7 +276,7 @@ "provider": "azure" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "Malware", diff --git a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml index acd4b363a26..be299f976f2 100644 --- a/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_defender_endpoint/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Microsoft Defender for Endpoint logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/microsoft_defender_endpoint/manifest.yml b/packages/microsoft_defender_endpoint/manifest.yml index f09c3896f88..b887695b7c9 100644 --- a/packages/microsoft_defender_endpoint/manifest.yml +++ b/packages/microsoft_defender_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_defender_endpoint title: Microsoft Defender for Endpoint -version: "2.3.1" +version: "2.4.0" description: Collect logs from Microsoft Defender for Endpoint with Elastic Agent. categories: - "network" diff --git a/packages/microsoft_dhcp/_dev/build/build.yml b/packages/microsoft_dhcp/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/microsoft_dhcp/_dev/build/build.yml +++ b/packages/microsoft_dhcp/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/microsoft_dhcp/changelog.yml b/packages/microsoft_dhcp/changelog.yml index 486ae2d9f9c..f88b038889c 100644 --- a/packages/microsoft_dhcp/changelog.yml +++ b/packages/microsoft_dhcp/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.5.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json index ef38dbb6ebe..28b8eaa563f 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-log.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-04-19T13:11:13.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "log-end", @@ -32,7 +32,7 @@ { "@timestamp": "2020-04-19T12:43:06.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "log-start", @@ -61,7 +61,7 @@ { "@timestamp": "2021-09-20T09:16:15.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -101,7 +101,7 @@ { "@timestamp": "2021-09-20T09:16:09.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -141,7 +141,7 @@ { "@timestamp": "2021-09-20T09:16:03.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -181,7 +181,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -223,7 +223,7 @@ { "@timestamp": "2021-09-20T09:18:00.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -263,7 +263,7 @@ { "@timestamp": "2021-09-20T09:18:01.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -303,7 +303,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -340,7 +340,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-new", @@ -383,7 +383,7 @@ { "@timestamp": "2001-01-01T01:01:01.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-new", @@ -431,7 +431,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "ip-cleanup-start", @@ -467,7 +467,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-dns-update", @@ -507,7 +507,7 @@ { "@timestamp": "2020-11-20T00:00:05.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcp-expire", @@ -545,7 +545,7 @@ { "@timestamp": "2020-04-19T12:43:54.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-server-detection", @@ -579,7 +579,7 @@ { "@timestamp": "2020-04-19T12:43:21.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-server-detection", @@ -612,7 +612,7 @@ { "@timestamp": "2020-04-19T12:43:28.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rogue-server-detection", diff --git a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json index 4d3e141f169..6664a0e5868 100644 --- a/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json +++ b/packages/microsoft_dhcp/data_stream/log/_dev/test/pipeline/test-logv6.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "log-start", @@ -32,7 +32,7 @@ { "@timestamp": "2021-11-04T18:24:36.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "1103", @@ -54,7 +54,7 @@ { "@timestamp": "2021-11-04T18:40:37.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "log-stop", @@ -83,7 +83,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "log-start", @@ -112,7 +112,7 @@ { "@timestamp": "2021-12-06T12:25:21.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "code": "1103", @@ -137,7 +137,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-solicit", @@ -179,7 +179,7 @@ { "@timestamp": "2021-12-06T12:43:57.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-request", @@ -221,7 +221,7 @@ { "@timestamp": "2021-12-06T12:45:48.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-solicit", @@ -263,7 +263,7 @@ { "@timestamp": "2021-12-06T12:45:49.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-request", @@ -305,7 +305,7 @@ { "@timestamp": "2021-12-06T12:45:59.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-solicit", @@ -347,7 +347,7 @@ { "@timestamp": "2021-12-06T12:46:00.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-request", @@ -389,7 +389,7 @@ { "@timestamp": "2021-12-06T12:46:25.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-solicit", @@ -431,7 +431,7 @@ { "@timestamp": "2021-12-06T12:46:26.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-request", @@ -473,7 +473,7 @@ { "@timestamp": "2021-12-06T13:25:21.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "dhcpv6-stateless-clients-pruged", diff --git a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8321cfdcccb..1a5a6a3eadb 100644 --- a/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_dhcp/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing Microsoft DHCP Server logs. processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: event.kind value: event diff --git a/packages/microsoft_dhcp/manifest.yml b/packages/microsoft_dhcp/manifest.yml index b762f13be7c..8c749bcaf3a 100644 --- a/packages/microsoft_dhcp/manifest.yml +++ b/packages/microsoft_dhcp/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_dhcp title: Microsoft DHCP -version: "1.5.0" +version: "1.6.0" license: basic description: Collect logs from Microsoft DHCP with Elastic Agent. type: integration diff --git a/packages/microsoft_sqlserver/_dev/build/build.yml b/packages/microsoft_sqlserver/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/microsoft_sqlserver/_dev/build/build.yml +++ b/packages/microsoft_sqlserver/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/microsoft_sqlserver/changelog.yml b/packages/microsoft_sqlserver/changelog.yml index f58e089955b..ee36c3fea7c 100644 --- a/packages/microsoft_sqlserver/changelog.yml +++ b/packages/microsoft_sqlserver/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.3.0" changes: - description: Added the log datastream. diff --git a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json index 281f1035504..425263cf485 