diff --git a/packages/panw/_dev/build/build.yml b/packages/panw/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/panw/_dev/build/build.yml +++ b/packages/panw/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/panw/changelog.yml b/packages/panw/changelog.yml index fdc1067d9e9..dc64eb8545a 100644 --- a/packages/panw/changelog.yml +++ b/packages/panw/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.1.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "3.0.2" changes: - description: Preserve original event for syslog messages. diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json index ee851a87f12..ea30cff17e4 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-authentication-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000-04:30", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json index 34ad6800b6a..8161f4f1879 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-config-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-25T20:25:39.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-set", @@ -60,7 +60,7 @@ { "@timestamp": "2021-10-25T20:25:19.000-04:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-set", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json index 3b656184559..9debb9cb102 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-correlated-events-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-02:30", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json index fe8c1500856..6c1a62a9ea8 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-decryption-sample.log-expected.json @@ -23,7 +23,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json index de5ae7bce51..44dd00871e8 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-globalprotect-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-24T11:30:00.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -84,7 +84,7 @@ { "@timestamp": "2021-03-24T11:29:49.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -180,7 +180,7 @@ { "@timestamp": "2021-04-07T17:41:30.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -266,7 +266,7 @@ { "@timestamp": "2021-04-07T17:41:29.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -363,7 +363,7 @@ { "@timestamp": "2021-04-07T17:41:28.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -443,7 +443,7 @@ { "@timestamp": "2021-03-02T09:55:39.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -527,7 +527,7 @@ { "@timestamp": "2021-03-02T11:01:02.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -621,7 +621,7 @@ { "@timestamp": "2021-03-02T09:39:26.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -699,7 +699,7 @@ { "@timestamp": "2021-03-02T09:47:13.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -784,7 +784,7 @@ { "@timestamp": "2021-10-22T11:10:05.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -857,7 +857,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -930,7 +930,7 @@ { "@timestamp": "2021-11-09T16:45:14.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json index 92f22029a6c..e86e05fc3d7 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-gtp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json index 1bf96e27ed1..4fc19ef61fe 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-hipmatch-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-03-02T10:06:25.000-06:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -75,7 +75,7 @@ { "@timestamp": "2019-10-09T10:20:15.000-06:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json index 17e3558fa4b..a0b46d77ca9 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-other-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2012-02-25T00:51:50.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-set", @@ -51,7 +51,7 @@ { "@timestamp": "2012-02-25T00:53:22.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-set", @@ -99,7 +99,7 @@ { "@timestamp": "2012-02-25T00:53:40.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-commit", @@ -146,7 +146,7 @@ { "@timestamp": "2012-02-25T00:53:53.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -187,7 +187,7 @@ { "@timestamp": "2012-02-25T00:53:56.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -228,7 +228,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -269,7 +269,7 @@ { "@timestamp": "2012-02-25T00:54:16.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -310,7 +310,7 @@ { "@timestamp": "2012-02-25T00:57:17.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-edit", @@ -358,7 +358,7 @@ { "@timestamp": "2012-02-25T00:57:36.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-commit", @@ -405,7 +405,7 @@ { "@timestamp": "2012-02-25T00:57:49.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -446,7 +446,7 @@ { "@timestamp": "2012-02-25T00:57:52.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -487,7 +487,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -528,7 +528,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -569,7 +569,7 @@ { "@timestamp": "2012-02-25T00:58:12.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -610,7 +610,7 @@ { "@timestamp": "2012-02-25T00:58:14.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -651,7 +651,7 @@ { "@timestamp": "2012-02-25T00:59:36.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -692,7 +692,7 @@ { "@timestamp": "2012-04-10T03:11:57.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -733,7 +733,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -774,7 +774,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -815,7 +815,7 @@ { "@timestamp": "2012-04-10T03:11:56.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -856,7 +856,7 @@ { "@timestamp": "2012-04-10T03:06:11.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -897,7 +897,7 @@ { "@timestamp": "2012-04-10T03:06:00.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -938,7 +938,7 @@ { "@timestamp": "2012-04-09T09:02:53.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -979,7 +979,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1020,7 +1020,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1061,7 +1061,7 @@ { "@timestamp": "2012-04-09T09:02:52.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1102,7 +1102,7 @@ { "@timestamp": "2012-04-09T09:00:55.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1143,7 +1143,7 @@ { "@timestamp": "2012-04-09T09:00:52.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1184,7 +1184,7 @@ { "@timestamp": "2012-04-09T09:00:35.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-commit", @@ -1231,7 +1231,7 @@ { "@timestamp": "2012-04-09T09:00:20.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "cmd-edit", @@ -1279,7 +1279,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1320,7 +1320,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1361,7 +1361,7 @@ { "@timestamp": "2012-04-09T03:21:53.000+05:45", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1421,7 +1421,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json index 17a4876186d..5e4f24359ae 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-threat-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -181,7 +181,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -342,7 +342,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -503,7 +503,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -664,7 +664,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -825,7 +825,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -986,7 +986,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1147,7 +1147,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1308,7 +1308,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1469,7 +1469,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1630,7 +1630,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1791,7 +1791,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1952,7 +1952,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2113,7 +2113,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2272,7 +2272,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2433,7 +2433,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2594,7 +2594,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2753,7 +2753,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2914,7 +2914,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3075,7 +3075,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3236,7 +3236,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3397,7 +3397,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3558,7 +3558,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3719,7 +3719,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3880,7 +3880,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4041,7 +4041,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4202,7 +4202,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4363,7 +4363,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4524,7 +4524,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4685,7 +4685,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4846,7 +4846,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5007,7 +5007,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5168,7 +5168,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5329,7 +5329,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5488,7 +5488,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5647,7 +5647,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5806,7 +5806,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5965,7 +5965,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6124,7 +6124,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6283,7 +6283,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6442,7 +6442,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6601,7 +6601,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6760,7 +6760,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6912,7 +6912,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -7075,7 +7075,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7234,7 +7234,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7393,7 +7393,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7552,7 +7552,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7711,7 +7711,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7870,7 +7870,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8029,7 +8029,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8188,7 +8188,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8347,7 +8347,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8499,7 +8499,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -8665,7 +8665,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8817,7 +8817,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -8976,7 +8976,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -9142,7 +9142,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9294,7 +9294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -9453,7 +9453,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -9619,7 +9619,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9778,7 +9778,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9937,7 +9937,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10089,7 +10089,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -10255,7 +10255,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10414,7 +10414,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -10566,7 +10566,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -10725,7 +10725,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -10891,7 +10891,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11043,7 +11043,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11209,7 +11209,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11361,7 +11361,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11520,7 +11520,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "file_match", @@ -11679,7 +11679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11838,7 +11838,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -11997,7 +11997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12156,7 +12156,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12322,7 +12322,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12474,7 +12474,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12633,7 +12633,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12792,7 +12792,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -12951,7 +12951,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13110,7 +13110,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13269,7 +13269,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13428,7 +13428,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13587,7 +13587,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13746,7 +13746,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -13905,7 +13905,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14064,7 +14064,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14223,7 +14223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14389,7 +14389,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14541,7 +14541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14700,7 +14700,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -14866,7 +14866,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15018,7 +15018,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15177,7 +15177,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15336,7 +15336,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15495,7 +15495,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15654,7 +15654,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", @@ -15813,7 +15813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "data_match", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json index a6fc16697ac..97390d36bbc 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic-sample.log-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -140,7 +140,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -258,7 +258,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -376,7 +376,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -494,7 +494,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -612,7 +612,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -730,7 +730,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -848,7 +848,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -966,7 +966,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1084,7 +1084,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1202,7 +1202,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1320,7 +1320,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1438,7 +1438,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1556,7 +1556,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -1674,7 +1674,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1792,7 +1792,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1910,7 +1910,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2028,7 +2028,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2146,7 +2146,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2264,7 +2264,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2382,7 +2382,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2500,7 +2500,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -2618,7 +2618,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2736,7 +2736,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2854,7 +2854,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2972,7 +2972,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3090,7 +3090,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3208,7 +3208,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3326,7 +3326,7 @@ "port": 13069 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3444,7 +3444,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3562,7 +3562,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3680,7 +3680,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3798,7 +3798,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -3916,7 +3916,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4034,7 +4034,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4152,7 +4152,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4270,7 +4270,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4388,7 +4388,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4506,7 +4506,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4624,7 +4624,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -4733,7 +4733,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -4851,7 +4851,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -4960,7 +4960,7 @@ "port": 40026 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5078,7 +5078,7 @@ "port": 40029 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5196,7 +5196,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5305,7 +5305,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -5423,7 +5423,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -5541,7 +5541,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -5659,7 +5659,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -5777,7 +5777,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5895,7 +5895,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6013,7 +6013,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6131,7 +6131,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6249,7 +6249,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6367,7 +6367,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6485,7 +6485,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -6603,7 +6603,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -6721,7 +6721,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -6839,7 +6839,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -6957,7 +6957,7 @@ "port": 40043 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7075,7 +7075,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7193,7 +7193,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7311,7 +7311,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7429,7 +7429,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7547,7 +7547,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7665,7 +7665,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7783,7 +7783,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -7901,7 +7901,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8019,7 +8019,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8137,7 +8137,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8255,7 +8255,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8373,7 +8373,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8491,7 +8491,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8609,7 +8609,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8727,7 +8727,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8845,7 +8845,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -8963,7 +8963,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -9071,7 +9071,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9189,7 +9189,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9307,7 +9307,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9415,7 +9415,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9523,7 +9523,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9641,7 +9641,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -9759,7 +9759,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -9877,7 +9877,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -9995,7 +9995,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10113,7 +10113,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10221,7 +10221,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10339,7 +10339,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10457,7 +10457,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10575,7 +10575,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10693,7 +10693,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -10811,7 +10811,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10929,7 +10929,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -11047,7 +11047,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -11165,7 +11165,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -11273,7 +11273,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11391,7 +11391,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -11509,7 +11509,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -11627,7 +11627,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json index c3a136039a5..526d5552d1f 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-inc-traffic.json-expected.json @@ -22,7 +22,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json index 776b03e3a2f..d6c14f4a6f6 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-ip-tag-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2019-11-23T00:44:44.000+01:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json index 2ea5e14b72a..fdffe89b8cc 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-sctp-sample.log-expected.json @@ -20,7 +20,7 @@ "port": 9551 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json index fa2b3dfdfcd..ecbd034f69f 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-system-sample.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2021-10-26T15:05:03.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -54,7 +54,7 @@ { "@timestamp": "2021-10-26T14:49:02.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json index 5f37d271ae6..2f0ce9e5c54 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-threat-sample.log-expected.json @@ -24,7 +24,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -181,7 +181,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -338,7 +338,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -495,7 +495,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -652,7 +652,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -809,7 +809,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -966,7 +966,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1123,7 +1123,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1280,7 +1280,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1437,7 +1437,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1594,7 +1594,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1751,7 +1751,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -1908,7 +1908,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2065,7 +2065,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2222,7 +2222,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2379,7 +2379,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2536,7 +2536,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2693,7 +2693,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -2850,7 +2850,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3007,7 +3007,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3164,7 +3164,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3321,7 +3321,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3478,7 +3478,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3635,7 +3635,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3792,7 +3792,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -3949,7 +3949,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4106,7 +4106,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4263,7 +4263,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4420,7 +4420,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4577,7 +4577,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4734,7 +4734,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -4891,7 +4891,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5048,7 +5048,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5205,7 +5205,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5362,7 +5362,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5519,7 +5519,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5676,7 +5676,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5833,7 +5833,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -5990,7 +5990,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6147,7 +6147,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6304,7 +6304,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6461,7 +6461,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6618,7 +6618,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6775,7 +6775,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -6932,7 +6932,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7089,7 +7089,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7246,7 +7246,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7403,7 +7403,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7560,7 +7560,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7717,7 +7717,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -7874,7 +7874,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8031,7 +8031,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8188,7 +8188,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8345,7 +8345,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8502,7 +8502,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8659,7 +8659,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8816,7 +8816,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -8973,7 +8973,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9130,7 +9130,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9287,7 +9287,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9444,7 +9444,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9601,7 +9601,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9758,7 +9758,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -9915,7 +9915,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10072,7 +10072,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10229,7 +10229,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10386,7 +10386,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10543,7 +10543,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10700,7 +10700,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -10857,7 +10857,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11014,7 +11014,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11171,7 +11171,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11328,7 +11328,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11485,7 +11485,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11642,7 +11642,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11799,7 +11799,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "url_filtering", @@ -11956,7 +11956,7 @@ "port": 36524 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "virus_detected", @@ -12144,7 +12144,7 @@ "port": 36524 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "virus_detected", @@ -12332,7 +12332,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -12519,7 +12519,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -12703,7 +12703,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -12890,7 +12890,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -13077,7 +13077,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -13264,7 +13264,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -13451,7 +13451,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -13635,7 +13635,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -13819,7 +13819,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14003,7 +14003,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14190,7 +14190,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14377,7 +14377,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14564,7 +14564,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14753,7 +14753,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -14929,7 +14929,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -15121,7 +15121,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -15297,7 +15297,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -15486,7 +15486,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -15662,7 +15662,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -15854,7 +15854,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16030,7 +16030,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16222,7 +16222,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16398,7 +16398,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16590,7 +16590,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16766,7 +16766,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -16958,7 +16958,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -17134,7 +17134,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -17326,7 +17326,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -17507,7 +17507,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -17683,7 +17683,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -17875,7 +17875,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18051,7 +18051,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18243,7 +18243,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18419,7 +18419,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18611,7 +18611,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18787,7 +18787,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -18976,7 +18976,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -19152,7 +19152,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -19344,7 +19344,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -19520,7 +19520,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -19712,7 +19712,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -19888,7 +19888,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20080,7 +20080,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20256,7 +20256,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20443,7 +20443,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20635,7 +20635,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20816,7 +20816,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -20992,7 +20992,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -21184,7 +21184,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -21360,7 +21360,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -21552,7 +21552,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -21728,7 +21728,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -21920,7 +21920,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -22096,7 +22096,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -22285,7 +22285,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -22461,7 +22461,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -22648,7 +22648,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -22840,7 +22840,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23021,7 +23021,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23197,7 +23197,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23389,7 +23389,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23565,7 +23565,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23752,7 +23752,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -23944,7 +23944,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -24125,7 +24125,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -24301,7 +24301,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -24493,7 +24493,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -24674,7 +24674,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -24850,7 +24850,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25037,7 +25037,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25229,7 +25229,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25410,7 +25410,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25586,7 +25586,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25770,7 +25770,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -25959,7 +25959,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -26135,7 +26135,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -26327,7 +26327,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -26503,7 +26503,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -26687,7 +26687,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -26879,7 +26879,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27060,7 +27060,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27236,7 +27236,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27428,7 +27428,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27604,7 +27604,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27796,7 +27796,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -27972,7 +27972,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -28164,7 +28164,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -28340,7 +28340,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -28532,7 +28532,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -28708,7 +28708,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -28900,7 +28900,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29076,7 +29076,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29263,7 +29263,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29455,7 +29455,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29631,7 +29631,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29820,7 +29820,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -29996,7 +29996,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -30183,7 +30183,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -30375,7 +30375,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -30551,7 +30551,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -30743,7 +30743,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -30919,7 +30919,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -31111,7 +31111,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -31292,7 +31292,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -31468,7 +31468,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -31660,7 +31660,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -31836,7 +31836,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -32028,7 +32028,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", @@ -32204,7 +32204,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "spyware_detected", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json index 4e21c143f18..02fd938cb93 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-traffic-sample.log-expected.json @@ -26,7 +26,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -215,7 +215,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -398,7 +398,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -587,7 +587,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -770,7 +770,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -959,7 +959,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1148,7 +1148,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1331,7 +1331,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1520,7 +1520,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1709,7 +1709,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -1898,7 +1898,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2087,7 +2087,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2276,7 +2276,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2465,7 +2465,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2654,7 +2654,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -2843,7 +2843,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3026,7 +3026,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3215,7 +3215,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3404,7 +3404,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3593,7 +3593,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3776,7 +3776,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -3965,7 +3965,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -4154,7 +4154,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -4343,7 +4343,7 @@ "port": 4282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_dropped", @@ -4532,7 +4532,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_denied", @@ -4715,7 +4715,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -4900,7 +4900,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -5086,7 +5086,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5275,7 +5275,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5464,7 +5464,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5647,7 +5647,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -5830,7 +5830,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6019,7 +6019,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6208,7 +6208,7 @@ "port": 4282 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6397,7 +6397,7 @@ "port": 17472 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6586,7 +6586,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6775,7 +6775,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -6964,7 +6964,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7153,7 +7153,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7342,7 +7342,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7531,7 +7531,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7720,7 +7720,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -7909,7 +7909,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8098,7 +8098,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8287,7 +8287,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8476,7 +8476,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8665,7 +8665,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -8854,7 +8854,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9043,7 +9043,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9232,7 +9232,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9411,7 +9411,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9600,7 +9600,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9789,7 +9789,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -9978,7 +9978,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10167,7 +10167,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10356,7 +10356,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10545,7 +10545,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10734,7 +10734,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -10923,7 +10923,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11112,7 +11112,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11301,7 +11301,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11490,7 +11490,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11679,7 +11679,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -11868,7 +11868,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -12057,7 +12057,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -12246,7 +12246,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -12435,7 +12435,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -12624,7 +12624,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -12813,7 +12813,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13002,7 +13002,7 @@ "port": 80 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13191,7 +13191,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13380,7 +13380,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13569,7 +13569,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13758,7 +13758,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -13947,7 +13947,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -14136,7 +14136,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -14325,7 +14325,7 @@ "port": 123 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -14514,7 +14514,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -14702,7 +14702,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -14890,7 +14890,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -15078,7 +15078,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -15266,7 +15266,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -15455,7 +15455,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -15644,7 +15644,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -15833,7 +15833,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16022,7 +16022,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16211,7 +16211,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16400,7 +16400,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16589,7 +16589,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16778,7 +16778,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -16967,7 +16967,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -17156,7 +17156,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -17345,7 +17345,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -17534,7 +17534,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -17723,7 +17723,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -17906,7 +17906,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -18095,7 +18095,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -18284,7 +18284,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -18473,7 +18473,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -18662,7 +18662,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -18850,7 +18850,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19027,7 +19027,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19200,7 +19200,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19377,7 +19377,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19554,7 +19554,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19722,7 +19722,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -19909,7 +19909,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -20087,7 +20087,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -20274,7 +20274,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -20461,7 +20461,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -20648,7 +20648,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -20834,7 +20834,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -21011,7 +21011,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -21189,7 +21189,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -21376,7 +21376,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -21554,7 +21554,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -21741,7 +21741,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -21914,7 +21914,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -22092,7 +22092,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -22279,7 +22279,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -22456,7 +22456,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -22633,7 +22633,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -22811,7 +22811,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -22999,7 +22999,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -23185,7 +23185,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -23363,7 +23363,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -23551,7 +23551,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -23737,7 +23737,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -23915,7 +23915,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -24093,7 +24093,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -24280,7 +24280,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -24457,7 +24457,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -24625,7 +24625,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -24812,7 +24812,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -24980,7 +24980,7 @@ "port": 137 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -25167,7 +25167,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -25340,7 +25340,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -25518,7 +25518,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -25705,7 +25705,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -25882,7 +25882,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -26060,7 +26060,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -26248,7 +26248,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -26435,7 +26435,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -26613,7 +26613,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -26800,7 +26800,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -26968,7 +26968,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -27155,7 +27155,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -27332,7 +27332,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -27509,7 +27509,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -27682,7 +27682,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -27859,7 +27859,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -28037,7 +28037,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -28224,7 +28224,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -28410,7 +28410,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -28588,7 +28588,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -28775,7 +28775,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -28961,7 +28961,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -29139,7 +29139,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -29326,7 +29326,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -29513,7 +29513,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -29700,7 +29700,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -29887,7 +29887,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -30074,7 +30074,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -30260,7 +30260,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -30437,7 +30437,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -30615,7 +30615,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -30802,7 +30802,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -30980,7 +30980,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -31158,7 +31158,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -31345,7 +31345,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -31523,7 +31523,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -31710,7 +31710,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -31888,7 +31888,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -32075,7 +32075,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -32252,7 +32252,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -32425,7 +32425,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -32603,7 +32603,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -32790,7 +32790,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -32968,7 +32968,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -33155,7 +33155,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -33332,7 +33332,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -33509,7 +33509,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -33687,7 +33687,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -33874,7 +33874,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -34061,7 +34061,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -34247,7 +34247,7 @@ "port": 138 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -34421,7 +34421,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -34608,7 +34608,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -34795,7 +34795,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -34981,7 +34981,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -35158,7 +35158,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -35335,7 +35335,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -35513,7 +35513,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -35700,7 +35700,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -35886,7 +35886,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -36063,7 +36063,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -36240,7 +36240,7 @@ "port": 30514 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_terminated", @@ -36418,7 +36418,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", @@ -36605,7 +36605,7 @@ "port": 53 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json index 73846fa5369..0a6f07f3779 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-tunnel-inspection-sample.log-expected.json @@ -29,7 +29,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "flow_started", diff --git a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json index 7368925fdb7..ba7083532d2 100644 --- a/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json +++ b/packages/panw/data_stream/panos/_dev/test/pipeline/test-panw-panos-userid-sample.log-expected.json @@ -6,7 +6,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -111,7 +111,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -204,7 +204,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -284,7 +284,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -364,7 +364,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -444,7 +444,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -524,7 +524,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -617,7 +617,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -710,7 +710,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -803,7 +803,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -895,7 +895,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -987,7 +987,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -1079,7 +1079,7 @@ "port": 0 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ diff --git a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml index c3f9654bc71..7bbf08c7359 100644 --- a/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw/data_stream/panos/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: "Pipeline for Palo Alto Networks PAN-OS Logs" processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - set: field: observer.vendor value: Palo Alto Networks diff --git a/packages/panw/docs/README.md b/packages/panw/docs/README.md index f305487ea09..a6dabc66018 100644 --- a/packages/panw/docs/README.md +++ b/packages/panw/docs/README.md @@ -326,7 +326,7 @@ An example event for `panos` looks as following: | network.application | When a specific application or service is identified from network connection details (source/dest IPs, ports, certificates, or wire format), this field captures the application's or service's name. For example, the original event identifies the network connection being from a specific web service in a `https` network connection, like `facebook` or `twitter`. The field value must be normalized to lowercase for querying. | keyword | | network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | | network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | | network.forwarded_ip | Host IP address when the source IP address is the proxy. | ip | | network.packets | Total packets transferred in both directions. If `source.packets` and `destination.packets` are known, `network.packets` is their sum. | long | | network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | diff --git a/packages/panw/manifest.yml b/packages/panw/manifest.yml index a6c79ceac58..93de7b5173f 100644 --- a/packages/panw/manifest.yml +++ b/packages/panw/manifest.yml @@ -1,6 +1,6 @@ name: panw title: Palo Alto Next-Gen Firewall -version: 3.0.2 +version: 3.1.0 release: ga description: Collect logs from Palo Alto next-gen firewalls with Elastic Agent. type: integration diff --git a/packages/panw_cortex_xdr/_dev/build/build.yml b/packages/panw_cortex_xdr/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/panw_cortex_xdr/_dev/build/build.yml +++ b/packages/panw_cortex_xdr/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/panw_cortex_xdr/changelog.yml b/packages/panw_cortex_xdr/changelog.yml index 5ff1ab777da..0b54fc22a5a 100644 --- a/packages/panw_cortex_xdr/changelog.yml +++ b/packages/panw_cortex_xdr/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "1.3.3" changes: - description: Fix possible endless pagination. diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json index 2cee2d9edaf..45a6432de32 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr-bioc.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2020-05-06T19:15:14.182Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "DETECTED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json index 1a417bafcfb..9556cd73927 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json +++ b/packages/panw_cortex_xdr/data_stream/alerts/_dev/test/pipeline/test-panw-xdr.log-expected.json @@ -19,7 +19,7 @@ "port": 443 }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "BLOCKED_9", @@ -124,7 +124,7 @@ { "@timestamp": "2020-02-21T08:36:19.588Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "BLOCKED", diff --git a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml index 099284420fe..43997963a2a 100644 --- a/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml +++ b/packages/panw_cortex_xdr/data_stream/alerts/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for Palo Alto XDR API. processors: - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: event.kind value: alert diff --git a/packages/panw_cortex_xdr/manifest.yml b/packages/panw_cortex_xdr/manifest.yml index cdf1d9b4216..088cdaadbfd 100644 --- a/packages/panw_cortex_xdr/manifest.yml +++ b/packages/panw_cortex_xdr/manifest.yml @@ -1,6 +1,6 @@ name: panw_cortex_xdr title: Palo Alto Cortex XDR -version: 1.3.3 +version: 1.4.0 release: ga description: Collect logs from Palo Alto Cortex XDR with Elastic Agent. type: integration diff --git a/packages/proofpoint/_dev/build/build.yml b/packages/proofpoint/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/proofpoint/_dev/build/build.yml +++ b/packages/proofpoint/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/proofpoint/changelog.yml b/packages/proofpoint/changelog.yml index b0f6e4d98b0..3b2fdca047b 100644 --- a/packages/proofpoint/changelog.yml +++ b/packages/proofpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "0.8.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json b/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json index 539b9b110df..2f6a2488f47 100644 --- a/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json +++ b/packages/proofpoint/data_stream/emailsecurity/_dev/test/pipeline/test-generated.log-expected.json @@ -2,7 +2,7 @@ "expected": [ { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "January 29 06:09:59 avolupt low mod=perl cmd=clone cmd=olab id=nto duration=sse", "tags": [ @@ -11,7 +11,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/02/12T13:12:33.umdo itessequ session_store[vol]: info luptat high s=nibus mod=mipsumq cmd=gnaali module=enatus rule=mquia folder=ameaqu pri=aqu duration=utper", "tags": [ @@ -20,7 +20,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "February 26 20:15:08 emape low s=incidi mod=session_connect cmd=nse ip=10.46.185.46 country=temvel lip=iatu prot=serror hops_active=anti routes=ofdeF notroutes=metcons perlwait=roinBCS", "tags": [ @@ -29,7 +29,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/03/12T03:17:42.iam mqua queued-eurort[3391]: olab: from=mquisnos, size=5771, class=ore, nrcpts=etconsec, msgid=err, proto=rdp, daemon=mUt, tls_verify=usmodte, auth=ele, relay=tenbyCic5882.api.home [10.69.20.77]", "tags": [ @@ -38,7 +38,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "March 26 10:20:16 pteursi medium mod=service cmd=refresh cmd=turveli duration=toccae", "tags": [ @@ -47,7 +47,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 9 17:22:51 ccusan low mod=zerohour type=Ciceroi cmd=refresh id=aveniam version=uradi", "tags": [ @@ -56,7 +56,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 24 00:25:25 aboreetd high mod=smtpsrv cmd=listen cmd=dun addr=10.89.185.38", "tags": [ @@ -65,7 +65,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "May 8 07:27:59 ctetura medium mod=zerohour type=dolore cmd=init id=abor version=iqui", "tags": [ @@ -74,7 +74,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "May 22 14:30:33 ritatis oloremi high s=icab mod=av_run cmd=mwr rule=fugi name=inculpaq cleaned=agna vendor=tionemu duration=eomnisis", "tags": [ @@ -83,7 +83,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/06/05T21:33:08.incidi picia queued-reinject[mUtenima]: warn emaperi[7183]: sumquiad: from=dexeaco, size=6178, class=colabor, nrcpts=iusmodt, msgid=etdolo, proto=tcp, daemon=lorumw, relay=ommod3671.mail.domain", "tags": [ @@ -92,7 +92,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "June 20 04:35:42 imadmi high s=tion mod=session_judge cmd=eataev module=liquide rule=uasia", "tags": [ @@ -101,7 +101,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/07/04T11:38:16.uames tati access_run[utaliqu]: warn oriosamn medium s=santium m=iciatisu x=rehender mod=eporroqu cmd=uat rule=tem duration=est", "tags": [ @@ -110,7 +110,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "July 18 18:40:50 samvolu err eid=ittenbyC module=isc age=aturve limit=emulla", "tags": [ @@ -119,7 +119,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/08/02T01:43:25.itame eumfug zerohour_init[lit]: note asun low mod=quamnih type=oluptate cmd=onseq id=serunt version=aquaeabi", "tags": [ @@ -128,7 +128,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "August 16 08:45:59 ento warn eid=pic status=\"evita file suntexp does not contain enough (or correct) info. Fix this or remove the file.