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json +++ b/packages/microsoft_sqlserver/data_stream/audit/_dev/test/pipeline/test-events.json-expected.json @@ -16,7 +16,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { "id": "b53be7b1-9e86-49b0-ad0b-1464bceabc65", @@ -149,7 +149,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { "id": "8b2d19ad-2ecf-40d9-ad3b-746991df9989", @@ -283,7 +283,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", @@ -414,7 +414,7 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { "id": "df0dd5ff-cce7-4861-b49f-fd70f0b207b6", diff --git a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml index 19e66c7b4d6..484c46c7eea 100644 --- a/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sqlserver/data_stream/audit/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for processing SQL Server audit logs processors: - set: field: ecs.version - value: 8.3.0 + value: '8.4.0' - gsub: description: Strip final dot from param1. field: winlog.event_data.param1 diff --git a/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test.log-expected.json b/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test.log-expected.json index 8518d9ac3af..9e0f455f57d 100644 --- a/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test.log-expected.json +++ b/packages/microsoft_sqlserver/data_stream/log/_dev/test/pipeline/test.log-expected.json @@ -3,13 +3,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681013906Z", + "ingested": "2022-07-27T20:26:20.672824987Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server Microsoft SQL Server 2019 (RTM-CU16-GDR) (KB5014353) - 15.0.4236.7 (X64) \n\tMay 29 2022 15:55:47 \n\tCopyright (C) 2019 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Linux (Ubuntu 20.04.4 LTS) \u003cX64\u003e", "type": [ @@ -26,13 +26,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681016668Z", + "ingested": "2022-07-27T20:26:20.672828583Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server UTC adjustment: 0:00", "type": [ @@ -49,13 +49,13 @@ { "@timestamp": "2022-07-08T05:42:10.350Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681018104Z", + "ingested": "2022-07-27T20:26:20.672829775Z", "kind": "event", "original": "2022-07-08 05:42:10.35 Server (c) Microsoft Corporation.", "type": [ @@ -72,13 +72,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681019160Z", + "ingested": "2022-07-27T20:26:20.672830834Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server All rights reserved.", "type": [ @@ -95,13 +95,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681020149Z", + "ingested": "2022-07-27T20:26:20.672831884Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Server process ID is 396.", "type": [ @@ -118,13 +118,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681021143Z", + "ingested": "2022-07-27T20:26:20.672832966Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Logging SQL Server messages in file '/var/opt/mssql/log/errorlog'.", "type": [ @@ -141,13 +141,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681022126Z", + "ingested": "2022-07-27T20:26:20.672833987Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Registry startup parameters: \n\t -d /var/opt/mssql/data/master.mdf\n\t -l /var/opt/mssql/data/mastlog.ldf\n\t -e /var/opt/mssql/log/errorlog", "type": [ @@ -164,13 +164,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681023119Z", + "ingested": "2022-07-27T20:26:20.672835007Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server SQL Server detected 1 sockets with 8 cores per socket and 16 logical processors per socket, 16 total logical processors; using 16 logical processors based on SQL Server licensing. This is an informational message; no user action is required.", "type": [ @@ -187,13 +187,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681024112Z", + "ingested": "2022-07-27T20:26:20.672836019Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.", "type": [ @@ -210,13 +210,13 @@ { "@timestamp": "2022-07-08T05:42:10.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681025109Z", + "ingested": "2022-07-27T20:26:20.672837036Z", "kind": "event", "original": "2022-07-08 05:42:10.36 Server Detected 41132 MB of RAM. This is an informational message; no user action is required.", "type": [ @@ -233,13 +233,13 @@ { "@timestamp": "2022-07-08T05:42:10.370Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681026140Z", + "ingested": "2022-07-27T20:26:20.672838046Z", "kind": "event", "original": "2022-07-08 05:42:10.37 Server Using conventional memory in the memory manager.", "type": [ @@ -256,13 +256,13 @@ { "@timestamp": "2022-07-08T05:42:10.380Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681027216Z", + "ingested": "2022-07-27T20:26:20.672839218Z", "kind": "event", "original": "2022-07-08 05:42:10.38 Server Page exclusion bitmap is enabled.", "type": [ @@ -279,13 +279,13 @@ { "@timestamp": "2022-07-08T05:42:10.440Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681028234Z", + "ingested": "2022-07-27T20:26:20.672840268Z", "kind": "event", "original": "2022-07-08 05:42:10.44 Server Buffer pool extension is not supported on Linux platform.", "type": [ @@ -302,13 +302,13 @@ { "@timestamp": "2022-07-08T05:42:10.440Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681029233Z", + "ingested": "2022-07-27T20:26:20.672841291Z", "kind": "event", "original": "2022-07-08 05:42:10.44 Server Buffer Pool: Allocating 8388608 bytes for 6430720 hashPages.", "type": [ @@ -325,13 +325,13 @@ { "@timestamp": "2022-07-08T05:42:10.570Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681030264Z", + "ingested": "2022-07-27T20:26:20.672842308Z", "kind": "event", "original": "2022-07-08 05:42:10.57 Server Buffer pool extension is already disabled. No action is necessary.", "type": [ @@ -348,13 +348,13 @@ { "@timestamp": "2022-07-08T05:42:10.760Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681031259Z", + "ingested": "2022-07-27T20:26:20.672843326Z", "kind": "event", "original": "2022-07-08 05:42:10.76 Server Successfully initialized the TLS configuration. Allowed TLS protocol versions are ['1.0 1.1 1.2']. Allowed TLS ciphers are ['ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES128-GCM-SHA256:!DHE-RSA-AES256-SHA:!DHE-RSA-AES128-SHA'].", "type": [ @@ -371,13 +371,13 @@ { "@timestamp": "2022-07-08T05:42:10.770Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681032296Z", + "ingested": "2022-07-27T20:26:20.672844448Z", "kind": "event", "original": "2022-07-08 05:42:10.77 Server Query Store settings initialized with enabled = 1, ", "type": [ @@ -394,13 +394,13 @@ { "@timestamp": "2022-07-08T05:42:10.790Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681033286Z", + "ingested": "2022-07-27T20:26:20.672845456Z", "kind": "event", "original": "2022-07-08 05:42:10.79 Server The maximum number of dedicated administrator connections for this instance is '1'", "type": [ @@ -417,13 +417,13 @@ { "@timestamp": "2022-07-08T05:42:10.800Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681034315Z", + "ingested": "2022-07-27T20:26:20.672846466Z", "kind": "event", "original": "2022-07-08 05:42:10.80 Server Node configuration: node 0: CPU mask: 0x000000000000ffff:0 Active CPU mask: 0x000000000000ffff:0. This message provides a description of the NUMA configuration for this computer. This is an informational message only. No user action is required.", "type": [ @@ -440,13 +440,13 @@ { "@timestamp": "2022-07-08T05:42:10.850Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681035333Z", + "ingested": "2022-07-27T20:26:20.672847487Z", "kind": "event", "original": "2022-07-08 05:42:10.85 Server Using dynamic lock allocation. Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node. This is an informational message only. No user action is required.", "type": [ @@ -463,13 +463,13 @@ { "@timestamp": "2022-07-08T05:42:10.850Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681036343Z", + "ingested": "2022-07-27T20:26:20.672848515Z", "kind": "event", "original": "2022-07-08 05:42:10.85 Server Lock partitioning is enabled. This is an informational message only. No user action is required.", "type": [ @@ -486,13 +486,13 @@ { "@timestamp": "2022-07-08T05:42:10.860Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681037370Z", + "ingested": "2022-07-27T20:26:20.672849532Z", "kind": "event", "original": "2022-07-08 05:42:10.86 Server In-Memory OLTP initialized on standard machine.", "type": [ @@ -509,13 +509,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681038368Z", + "ingested": "2022-07-27T20:26:20.672850545Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server CLR version v4.0.30319 loaded.", "type": [ @@ -532,13 +532,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681039441Z", + "ingested": "2022-07-27T20:26:20.672851681Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server [INFO] Created Extended Events session 'hkenginexesession'", "type": [ @@ -555,13 +555,13 @@ { "@timestamp": "2022-07-08T05:42:10.950Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681040432Z", + "ingested": "2022-07-27T20:26:20.672852688Z", "kind": "event", "original": "2022-07-08 05:42:10.95 Server Database Instant File Initialization: enabled. For security and performance considerations see the topic 'Database Instant File Initialization' in SQL Server Books Online. This is an informational message only. No user action is required.", "type": [ @@ -578,13 +578,13 @@ { "@timestamp": "2022-07-08T05:42:10.970Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681041412Z", + "ingested": "2022-07-27T20:26:20.672853785Z", "kind": "event", "original": "2022-07-08 05:42:10.97 Server Total Log Writer threads: 2. This is an informational message; no user action is required.", "type": [ @@ -601,13 +601,13 @@ { "@timestamp": "2022-07-08T05:42:10.990Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681042418Z", + "ingested": "2022-07-27T20:26:20.672854800Z", "kind": "event", "original": "2022-07-08 05:42:10.99 Server clwb is selected for pmem flush operation.", "type": [ @@ -624,13 +624,13 @@ { "@timestamp": "2022-07-08T05:42:10.990Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681043625Z", + "ingested": "2022-07-27T20:26:20.672855819Z", "kind": "event", "original": "2022-07-08 05:42:10.99 Server Software Usage Metrics is disabled.", "type": [ @@ -647,13 +647,13 @@ { "@timestamp": "2022-07-08T05:42:11.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681044629Z", + "ingested": "2022-07-27T20:26:20.672856927Z", "kind": "event", "original": "2022-07-08 05:42:11.00 spid9s [1]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -670,13 +670,13 @@ { "@timestamp": "2022-07-08T05:42:11.010Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681045627Z", + "ingested": "2022-07-27T20:26:20.672857951Z", "kind": "event", "original": "2022-07-08 05:42:11.01 spid9s Starting up database 'master'.", "type": [ @@ -693,13 +693,13 @@ { "@timestamp": "2022-07-08T05:42:11.180Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681046618Z", + "ingested": "2022-07-27T20:26:20.672858973Z", "kind": "event", "original": "2022-07-08 05:42:11.18 spid9s Converting database 'master' from version 897 to the current version 904.", "type": [ @@ -716,13 +716,13 @@ { "@timestamp": "2022-07-08T05:42:11.180Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681047588Z", + "ingested": "2022-07-27T20:26:20.672859997Z", "kind": "event", "original": "2022-07-08 05:42:11.18 spid9s Database 'master' running the upgrade step from version 897 to version 898.", "type": [ @@ -739,13 +739,13 @@ { "@timestamp": "2022-07-08T05:42:11.240Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681048578Z", + "ingested": "2022-07-27T20:26:20.672867586Z", "kind": "event", "original": "2022-07-08 05:42:11.24 spid9s Database 'master' running the upgrade step from version 898 to version 899.", "type": [ @@ -762,13 +762,13 @@ { "@timestamp": "2022-07-08T05:42:11.290Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681049585Z", + "ingested": "2022-07-27T20:26:20.672868707Z", "kind": "event", "original": "2022-07-08 05:42:11.29 spid9s Database 'master' running the upgrade step from version 899 to version 900.", "type": [ @@ -785,13 +785,13 @@ { "@timestamp": "2022-07-08T05:42:11.300Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681050671Z", + "ingested": "2022-07-27T20:26:20.672869881Z", "kind": "event", "original": "2022-07-08 05:42:11.30 Server Common language runtime (CLR) functionality initialized.", "type": [ @@ -808,13 +808,13 @@ { "@timestamp": "2022-07-08T05:42:11.340Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681051714Z", + "ingested": "2022-07-27T20:26:20.672870896Z", "kind": "event", "original": "2022-07-08 05:42:11.34 spid9s Database 'master' running the upgrade step from version 900 to version 901.", "type": [ @@ -831,13 +831,13 @@ { "@timestamp": "2022-07-08T05:42:11.360Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681052682Z", + "ingested": "2022-07-27T20:26:20.672900902Z", "kind": "event", "original": "2022-07-08 05:42:11.36 spid9s Database 'master' running the upgrade step from version 901 to version 902.", "type": [ @@ -854,13 +854,13 @@ { "@timestamp": "2022-07-08T05:42:11.380Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681053675Z", + "ingested": "2022-07-27T20:26:20.672902434Z", "kind": "event", "original": "2022-07-08 05:42:11.38 spid9s Database 'master' running the upgrade step from version 902 to version 903.", "type": [ @@ -877,13 +877,13 @@ { "@timestamp": "2022-07-08T05:42:11.390Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681054656Z", + "ingested": "2022-07-27T20:26:20.672903668Z", "kind": "event", "original": "2022-07-08 05:42:11.39 spid9s Database 'master' running the upgrade step from version 903 to version 904.", "type": [ @@ -900,13 +900,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681055655Z", + "ingested": "2022-07-27T20:26:20.672904841Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s Resource governor reconfiguration succeeded.", "type": [ @@ -923,13 +923,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681056656Z", + "ingested": "2022-07-27T20:26:20.672905853Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s SQL Server Audit is starting the audits. This is an informational message. No user action is required.", "type": [ @@ -946,13 +946,13 @@ { "@timestamp": "2022-07-08T05:42:11.700Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681057664Z", + "ingested": "2022-07-27T20:26:20.672906863Z", "kind": "event", "original": "2022-07-08 05:42:11.70 spid9s SQL Server Audit has started the audits. This is an informational message. No user action is required.", "type": [ @@ -969,13 +969,13 @@ { "@timestamp": "2022-07-08T05:42:11.850Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681058664Z", + "ingested": "2022-07-27T20:26:20.672907861Z", "kind": "event", "original": "2022-07-08 05:42:11.85 spid9s SQL Trace ID 1 was started by login \"sa\".", "type": [ @@ -992,13 +992,13 @@ { "@timestamp": "2022-07-08T05:42:11.860Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681059656Z", + "ingested": "2022-07-27T20:26:20.672908877Z", "kind": "event", "original": "2022-07-08 05:42:11.86 spid26s Password policy update was successful.", "type": [ @@ -1015,13 +1015,13 @@ { "@timestamp": "2022-07-08T05:42:11.880Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681060711Z", + "ingested": "2022-07-27T20:26:20.672909897Z", "kind": "event", "original": "2022-07-08 05:42:11.88 spid9s Server name is 'd200462fe4a0'. This is an informational message only. No user action is required.", "type": [ @@ -1038,13 +1038,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681061696Z", + "ingested": "2022-07-27T20:26:20.672910913Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid29s Always On: The availability replica manager is starting. This is an informational message only. No user action is required.", "type": [ @@ -1061,13 +1061,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681062677Z", + "ingested": "2022-07-27T20:26:20.672911917Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid9s [4]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1084,13 +1084,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681063670Z", + "ingested": "2022-07-27T20:26:20.672912925Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid29s Always On: The availability replica manager is waiting for the instance of SQL Server to allow client connections. This is an informational message only. No user action is required.", "type": [ @@ -1107,13 +1107,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681064665Z", + "ingested": "2022-07-27T20:26:20.672913924Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid9s Starting up database 'msdb'.", "type": [ @@ -1130,13 +1130,13 @@ { "@timestamp": "2022-07-08T05:42:11.900Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681065663Z", + "ingested": "2022-07-27T20:26:20.672914929Z", "kind": "event", "original": "2022-07-08 05:42:11.90 spid26s A self-generated certificate was successfully loaded for encryption.", "type": [ @@ -1153,13 +1153,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681066723Z", + "ingested": "2022-07-27T20:26:20.672916157Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s [32767]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1176,13 +1176,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681067726Z", + "ingested": "2022-07-27T20:26:20.672917242Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s Starting up database 'mssqlsystemresource'.", "type": [ @@ -1199,13 +1199,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681068724Z", + "ingested": "2022-07-27T20:26:20.672918236Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid26s Server is listening on [ 'any' \u003cipv6\u003e 1433].", "type": [ @@ -1222,13 +1222,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681069710Z", + "ingested": "2022-07-27T20:26:20.672919237Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid26s Server is listening on [ 'any' \u003cipv4\u003e 1433].", "type": [ @@ -1245,13 +1245,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681070705Z", + "ingested": "2022-07-27T20:26:20.672920236Z", "kind": "event", "original": "2022-07-08 05:42:11.91 spid12s The resource database build version is 15.00.4236. This is an informational message only. No user action is required.", "type": [ @@ -1268,13 +1268,13 @@ { "@timestamp": "2022-07-08T05:42:11.910Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681071701Z", + "ingested": "2022-07-27T20:26:20.672921233Z", "kind": "event", "original": "2022-07-08 05:42:11.91 Server Server is listening on [ ::1 \u003cipv6\u003e 1434].", "type": [ @@ -1291,13 +1291,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681072703Z", + "ingested": "2022-07-27T20:26:20.672922230Z", "kind": "event", "original": "2022-07-08 05:42:11.92 Server Server is listening on [ 127.0.0.1 \u003cipv4\u003e 1434].", "type": [ @@ -1314,13 +1314,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681073712Z", + "ingested": "2022-07-27T20:26:20.672923245Z", "kind": "event", "original": "2022-07-08 05:42:11.92 Server Dedicated admin connection support was established for listening locally on port 1434.", "type": [ @@ -1337,13 +1337,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681074724Z", + "ingested": "2022-07-27T20:26:20.672924585Z", "kind": "event", "original": "2022-07-08 05:42:11.92 spid26s Server is listening on [ ::1 \u003cipv6\u003e 1431].", "type": [ @@ -1360,13 +1360,13 @@ { "@timestamp": "2022-07-08T05:42:11.920Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681077499Z", + "ingested": "2022-07-27T20:26:20.672925990Z", "kind": "event", "original": "2022-07-08 05:42:11.92 spid26s Server is listening on [ 127.0.0.1 \u003cipv4\u003e 1431].", "type": [ @@ -1383,13 +1383,13 @@ { "@timestamp": "2022-07-08T05:42:11.930Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681078586Z", + "ingested": "2022-07-27T20:26:20.672927704Z", "kind": "event", "original": "2022-07-08 05:42:11.93 spid26s SQL Server is now ready for client connections. This is an informational message; no user action is required.", "type": [ @@ -1406,13 +1406,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681079571Z", + "ingested": "2022-07-27T20:26:20.672928715Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid12s [3]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1429,13 +1429,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681080592Z", + "ingested": "2022-07-27T20:26:20.672929729Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid12s Starting up database 'model'.", "type": [ @@ -1452,13 +1452,13 @@ { "@timestamp": "2022-07-08T05:42:11.940Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681081614Z", + "ingested": "2022-07-27T20:26:20.672930733Z", "kind": "event", "original": "2022-07-08 05:42:11.94 spid9s The tail of the log for database msdb is being rewritten to match the new sector size of 4096 bytes. 3072 bytes at offset 50176 in file /var/opt/mssql/data/MSDBLog.ldf will be written.", "type": [ @@ -1475,13 +1475,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681082891Z", + "ingested": "2022-07-27T20:26:20.672931742Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid12s The tail of the log for database model is being rewritten to match the new sector size of 4096 bytes. 512 bytes at offset 73216 in file /var/opt/mssql/data/modellog.ldf will be written.", "type": [ @@ -1498,13 +1498,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681083876Z", + "ingested": "2022-07-27T20:26:20.672932772Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid9s Converting database 'msdb' from version 897 to the current version 904.", "type": [ @@ -1521,13 +1521,13 @@ { "@timestamp": "2022-07-08T05:42:11.990Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681084835Z", + "ingested": "2022-07-27T20:26:20.672933782Z", "kind": "event", "original": "2022-07-08 05:42:11.99 spid9s Database 'msdb' running the upgrade step from version 897 to version 898.", "type": [ @@ -1544,13 +1544,13 @@ { "@timestamp": "2022-07-08T05:42:12.050Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681085837Z", + "ingested": "2022-07-27T20:26:20.672934787Z", "kind": "event", "original": "2022-07-08 05:42:12.05 spid12s Converting database 'model' from version 897 to the current version 904.", "type": [ @@ -1567,13 +1567,13 @@ { "@timestamp": "2022-07-08T05:42:12.050Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681086832Z", + "ingested": "2022-07-27T20:26:20.672935796Z", "kind": "event", "original": "2022-07-08 05:42:12.05 spid12s Database 'model' running the upgrade step from version 897 to version 898.", "type": [ @@ -1590,13 +1590,13 @@ { "@timestamp": "2022-07-08T05:42:12.110Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681087825Z", + "ingested": "2022-07-27T20:26:20.672936805Z", "kind": "event", "original": "2022-07-08 05:42:12.11 spid9s Database 'msdb' running the upgrade step from version 898 to version 899.", "type": [ @@ -1613,13 +1613,13 @@ { "@timestamp": "2022-07-08T05:42:12.130Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681088801Z", + "ingested": "2022-07-27T20:26:20.672937806Z", "kind": "event", "original": "2022-07-08 05:42:12.13 spid12s Database 'model' running the upgrade step from version 898 to version 899.", "type": [ @@ -1636,13 +1636,13 @@ { "@timestamp": "2022-07-08T05:42:12.150Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681089778Z", + "ingested": "2022-07-27T20:26:20.672938809Z", "kind": "event", "original": "2022-07-08 05:42:12.15 spid9s Database 'msdb' running the upgrade step from version 899 to version 900.", "type": [ @@ -1659,13 +1659,13 @@ { "@timestamp": "2022-07-08T05:42:12.170Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681090762Z", + "ingested": "2022-07-27T20:26:20.672939948Z", "kind": "event", "original": "2022-07-08 05:42:12.17 spid12s Database 'model' running the upgrade step from version 899 to version 900.", "type": [ @@ -1682,13 +1682,13 @@ { "@timestamp": "2022-07-08T05:42:12.180Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681091721Z", + "ingested": "2022-07-27T20:26:20.672940968Z", "kind": "event", "original": "2022-07-08 05:42:12.18 spid9s Database 'msdb' running the upgrade step from version 900 to version 901.", "type": [ @@ -1705,13 +1705,13 @@ { "@timestamp": "2022-07-08T05:42:12.200Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681092797Z", + "ingested": "2022-07-27T20:26:20.672942153Z", "kind": "event", "original": "2022-07-08 05:42:12.20 spid12s Database 'model' running the upgrade step from version 900 to version 901.", "type": [ @@ -1728,13 +1728,13 @@ { "@timestamp": "2022-07-08T05:42:12.220Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681093789Z", + "ingested": "2022-07-27T20:26:20.672943157Z", "kind": "event", "original": "2022-07-08 05:42:12.22 spid9s Database 'msdb' running the upgrade step from version 901 to version 902.", "type": [ @@ -1751,13 +1751,13 @@ { "@timestamp": "2022-07-08T05:42:12.230Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681094781Z", + "ingested": "2022-07-27T20:26:20.672944166Z", "kind": "event", "original": "2022-07-08 05:42:12.23 spid12s Database 'model' running the upgrade step from version 901 to version 902.", "type": [ @@ -1774,13 +1774,13 @@ { "@timestamp": "2022-07-08T05:42:12.240Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681095761Z", + "ingested": "2022-07-27T20:26:20.672996970Z", "kind": "event", "original": "2022-07-08 05:42:12.24 spid12s Database 'model' running the upgrade step from version 902 to version 903.", "type": [ @@ -1797,13 +1797,13 @@ { "@timestamp": "2022-07-08T05:42:12.260Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681096729Z", + "ingested": "2022-07-27T20:26:20.672998705Z", "kind": "event", "original": "2022-07-08 05:42:12.26 spid12s Database 'model' running the upgrade step from version 903 to version 904.", "type": [ @@ -1820,13 +1820,13 @@ { "@timestamp": "2022-07-08T05:42:12.390Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681097734Z", + "ingested": "2022-07-27T20:26:20.672999903Z", "kind": "event", "original": "2022-07-08 05:42:12.39 spid12s Clearing tempdb database.", "type": [ @@ -1843,13 +1843,13 @@ { "@timestamp": "2022-07-08T05:42:12.550Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681098721Z", + "ingested": "2022-07-27T20:26:20.673000900Z", "kind": "event", "original": "2022-07-08 05:42:12.55 spid12s [2]. Feature Status: PVS: 0. CTR: 