\"", "tags": [ @@ -137,7 +137,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "August 30 15:48:33 tmo very-high s=abi mod=spam_run cmd=sectetur rule=uioffi policy=oru score=temqu ndrscore=edol ipscore=colab suspectscore=ommodico phishscore=quatD bulkscore=mcolab spamscore=67.309000 adjustscore=tenima adultscore=tsedqu classifier=agnid adjust=proide reason=dolorem scancount=tlab engine=volupt definitions=osqui raw=xerc tests=iutali duration=fdeFi", "tags": [ @@ -146,7 +146,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/09/13T22:51:07.sequine ectio dkimv_type[dutper]: err lamcolab: low mod=radi unexpected response type=gel", "tags": [ @@ -155,7 +155,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "September 28 05:53:42 xeacomm very-high mod=av type=aturQui cmd=load id=utlabor", "tags": [ @@ -164,7 +164,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "October 12 12:56:16 madmi tur low s=uatD mod=mail_attachment cmd=ariatu id=edquiac file=nci mime=tev type=saute omime=ntocca oext=ostru corrupted=ntoccae protected=autf size=3471 virtual=temquiav", "tags": [ @@ -173,7 +173,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/10/26T19:58:50.tor qui queued-aglife[4499]: eavolup: to=fugiatn, delay=docon, xdelay=etconsec, mailer=ios, pri=evolu, relay=ersp3536.www5.lan, dsn=sauteiru, stat=mod", "tags": [ @@ -182,7 +182,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016/11/10T03:01:24.iquipe itempor mail_env_rcpt[quin]: err upida high s=nve m=remag x=uredol mod=ccaecat cmd=tquiin r=7440 value=temqu verified=ovol routes=ptasn", "tags": [ @@ -191,7 +191,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "November 24 10:03:59 idolore low mod=spam type=eetdolo cmd=refresh id=cteturad engine=untut definitions=uamni", "tags": [ @@ -200,7 +200,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "December 8 17:06:33 orumSe high mod=regulation type=isnost cmd=init id=queips action=cancel dict=itess file=iscinge", "tags": [ @@ -209,7 +209,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2016-12-23T12:09:07.inci atatn queued-alert[temUt]: info avol[752]: STARTTLS=essequam, relay=[10.193.83.81], version=1.5020, verify=str, cipher=iat, bits=etur", "tags": [ @@ -218,7 +218,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/01/06T07:11:41.isnostr umqu smtpsrv_run[tinv]: warn adipisc medium mod=isnisi cmd=ritatise rule=uamei duration=siut", "tags": [ @@ -227,7 +227,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/01/20T14:14:16.ttenby boris dkimv_run[stenatu]: err isiuta low s=ratv m=riat x=ianon mod=tsed cmd=nts status=\"siut, tconsect\"", "tags": [ @@ -236,7 +236,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/02/03T21:16:50.ctetura aveni sendmail[elit]: note seosqui sequamni[3866]: STARTTLS=tdol, relay=sit6590.lan [10.123.143.188], version=ncididun, verify=umSe, cipher=xeacomm, bits=cinge", "tags": [ @@ -245,7 +245,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "February 18 04:19:24 runtmol very-high mod=spam type=odi cmd=load id=ptass", "tags": [ @@ -254,7 +254,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "March 4 11:21:59 aec medium mod=spam type=iduntu cmd=load id=ccaeca", "tags": [ @@ -263,7 +263,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "March 18 18:24:33 leumiu tla very-high s=uaeratv mod=session_connect cmd=isa ip=10.38.65.236 country=dqu lip=pid prot=rExc hops_active=iusmo routes=tame notroutes=naaliq perlwait=nte", "tags": [ @@ -272,7 +272,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/04/02T01:27:07.ullamcor itationu dmarc_run[proident]: rprt maliquam medium s=atione m=lores x=ritati mod=orisni cmd=ons rule=remagn duration=ecillu", "tags": [ @@ -281,7 +281,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 16 08:29:41 umetMalo high mod=av type=utp cmd=refresh id=aeconseq vendor=lor engine=Sedut definitions=yCiceroi signatures=quunt", "tags": [ @@ -290,7 +290,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 30 15:32:16 aliq low mod=access type=teni cmd=refresh id=dquiac action=accept dict=tore file=elits", "tags": [ @@ -299,7 +299,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/05/14T22:34:50.uamnihi risnis mail_release[uov]: info itlab low s=sBono m=loremqu x=tetur mod=amvo cmd=siuta status=failure err=ommodo", "tags": [ @@ -308,7 +308,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "May 29 05:37:24 atv high mod=access type=quira cmd=refresh id=rehende action=block dict=obeataev file=tempor", "tags": [ @@ -317,7 +317,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "June 12 12:39:58 tlaboree note s=norumet m=dtempo x=tin module=fugitse action=deny size=3916", "tags": [ @@ -326,7 +326,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/06/26T19:42:33.aturQu aaliq session_store[mipsamvo]: warn eiusmod very-high s=reetdo m=oreveri x=ehende mod=eaqueip cmd=eum module=lamc rule=umetMal folder=asper pri=umq duration=naal", "tags": [ @@ -335,7 +335,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/07/11T02:45:07.uto iuntNequ pdr_ttl[esseq]: warn aincidun low s=veniamq mod=occ ttl=oloreseo reply=\"\\\"iruredol rscore=veniamqu\\\"\"", "tags": [ @@ -344,7 +344,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "July 25 09:47:41 minim ataevi low s=repreh mod=av_run cmd=plic rule=irured name=illumqui cleaned=saq vendor=amali duration=ate", "tags": [ @@ -353,7 +353,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/08/08T16:50:15.autfugi tasun mail_continue-system-sendmail[duntutla]: err ntium low s=asuntexp mod=adminim cmd=orisni action=cancel err=lmole", "tags": [ @@ -362,7 +362,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/08/22T23:52:50.dolorem tem spam_init[exeacomm]: info aspe very-high mod=mides type=ciun cmd=olupta id=tsuntinc engine=inrepreh definitions=quovo", "tags": [ @@ -371,7 +371,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "September 6 06:55:24 occaec acommodi medium s=quaeab mod=mail_env_rcpt cmd=fici r=5161 value=dipiscin verified=olup routes=aco", "tags": [ @@ -380,7 +380,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/09/20T13:57:58.mag tob smtpsrv_load[dolores]: rprt equamnih high mod=deF type=itempo cmd=orumw id=redol", "tags": [ @@ -389,7 +389,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "October 4 21:00:32 radipis high s=tiumto mod=mail_env_from cmd=litan value=nder qid=stenatus tls=equep routes=ever notroutes=tali host=BCS3474.lan ip=10.1.204.187 sampling=quin", "tags": [ @@ -398,7 +398,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/10/19T04:03:07.nculpaq culpaqui regulation_init[tvolup]: note tdolore low mod=col type=obea cmd=emp id=agnaaliq action=cancel dict=uptatem file=oinv", "tags": [ @@ -407,7 +407,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "queued-reinject[2957]: odt", "tags": [ @@ -416,7 +416,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/11/16T18:08:15.caecat rautod rprt[olest]: info eataev very-high s=ritati m=edquia x=itesse mod=mullam cmd=mexerc secprofile_name=meaque rcpts=5808 duration=mip", "tags": [ @@ -425,7 +425,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/12/01T01:10:49.deriti sintocc session_throttle[cididu]: rprt uteir high s=mwrit mod=ptat cmd=der rule=equuntur ip=10.219.133.187 rate=quameiu crate=diduntu limit=eiusmod", "tags": [ @@ -434,7 +434,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "December 15 08:13:24 tassita very-high mod=smtpsrv cmd=run cmd=oremi rule=ugitsedq duration=turmag", "tags": [ @@ -443,7 +443,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2017/12/29T15:15:58.consecte pteurs dkimv_run[catcupi]: info autf very-high s=tiaecon m=uaturve x=amquisno mod=uido cmd=tla signature=mquiad identity=CSe host=lors7553.api.local result=unknown result_detail=rroqui", "tags": [ @@ -452,7 +452,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/01/12T22:18:32.itae dtempo cvtd[atnula]: warn ditautf low mod=iquidex cmd=olup", "tags": [ @@ -461,7 +461,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/01/27T05:21:06.rspici snisi queued-aglife[766]: olor: to=etquasia, delay=nula, xdelay=quiacons, mailer=uisa, pri=xeacommo, relay=[10.65.174.31], dsn=atur, stat=issu", "tags": [ @@ -470,7 +470,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/02/10T12:23:41.ite tasnul note[tuserr]: note tise very-high s=tnul m=expl x=ess module=quiad action=cancel size=6084", "tags": [ @@ -479,7 +479,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/02/24T19:26:15.llumq tenim spam_init[eiusmo]: warn ainc medium mod=antiumdo type=ecill cmd=iduntu id=pisci engine=sunt definitions=texplica", "tags": [ @@ -488,7 +488,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "March 11 02:28:49 ate action_checksubmsg s=con m=tqu x=eirur action=accept score=tametco submsgadjust=mquisnos spamscore=25.933000 suspectscore=cit malwarescore=siar phishscore=isn adultscore=veniamq bulkscore=lup tests=iumtotam", "tags": [ @@ -497,7 +497,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/03/25T09:31:24.voluptas velill regulation_init[rspic]: err orinrepr high mod=meum type=borumSec cmd=aecatcup id=snisiut action=allow dict=nre file=inB", "tags": [ @@ -506,7 +506,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/04/08T16:33:58.upt ulamc cvt_detect[cept]: err aedictas low pid=4253 mod=orio cmd=gna name=ici status=success err=olu", "tags": [ @@ -515,7 +515,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/04/22T23:36:32.seq moll queued-VoltageEncrypt[2861]: sunt: from=dquianon, size=956, class=itesse, nrcpts=iamqui, msgid=quide, proto=igmp, daemon=cididun, relay=str4641.domain [10.151.31.58]", "tags": [ @@ -524,7 +524,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/05/07T06:39:06.cti rumSecti session_throttle[riamea]: info eca very-high s=tes mod=equam cmd=isi rule=iaecon ip=10.119.38.124 rate=rep crate=remap limit=deri", "tags": [ @@ -533,7 +533,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "May 21 13:41:41 scipit high pid=745 mod=cvt cmd=detect cmd=borisnis name=onorumet status=success err=isiutali", "tags": [ @@ -542,7 +542,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "June 4 20:44:15 aedict low mod=cvtd cmd=miurere", "tags": [ @@ -551,7 +551,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/06/19T03:46:49.seq rumSe queued-vdedc2v5[tatnonp]: rprt ommo[4821]: idunt: to=expl, delay=olore, xdelay=uian, mailer=atuserro, pri=madminim, relay=[10.52.47.230] [10.113.119.47], dsn=quioff, stat=iuntN", "tags": [ @@ -560,7 +560,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/07/03T10:49:23.mquis lorsi filter[tetura]: rprt eeufug high mod=modt sig=iduntutl", "tags": [ @@ -569,7 +569,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "July 17 17:51:58 expl very-high pid=prehende mod=cvtd cmd=encrypted encrypted=lup", "tags": [ @@ -578,7 +578,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "August 1 00:54:32 umd sumd medium s=dat mod=session_judge cmd=aUtenima module=turQuis rule=taevi", "tags": [ @@ -587,7 +587,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/08/15T07:57:06.ercitati eve spf_run[rro]: err oeiusmo very-high s=cusanti m=tconse x=rem mod=tseddoei cmd=teursint rule=etMa duration=llita", "tags": [ @@ -596,7 +596,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/08/29T14:59:40.nostrum orroquis av_init[eumi]: info tvo low mod=tuser type=mmo cmd=eve id=nbyCicer vendor=scipit engine=equuntu definitions=quamni signatures=turveli", "tags": [ @@ -605,7 +605,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "September 12 22:02:15 ihilm medium s=caboNemo mod=mltr uptas", "tags": [ @@ -614,7 +614,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/09/27T05:04:49.dol exe info[tis]: note oluptat low eid=tinvolup pid=497 status=tvol", "tags": [ @@ -623,7 +623,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "October 11 12:07:23 eritqui medium s=atus mod=session_judge cmd=tassitas module=obea rule=velite", "tags": [ @@ -632,7 +632,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/10/25T19:09:57.lore luptate av_init[eritqu]: err elites very-high mod=tamr type=serr cmd=usci id=unturmag vendor=dexeaco engine=lupta definitions=ura signatures=oreeufug", "tags": [ @@ -641,7 +641,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/11/09T02:12:32.ree itten milter_listen[quipexea]: warn orsitv medium mod=nostrum cmd=autodita addr=10.27.154.247", "tags": [ @@ -650,7 +650,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/11/23T09:15:06.utfugi ursintoc dkimv_type[tio]: rprt mmodicon: high mod=trudex unexpected response type=tvol", "tags": [ @@ -659,7 +659,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2018/12/07T16:17:40.rehen uaeab session_throttle[ptat]: warn mipsu high s=eturadip mod=amquaera cmd=rsitamet rule=leumiur ip=10.253.121.154 rate=olesti crate=edquia limit=ihi", "tags": [ @@ -668,7 +668,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "December 21 23:20:14 emoenimi high pid=5895 mod=cvt cmd=detect cmd=mqu name=onorume status=unknown err=veleu", "tags": [ @@ -677,7 +677,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "January 5 06:22:49 dquia high s=bori mod=mltr dipi", "tags": [ @@ -686,7 +686,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "January 19 13:25:23 quovolu high s=dexe mod=mltr nemul", "tags": [ @@ -695,7 +695,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/02/02T20:27:57.quatur dminim mail_msg[ptatevel]: warn aperiame very-high s=eirured mod=sequamn cmd=perspici module=inimve rule=aea action=allow attachments=5821 rcpts=296 routes=ptat size=4878 guid=nde hdr_mid=quame qid=orumwri subject=atisu spamscore=66.849000 virusname=tse duration=rad elapsed=iat", "tags": [ @@ -704,7 +704,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/02/17T03:30:32.lorum suntexpl sm-msp-queue[iqu]: rprt iquamqu[6293]: audant: to=obeata, ctladdr=uredol, delay=uptat, xdelay=toditau, mailer=uiad, pri=nvolupta, relay=[10.80.133.120] [10.147.147.248], dsn=onpr, stat=uira", "tags": [ @@ -713,7 +713,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/03/03T10:33:06.aliqu sequine regulation_refresh[utaliqui]: note isciv very-high mod=econ type=aborio cmd=rve id=catcup action=deny dict=runtmoll file=busBon", "tags": [ @@ -722,7 +722,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/03/17T17:35:40.occaeca dan queued-alert[pta]: err upt[4762]: itaedict: to=eroi, delay=onemull, xdelay=mdo, mailer=labore, pri=lorem, relay=[10.68.159.207] [10.232.240.177], dsn=estq, stat=quasiarc", "tags": [ @@ -731,7 +731,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/04/01T00:38:14.tDuisaut uel warn[dexerc]: info vol high eid=agn status=\"iqu file: quamqua\"", "tags": [ @@ -740,7 +740,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 15 07:40:49 uunturm very-high mod=regulation type=iaconseq cmd=init id=tseddo action=cancel dict=rissusci file=ectetur", "tags": [ @@ -749,7 +749,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "April 29 14:43:23 quaturve medium mod=zerohour type=gnamali cmd=init id=iumtota version=issusci", "tags": [ @@ -758,7 +758,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/05/13T21:45:57.ecillumd iumto dmarc_type[sequatu]: rprt tiumtot: medium mod=mdoloree type=que cmd=inBCSed id=cteturad policy_cache_entries=umq", "tags": [ @@ -767,7 +767,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "May 28 04:48:31 reseo quam very-high s=pariat mod=mail_env_rcpt cmd=icaboNe r=4840 value=lumd verified=tiaec routes=lorem", "tags": [ @@ -776,7 +776,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "June 11 11:51:06 seq low mod=info sys=lorsita evt=deny active=itation expires=utlabo msg=tat", "tags": [ @@ -785,7 +785,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "June 25 18:53:40 ididu medium s=epteurs mod=mail_env_from cmd=itse value=rever ofrom=sBonoru qid=ecatcu tls=ntoccae routes=iscive notroutes=amni host=etconse5657.api.lan ip=10.118.249.126 sampling=dminimv", "tags": [ @@ -794,7 +794,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/07/10T01:56:14.rep nostru access_load[docons]: info emipsumq low mod=qua type=modit cmd=tatione id=aedicta", "tags": [ @@ -803,7 +803,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "July 24 08:58:48 uas high s=reeufu mod=mail_env_from cmd=umexe value=xce ofrom=omnisis qid=corporis tls=tco routes=stiaec notroutes=Cicero host=ven5410.mail.host ip=10.170.55.203 sampling=deom", "tags": [ @@ -812,7 +812,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/08/07T16:01:23.Utenima nse info[umq]: note enim low mod=meaquei sys=snisiu evt=allow active=atev expires=vento msg=litsed", "tags": [ @@ -821,7 +821,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "August 21 23:03:57 susc taed high s=mipsumd mod=mail_continue-system-sendmail cmd=eiusmo action=block err=sum", "tags": [ @@ -830,7 +830,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "September 5 06:06:31 ipex low s=upta cmd=send profile=ivel qid=tmollita rcpts=tionofd", "tags": [ @@ -839,7 +839,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/09/19T13:09:05.ccaec repreh http_listen[imven]: note usan very-high mod=idolo cmd=olup addr=10.199.46.88", "tags": [ @@ -848,7 +848,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/10/03T20:11:40.nulapari beataevi queued-VoltageEncrypt[3274]: eruntmol: from=plicab, size=5930, class=dmin, nrcpts=sum, msgid=lloinve, proto=ggp, daemon=nim, relay=Sedutper7794.www5.domain [10.154.22.241]", "tags": [ @@ -857,7 +857,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/10/18T03:14:14.nvol doloreeu cvtd_encrypted[elillumq]: info loremeum medium pid=obeataev mod=rrorsit encrypted=aincid", "tags": [ @@ -866,7 +866,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "November 1 10:16:48 nis info pid=472 iin /uteiru: xer", "tags": [ @@ -875,7 +875,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/11/15T17:19:22.isauteir eritquii soap_listen[atevelit]: note dese low mod=ionula cmd=itaed addr=10.38.111.125", "tags": [ @@ -884,7 +884,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "November 30 00:21:57 ationem high mod=spam type=ing cmd=load id=ollita", "tags": [ @@ -893,7 +893,7 @@ }, { "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "message": "2019/12/14T07:24:31.nih ncididu queued-default[4250]: STARTTLS=gitsed, relay=estla4081.corp, version=meumf, verify=rExce, cipher=quisquam, bits=boreet", "tags": [ diff --git a/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml index 8ab5b97e3db..3b18bc33e27 100644 --- a/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint/data_stream/emailsecurity/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Proofpoint Email Security processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/proofpoint/manifest.yml b/packages/proofpoint/manifest.yml index e5f16824607..9fff9b3d9a0 100644 --- a/packages/proofpoint/manifest.yml +++ b/packages/proofpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint title: Proofpoint Email Security Logs -version: "0.8.0" +version: "0.9.0" description: Collect logs from Proofpoint Email Security devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/proofpoint_tap/_dev/build/build.yml b/packages/proofpoint_tap/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/proofpoint_tap/_dev/build/build.yml +++ b/packages/proofpoint_tap/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/proofpoint_tap/changelog.yml b/packages/proofpoint_tap/changelog.yml index cdb25a11380..f137038cbc3 100644 --- a/packages/proofpoint_tap/changelog.yml +++ b/packages/proofpoint_tap/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "0.2.2" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json index e5fa4e2f757..b85ed204089 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/_dev/test/pipeline/test-clicks-blocked.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -116,7 +116,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -299,7 +299,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -391,7 +391,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml index ffb06068af0..71cc6d1bb92 100644 --- a/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked clicks logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json index ea3e1d2938b..f99b0341726 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/_dev/test/pipeline/test-clicks-permitted.log-expected.json @@ -24,7 +24,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -115,7 +115,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -207,7 +207,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { @@ -298,7 +298,7 @@ "ip": "89.160.20.112" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "from": { diff --git a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml index 9ea38e1377d..f6d5b2f1a4f 100644 --- a/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/clicks_permitted/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP permitted clicks logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json index 86043acb57f..fbfa56036b8 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_blocked/_dev/test/pipeline/test-message-blocked.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-01T00:45:55.050Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -125,7 +125,7 @@ { "@timestamp": "2022-01-01T01:25:59.059Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -246,7 +246,7 @@ { "@timestamp": "2022-01-01T04:51:56.269Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -374,7 +374,7 @@ { "@timestamp": "2022-01-01T00:25:20.010Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -571,7 +571,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -698,7 +698,7 @@ { "@timestamp": "2022-01-01T05:00:02.010Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml index b59cbeb21f7..fb327ce15ab 100644 --- a/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_blocked/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP blocked message logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json index d53ca48548b..f23cea5b27d 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json +++ b/packages/proofpoint_tap/data_stream/message_delivered/_dev/test/pipeline/test-message-delivered.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-01-05T10:05:56.020Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "delivery_timestamp": "2022-01-05T10:05:56.020Z", @@ -90,7 +90,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -160,7 +160,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -236,7 +236,7 @@ { "@timestamp": "2022-01-01T00:00:00.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "delivery_timestamp": "2022-01-01T00:00:00.000Z", @@ -312,7 +312,7 @@ { "@timestamp": "2022-03-15T15:00:20.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -460,7 +460,7 @@ { "@timestamp": "2021-09-28T16:28:59.490Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -615,7 +615,7 @@ { "@timestamp": "2022-08-17T18:00:22.060Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ @@ -764,7 +764,7 @@ { "@timestamp": "2022-03-24T13:24:57.000Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "email": { "attachments": [ diff --git a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml index 48c96ad1281..94528657358 100644 --- a/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml +++ b/packages/proofpoint_tap/data_stream/message_delivered/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Proofpoint TAP delivered message logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/proofpoint_tap/manifest.yml b/packages/proofpoint_tap/manifest.yml index 8113b6fae66..735ad68de47 100644 --- a/packages/proofpoint_tap/manifest.yml +++ b/packages/proofpoint_tap/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: proofpoint_tap title: Proofpoint TAP -version: "0.2.2" +version: "0.3.0" license: basic description: Collect logs from Proofpoint TAP with Elastic Agent. type: integration diff --git a/packages/pulse_connect_secure/_dev/build/build.yml b/packages/pulse_connect_secure/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/pulse_connect_secure/_dev/build/build.yml +++ b/packages/pulse_connect_secure/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/pulse_connect_secure/changelog.yml b/packages/pulse_connect_secure/changelog.yml index 95e1202efdd..bd6f9ae3603 100644 --- a/packages/pulse_connect_secure/changelog.yml +++ b/packages/pulse_connect_secure/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "1.1.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json index a7d1d230a9f..4b72f092b5e 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-admin.