0. ConcurrentPFSUpdate: 1.", "type": [ @@ -1866,13 +1866,13 @@ { "@timestamp": "2022-07-08T05:42:12.550Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681099713Z", + "ingested": "2022-07-27T20:26:20.673001991Z", "kind": "event", "original": "2022-07-08 05:42:12.55 spid12s Starting up database 'tempdb'.", "type": [ @@ -1889,13 +1889,13 @@ { "@timestamp": "2022-07-08T05:42:12.630Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681100677Z", + "ingested": "2022-07-27T20:26:20.673003013Z", "kind": "event", "original": "2022-07-08 05:42:12.63 spid12s The tempdb database has 1 data file(s).", "type": [ @@ -1912,13 +1912,13 @@ { "@timestamp": "2022-07-08T05:42:12.650Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681101694Z", + "ingested": "2022-07-27T20:26:20.673004023Z", "kind": "event", "original": "2022-07-08 05:42:12.65 spid29s The Service Broker endpoint is in disabled or stopped state.", "type": [ @@ -1935,13 +1935,13 @@ { "@timestamp": "2022-07-08T05:42:12.660Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681102688Z", + "ingested": "2022-07-27T20:26:20.673005023Z", "kind": "event", "original": "2022-07-08 05:42:12.66 spid29s The Database Mirroring endpoint is in disabled or stopped state.", "type": [ @@ -1958,13 +1958,13 @@ { "@timestamp": "2022-07-08T05:42:12.660Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681103668Z", + "ingested": "2022-07-27T20:26:20.673006031Z", "kind": "event", "original": "2022-07-08 05:42:12.66 spid29s Service Broker manager has started.", "type": [ @@ -1981,13 +1981,13 @@ { "@timestamp": "2022-07-08T05:42:12.690Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681104672Z", + "ingested": "2022-07-27T20:26:20.673007036Z", "kind": "event", "original": "2022-07-08 05:42:12.69 spid9s Database 'msdb' running the upgrade step from version 902 to version 903.", "type": [ @@ -2004,13 +2004,13 @@ { "@timestamp": "2022-07-08T05:42:12.710Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681105641Z", + "ingested": "2022-07-27T20:26:20.673008049Z", "kind": "event", "original": "2022-07-08 05:42:12.71 spid9s Database 'msdb' running the upgrade step from version 903 to version 904.", "type": [ @@ -2027,13 +2027,13 @@ { "@timestamp": "2022-07-08T05:42:12.850Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681106627Z", + "ingested": "2022-07-27T20:26:20.673009049Z", "kind": "event", "original": "2022-07-08 05:42:12.85 spid9s Recovery is complete. This is an informational message only. No user action is required.", "type": [ @@ -2050,13 +2050,13 @@ { "@timestamp": "2022-07-08T05:42:12.860Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681107624Z", + "ingested": "2022-07-27T20:26:20.673010051Z", "kind": "event", "original": "2022-07-08 05:42:12.86 spid18s The default language (LCID 0) has been set for engine and full-text services.", "type": [ @@ -2073,13 +2073,13 @@ { "@timestamp": "2022-07-08T05:42:13.280Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681108601Z", + "ingested": "2022-07-27T20:26:20.673011078Z", "kind": "event", "original": "2022-07-08 05:42:13.28 spid18s The tempdb database has 8 data file(s).", "type": [ @@ -2096,13 +2096,13 @@ { "@timestamp": "2022-07-08T05:42:16.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681109595Z", + "ingested": "2022-07-27T20:26:20.673012140Z", "kind": "event", "original": "2022-07-08 05:42:16.00 spid39s The activated proc '[dbo].[sp_syspolicy_events_reader]' running on queue 'msdb.dbo.syspolicy_event_queue' output the following: 'Transaction (Process ID 39) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.'", "type": [ @@ -2119,13 +2119,13 @@ { "@timestamp": "2022-07-08T05:43:37.950Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681110565Z", + "ingested": "2022-07-27T20:26:20.673013144Z", "kind": "event", "original": "2022-07-08 05:43:37.95 spid51 Attempting to load library 'xplog70.dll' into memory. This is an informational message only. No user action is required.", "type": [ @@ -2142,13 +2142,13 @@ { "@timestamp": "2022-07-08T05:43:37.970Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681111536Z", + "ingested": "2022-07-27T20:26:20.673014146Z", "kind": "event", "original": "2022-07-08 05:43:37.97 spid51 Using 'xplog70.dll' version '2019.150.4236' to execute extended stored procedure 'xp_msver'. This is an informational message only; no user action is required.", "type": [ @@ -2165,13 +2165,13 @@ { "@timestamp": "2022-07-08T05:43:38.290Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681112525Z", + "ingested": "2022-07-27T20:26:20.673015167Z", "kind": "event", "original": "2022-07-08 05:43:38.29 spid54 Attempting to load library 'xpsqlbot.dll' into memory. This is an informational message only. No user action is required.", "type": [ @@ -2188,13 +2188,13 @@ { "@timestamp": "2022-07-08T05:43:38.300Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681113511Z", + "ingested": "2022-07-27T20:26:20.673016174Z", "kind": "event", "original": "2022-07-08 05:43:38.30 spid54 Using 'xpsqlbot.dll' version '2019.150.4236' to execute extended stored procedure 'xp_qv'. This is an informational message only; no user action is required.", "type": [ @@ -2211,13 +2211,13 @@ { "@timestamp": "2022-07-08T05:51:34.070Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681114499Z", + "ingested": "2022-07-27T20:26:20.673017178Z", "kind": "event", "original": "2022-07-08 05:51:34.07 Logon Error: 18456, Severity: 14, State: 8.", "type": [ @@ -2234,13 +2234,13 @@ { "@timestamp": "2022-07-08T05:51:34.070Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681115488Z", + "ingested": "2022-07-27T20:26:20.673018188Z", "kind": "event", "original": "2022-07-08 05:51:34.07 Logon Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 172.20.0.1]", "type": [ @@ -2257,13 +2257,13 @@ { "@timestamp": "2022-07-08T06:00:54.130Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681116491Z", + "ingested": "2022-07-27T20:26:20.673019212Z", "kind": "event", "original": "2022-07-08 06:00:54.13 spid9s Always On: The availability replica manager is going offline because SQL Server is shutting down. This is an informational message only. No user action is required.", "type": [ @@ -2280,13 +2280,13 @@ { "@timestamp": "2022-07-08T06:00:54.140Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681117494Z", + "ingested": "2022-07-27T20:26:20.673020223Z", "kind": "event", "original": "2022-07-08 06:00:54.14 spid9s SQL Server is terminating in response to a 'stop' request from Service Control Manager. This is an informational message only. No user action is required.", "type": [ @@ -2303,13 +2303,13 @@ { "@timestamp": "2022-07-08T06:00:54.330Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681118488Z", + "ingested": "2022-07-27T20:26:20.673021235Z", "kind": "event", "original": "2022-07-08 06:00:54.33 spid29s Service Broker manager has shut down.", "type": [ @@ -2326,13 +2326,13 @@ { "@timestamp": "2022-07-08T06:00:54.340Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681119472Z", + "ingested": "2022-07-27T20:26:20.673022240Z", "kind": "event", "original": "2022-07-08 06:00:54.34 spid9s .NET Framework runtime has been stopped.", "type": [ @@ -2349,13 +2349,13 @@ { "@timestamp": "2022-07-08T06:00:54.540Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ "database" ], - "ingested": "2022-07-14T05:55:30.681120444Z", + "ingested": "2022-07-27T20:26:20.673023249Z", "kind": "event", "original": "2022-07-08 06:00:54.54 spid9s SQL Trace was stopped due to server shutdown. Trace ID = '1'. This is an informational message only; no user action is required.", "type": [ diff --git a/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 8537ed13af8..bdd2d96a467 100644 --- a/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/microsoft_sqlserver/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -7,7 +7,7 @@ processors: ignore_missing: true - set: field: ecs.version - value: 8.3.0 + value: '8.4.0' - set: field: event.ingested value: '{{_ingest.timestamp}}' diff --git a/packages/microsoft_sqlserver/manifest.yml b/packages/microsoft_sqlserver/manifest.yml index 014e0f797d8..967314183bc 100644 --- a/packages/microsoft_sqlserver/manifest.yml +++ b/packages/microsoft_sqlserver/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: microsoft_sqlserver title: "Microsoft SQL Server" -version: "1.3.0" +version: "1.4.0" license: basic description: Collect events from Microsoft SQL Server with Elastic Agent type: integration diff --git a/packages/mimecast/_dev/build/build.yml b/packages/mimecast/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/mimecast/_dev/build/build.yml +++ b/packages/mimecast/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/mimecast/changelog.yml b/packages/mimecast/changelog.yml index 9a2a8ccc8b0..868a05267ff 100644 --- a/packages/mimecast/changelog.yml +++ b/packages/mimecast/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3867 - version: "1.2.1" changes: - description: Fix compression for SIEM logs. diff --git a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json index c7c3f4ffcf9..00767373ca6 100644 --- a/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json +++ b/packages/mimecast/data_stream/audit_events/_dev/test/pipeline/test-audit-events.log-expected.json @@ -18,7 +18,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "threat-intel-feed-download", @@ -71,7 +71,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "threat-intel-feed-download", @@ -124,7 +124,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user-logged-on", @@ -175,7 +175,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-requires-challenge", @@ -226,7 +226,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user-logged-on", @@ -276,7 +276,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mimecast-support-login", @@ -325,7 +325,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "mimecast-support-login", @@ -374,7 +374,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -437,7 +437,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "search-action", @@ -486,7 +486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -523,7 +523,7 @@ { "@timestamp": "2021-10-11T13:21:06.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "completed-directory-sync", @@ -564,7 +564,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "case-action", @@ -613,7 +613,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -664,7 +664,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "existing-archive-task-changed", @@ -713,7 +713,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "connectors-management", @@ -762,7 +762,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "page-data-exports", @@ -816,7 +816,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "custom-report-definition-created", @@ -865,7 +865,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "folder-log-entry", @@ -896,7 +896,7 @@ { "@timestamp": "2021-10-12T19:56:55.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user-password-changed", @@ -940,7 +940,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "remediation-incident-adjustment", @@ -989,7 +989,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "archive-mailbox-restore", @@ -1038,7 +1038,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "archive-mailbox-restore", @@ -1087,7 +1087,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "archive-mailbox-export-download", @@ -1136,7 +1136,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "review-set-action", @@ -1185,7 +1185,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "remediation-incident-adjustment", @@ -1234,7 +1234,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -1284,7 +1284,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -1335,7 +1335,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -1386,7 +1386,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "user-logged-on", @@ -1435,7 +1435,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", @@ -1486,7 +1486,7 @@ "ip": "67.43.156.15" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logon-authentication-failed", diff --git a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml index bb1c21b82ff..825aa7638b6 100644 --- a/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/audit_events/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json index 51ee3735f4d..a6500d8b5eb 100644 --- a/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json +++ b/packages/mimecast/data_stream/dlp_logs/_dev/test/pipeline/test-dlp-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -35,7 +35,7 @@ { "@timestamp": "2021-10-15T20:41:25.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -67,7 +67,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -99,7 +99,7 @@ { "@timestamp": "2021-10-15T20:41:22.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -131,7 +131,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -163,7 +163,7 @@ { "@timestamp": "2021-10-15T20:41:21.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -195,7 +195,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -227,7 +227,7 @@ { "@timestamp": "2021-10-15T20:41:19.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -259,7 +259,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -291,7 +291,7 @@ { "@timestamp": "2021-10-15T20:41:17.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml index 6775ef7e177..c071a15507e 100644 --- a/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/dlp_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json index b14e0cb5fc1..0be2921c1ea 100644 --- a/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json +++ b/packages/mimecast/data_stream/siem_logs/_dev/test/pipeline/test-siem-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-18T08:02:43.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -40,7 +40,7 @@ { "@timestamp": "2021-10-19T06:06:40.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -141,7 +141,7 @@ { "@timestamp": "2021-10-19T06:04:55.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -200,7 +200,7 @@ { "@timestamp": "2021-11-08T12:09:18.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "internal", @@ -232,7 +232,7 @@ { "@timestamp": "2021-11-08T12:10:19.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "internal", @@ -280,7 +280,7 @@ { "@timestamp": "2021-11-29T15:13:58.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml index 21c68a60242..7f10b119146 100644 --- a/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/siem_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json index 2532e47db69..0ee01750dc4 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/_dev/test/pipeline/test-threat-intel-malware-customer.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml index 92f5ae8376f..1691d42f5a9 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_customer/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json index f62a743f632..c9d9ea16220 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/_dev/test/pipeline/test-threat-intel-malware-grid.log-expected.json @@ -4,7 +4,7 @@ { "@timestamp": "2021-10-29T15:07:26.653Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -48,7 +48,7 @@ { "@timestamp": "2021-10-29T15:07:22.595Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -92,7 +92,7 @@ { "@timestamp": "2021-10-29T15:07:17.538Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -136,7 +136,7 @@ { "@timestamp": "2021-10-29T15:07:14.044Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -180,7 +180,7 @@ { "@timestamp": "2021-10-29T15:07:07.295Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -224,7 +224,7 @@ { "@timestamp": "2021-10-29T15:07:00.555Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -268,7 +268,7 @@ { "@timestamp": "2021-10-29T15:07:00.259Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", diff --git a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml index 2be785bf31d..7a9bcfc4807 100644 --- a/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/threat_intel_malware_grid/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: event.kind value: enrichment diff --git a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json index 238202dabf2..b22e9ad6a70 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ap_logs/_dev/test/pipeline/test-ttp-ap-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-14T18:54:32.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { @@ -105,7 +105,7 @@ { "@timestamp": "2021-10-14T11:24:23.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": { diff --git a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml index f610e4fb41a..cc6b9691473 100644 --- a/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ap_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json index 809812f105c..fd8abb2e1b8 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_ip_logs/_dev/test/pipeline/test-ttp-ip-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-15T17:10:46.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -59,7 +59,7 @@ { "@timestamp": "2021-10-15T06:16:34.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -115,7 +115,7 @@ { "@timestamp": "2021-10-13T16:12:07.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { diff --git a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml index 8031ef466ec..c3a8d114ee9 100644 --- a/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_ip_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json index c63a7914cdc..c48cb641e77 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json +++ b/packages/mimecast/data_stream/ttp_url_logs/_dev/test/pipeline/test-ttp-url-logs.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-16T14:45:34.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -66,7 +66,7 @@ { "@timestamp": "2021-10-16T14:07:38.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", @@ -129,7 +129,7 @@ { "@timestamp": "2021-10-16T13:31:56.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "direction": "inbound", diff --git a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml index 0a85a80fda4..87dcc81fbe7 100644 --- a/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml +++ b/packages/mimecast/data_stream/ttp_url_logs/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ processors: # Generic event/ecs fields we always want to populate. - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/mimecast/docs/README.md b/packages/mimecast/docs/README.md index 1ca87b0adcb..ee170537ec6 100644 --- a/packages/mimecast/docs/README.md +++ b/packages/mimecast/docs/README.md @@ -641,7 +641,7 @@ An example event for `threat_intel_malware_customer` looks as following: | threat.indicator.file.hash.sha256 | SHA256 hash. | keyword | | threat.indicator.first_seen | The date and time when intelligence source first reported sighting this indicator. | date | | threat.indicator.modified_at | The date and time when intelligence source last modified information for this indicator. | date | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | ### Threat Intel Feed Malware: Grid @@ -793,7 +793,7 @@ An example event for `threat_intel_malware_grid` looks as following: | threat.indicator.file.hash.sha256 | SHA256 hash. | keyword | | threat.indicator.first_seen | The date and time when intelligence source first reported sighting this indicator. | date | | threat.indicator.modified_at | The date and time when intelligence source last modified information for this indicator. | date | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | ### TTP Attachment Logs diff --git a/packages/mimecast/manifest.yml b/packages/mimecast/manifest.yml index 8900efa4df9..dae49cb57ba 100644 --- a/packages/mimecast/manifest.yml +++ b/packages/mimecast/manifest.yml @@ -2,7 +2,7 @@ format_version: 1.0.0 name: mimecast title: "Mimecast" -version: 1.2.1 +version: 1.3.0 license: basic description: Collect logs from Mimecast with Elastic Agent. type: integration