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -85,7 +85,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -145,7 +145,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -223,7 +223,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -301,7 +301,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -381,7 +381,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -459,7 +459,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -539,7 +539,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -617,7 +617,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -695,7 +695,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json index 40acaafbfd4..25e270413a6 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-syslog.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -105,7 +105,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -185,7 +185,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -247,7 +247,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -291,7 +291,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json index 1dfddd5f257..22f279524f0 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-system.log-expected.json @@ -7,7 +7,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -67,7 +67,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -127,7 +127,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -169,7 +169,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -211,7 +211,7 @@ "ip": "127.0.0.1" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -271,7 +271,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -349,7 +349,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json index 8d0b893dd48..e12fe84b30b 100644 --- a/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json +++ b/packages/pulse_connect_secure/data_stream/log/_dev/test/pipeline/test-log-vpn.log-expected.json @@ -25,7 +25,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -103,7 +103,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -200,7 +200,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -293,7 +293,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -371,7 +371,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -449,7 +449,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -529,7 +529,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -607,7 +607,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -687,7 +687,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -771,7 +771,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -863,7 +863,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", @@ -944,7 +944,7 @@ "ip": "89.160.20.156" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "network", diff --git a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml index edaf4c43eac..ccf438f48ce 100644 --- a/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/pulse_connect_secure/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Pulse Connect Secure logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/pulse_connect_secure/manifest.yml b/packages/pulse_connect_secure/manifest.yml index b41bda219a3..c3752a01796 100644 --- a/packages/pulse_connect_secure/manifest.yml +++ b/packages/pulse_connect_secure/manifest.yml @@ -1,6 +1,6 @@ name: pulse_connect_secure title: Pulse Connect Secure -version: "1.1.0" +version: "1.2.0" release: ga description: Collect logs from Pulse Connect Secure with Elastic Agent. type: integration diff --git a/packages/qnap_nas/_dev/build/build.yml b/packages/qnap_nas/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/qnap_nas/_dev/build/build.yml +++ b/packages/qnap_nas/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/qnap_nas/changelog.yml b/packages/qnap_nas/changelog.yml index 34b44bd23bc..8fa87c78340 100644 --- a/packages/qnap_nas/changelog.yml +++ b/packages/qnap_nas/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.4.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "1.3.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json index 04c91ed7642..cd371235c93 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-access.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-30T20:24:24.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "create-directory", @@ -73,7 +73,7 @@ { "@timestamp": "2022-10-30T20:24:25.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login-fail", @@ -138,7 +138,7 @@ { "@timestamp": "2022-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login-success", @@ -203,7 +203,7 @@ { "@timestamp": "2022-11-21T14:42:18.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "login-success", @@ -265,7 +265,7 @@ { "@timestamp": "2022-10-30T20:35:25.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "logout", @@ -329,7 +329,7 @@ { "@timestamp": "2022-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "read", @@ -396,7 +396,7 @@ { "@timestamp": "2022-10-30T20:24:30.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rename", @@ -461,7 +461,7 @@ { "@timestamp": "2022-10-30T20:24:33.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete", @@ -531,7 +531,7 @@ { "@timestamp": "2022-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "read", @@ -602,7 +602,7 @@ { "@timestamp": "2022-10-30T20:43:19.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "add", diff --git a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json index 0e7644f8c31..7d6d24e0288 100644 --- a/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json +++ b/packages/qnap_nas/data_stream/log/_dev/test/pipeline/test-event.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-10-30T20:28:41.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -55,7 +55,7 @@ { "@timestamp": "2022-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -107,7 +107,7 @@ { "@timestamp": "2022-10-30T20:29:32.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -159,7 +159,7 @@ { "@timestamp": "2022-10-30T20:32:25.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -218,7 +218,7 @@ { "@timestamp": "2022-10-30T20:34:22.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": [ @@ -277,7 +277,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "created-shared-folder", @@ -345,7 +345,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted-shared-folder", @@ -413,7 +413,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted-user-group", @@ -479,7 +479,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "created-user-group", @@ -545,7 +545,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "changed-password", @@ -612,7 +612,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "edited-account-profile", @@ -679,7 +679,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "created-user", @@ -745,7 +745,7 @@ { "@timestamp": "2022-11-21T15:23:42.000-05:00", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "deleted-user", diff --git a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml index 5fe696e434e..22f26fdc384 100644 --- a/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/qnap_nas/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing QNAP NAS logs processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/qnap_nas/manifest.yml b/packages/qnap_nas/manifest.yml index 07d040e7b49..b630fa23985 100644 --- a/packages/qnap_nas/manifest.yml +++ b/packages/qnap_nas/manifest.yml @@ -1,6 +1,6 @@ name: qnap_nas title: QNAP NAS -version: "1.3.0" +version: "1.4.0" release: ga description: Collect logs from QNAP NAS devices with Elastic Agent. type: integration diff --git a/packages/radware/_dev/build/build.yml b/packages/radware/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/radware/_dev/build/build.yml +++ b/packages/radware/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/radware/changelog.yml b/packages/radware/changelog.yml index a21363081cc..b4aa87665ac 100644 --- a/packages/radware/changelog.yml +++ b/packages/radware/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.9.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "0.8.0" changes: - description: Update package to ECS 8.3.0. diff --git a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml index 2f4cae94e39..1e334e76d4c 100644 --- a/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml +++ b/packages/radware/data_stream/defensepro/elasticsearch/ingest_pipeline/default.yml @@ -4,7 +4,7 @@ description: Pipeline for Radware DefensePro processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' # User agent - user_agent: field: user_agent.original diff --git a/packages/radware/manifest.yml b/packages/radware/manifest.yml index f8bd5a71e1f..a7c32e5f180 100644 --- a/packages/radware/manifest.yml +++ b/packages/radware/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: radware title: Radware DefensePro Logs -version: "0.8.0" +version: "0.9.0" description: Collect defensePro logs from Radware devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/santa/_dev/build/build.yml b/packages/santa/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/santa/_dev/build/build.yml +++ b/packages/santa/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/santa/changelog.yml b/packages/santa/changelog.yml index 92176d5ba6c..e0ea7a02f0b 100644 --- a/packages/santa/changelog.yml +++ b/packages/santa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "3.3.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3869 - version: "3.2.1" changes: - description: Update package name and description to align with standard wording diff --git a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json index c3344e52d4f..d29f8e1e249 100644 --- a/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json +++ b/packages/santa/data_stream/log/_dev/test/pipeline/test-santa-raw.log-expected.json @@ -3,7 +3,7 @@ { "@timestamp": "2022-05-12T11:38:03.923Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "exec", @@ -80,7 +80,7 @@ { "@timestamp": "2022-05-12T11:38:42.781Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "exec", @@ -155,7 +155,7 @@ { "@timestamp": "2022-05-12T11:33:56.696Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "delete", @@ -205,7 +205,7 @@ { "@timestamp": "2022-05-12T11:30:05.248Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "link", @@ -256,7 +256,7 @@ { "@timestamp": "2022-05-12T11:30:16.125Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "rename", @@ -307,7 +307,7 @@ { "@timestamp": "2022-05-12T11:38:05.278Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "write", @@ -357,7 +357,7 @@ { "@timestamp": "2022-05-12T11:32:33.718Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "diskdisappear", @@ -382,7 +382,7 @@ { "@timestamp": "2022-05-12T11:32:44.184Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "diskappear", @@ -409,7 +409,7 @@ { "@timestamp": "2022-05-12T11:33:57.166Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "diskappear", @@ -437,7 +437,7 @@ { "@timestamp": "2022-05-12T11:33:57.235Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "diskappear", @@ -466,7 +466,7 @@ { "@timestamp": "2022-05-12T11:35:31.436Z", "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "action": "diskdisappear", diff --git a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml index d6cbd8a18c7..b75c002e91d 100644 --- a/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ b/packages/santa/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -3,7 +3,7 @@ description: Pipeline for parsing Google Santa logs. processors: - set: field: ecs.version - value: '8.3.0' + value: '8.4.0' - rename: field: message target_field: event.original diff --git a/packages/santa/manifest.yml b/packages/santa/manifest.yml index 63cbc06d7ad..a20db0dd9cb 100644 --- a/packages/santa/manifest.yml +++ b/packages/santa/manifest.yml @@ -1,6 +1,6 @@ name: santa title: Google Santa -version: 3.2.1 +version: 3.3.0 release: ga description: Collect logs from Google Santa with Elastic Agent. type: integration