diff --git a/packages/ti_anomali/_dev/build/build.yml b/packages/ti_anomali/_dev/build/build.yml index 5661d603a89..2254d90483c 100644 --- a/packages/ti_anomali/_dev/build/build.yml +++ b/packages/ti_anomali/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@v8.3.0 + reference: git@v8.4.0-rc1 diff --git a/packages/ti_anomali/changelog.yml b/packages/ti_anomali/changelog.yml index a5e42e5ce12..7e416d93638 100644 --- a/packages/ti_anomali/changelog.yml +++ b/packages/ti_anomali/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.6.0" + changes: + - description: Update package to ECS 8.4.0 + type: enhancement + link: https://github.com/elastic/integrations/pull/3920 - version: "1.5.1" changes: - description: Fix proxy URL documentation rendering. diff --git a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json index eab06cc0219..f120459799d 100644 --- a/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json +++ b/packages/ti_anomali/data_stream/limo/_dev/test/pipeline/test-anomali-limo-ndjson.log-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -72,7 +72,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -123,7 +123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -173,7 +173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -223,7 +223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -274,7 +274,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -325,7 +325,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -369,7 +369,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -420,7 +420,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -471,7 +471,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -521,7 +521,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -565,7 +565,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -616,7 +616,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -666,7 +666,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -710,7 +710,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -754,7 +754,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -804,7 +804,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -855,7 +855,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -906,7 +906,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -957,7 +957,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1008,7 +1008,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1059,7 +1059,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1110,7 +1110,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1161,7 +1161,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1212,7 +1212,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1263,7 +1263,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1307,7 +1307,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1357,7 +1357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1408,7 +1408,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1459,7 +1459,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1510,7 +1510,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1554,7 +1554,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1605,7 +1605,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1649,7 +1649,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1700,7 +1700,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1750,7 +1750,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1801,7 +1801,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1852,7 +1852,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1903,7 +1903,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1953,7 +1953,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2003,7 +2003,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2054,7 +2054,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2098,7 +2098,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2149,7 +2149,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2200,7 +2200,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2251,7 +2251,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2301,7 +2301,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2352,7 +2352,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2454,7 +2454,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2505,7 +2505,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2549,7 +2549,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2599,7 +2599,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2650,7 +2650,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2701,7 +2701,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2752,7 +2752,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2802,7 +2802,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2853,7 +2853,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2904,7 +2904,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2955,7 +2955,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3006,7 +3006,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3056,7 +3056,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3106,7 +3106,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3156,7 +3156,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3206,7 +3206,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3250,7 +3250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3345,7 +3345,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3395,7 +3395,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3446,7 +3446,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3496,7 +3496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3546,7 +3546,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3590,7 +3590,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3685,7 +3685,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3735,7 +3735,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3786,7 +3786,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3836,7 +3836,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3887,7 +3887,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3937,7 +3937,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3987,7 +3987,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4031,7 +4031,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4081,7 +4081,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4131,7 +4131,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4182,7 +4182,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4232,7 +4232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4283,7 +4283,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4333,7 +4333,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4384,7 +4384,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4434,7 +4434,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4485,7 +4485,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4535,7 +4535,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4586,7 +4586,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4637,7 +4637,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4687,7 +4687,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4738,7 +4738,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4789,7 +4789,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4840,7 +4840,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4891,7 +4891,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4935,7 +4935,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4986,7 +4986,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5036,7 +5036,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5086,7 +5086,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5180,7 +5180,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5231,7 +5231,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5282,7 +5282,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5332,7 +5332,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5382,7 +5382,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5432,7 +5432,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5483,7 +5483,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5534,7 +5534,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5584,7 +5584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5634,7 +5634,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5684,7 +5684,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5734,7 +5734,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5784,7 +5784,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5834,7 +5834,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5885,7 +5885,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5935,7 +5935,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5985,7 +5985,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6035,7 +6035,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6079,7 +6079,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6123,7 +6123,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6173,7 +6173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6223,7 +6223,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6274,7 +6274,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6324,7 +6324,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6368,7 +6368,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6418,7 +6418,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6469,7 +6469,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6519,7 +6519,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6569,7 +6569,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6613,7 +6613,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6657,7 +6657,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6701,7 +6701,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6751,7 +6751,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6801,7 +6801,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6851,7 +6851,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6902,7 +6902,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -6952,7 +6952,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7002,7 +7002,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7053,7 +7053,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7103,7 +7103,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7153,7 +7153,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7203,7 +7203,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7253,7 +7253,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7303,7 +7303,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7353,7 +7353,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7403,7 +7403,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7453,7 +7453,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7504,7 +7504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7554,7 +7554,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7604,7 +7604,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7654,7 +7654,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7704,7 +7704,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7754,7 +7754,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7804,7 +7804,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7854,7 +7854,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7904,7 +7904,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -7954,7 +7954,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8004,7 +8004,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8054,7 +8054,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8104,7 +8104,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8154,7 +8154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8204,7 +8204,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8254,7 +8254,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8304,7 +8304,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8354,7 +8354,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8404,7 +8404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8454,7 +8454,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8504,7 +8504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8554,7 +8554,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8604,7 +8604,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8648,7 +8648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8698,7 +8698,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8748,7 +8748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8798,7 +8798,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8848,7 +8848,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8898,7 +8898,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -8949,7 +8949,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9000,7 +9000,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9050,7 +9050,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9101,7 +9101,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9152,7 +9152,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9196,7 +9196,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9246,7 +9246,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9297,7 +9297,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9347,7 +9347,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9398,7 +9398,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9449,7 +9449,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9493,7 +9493,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9543,7 +9543,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9587,7 +9587,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9638,7 +9638,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9689,7 +9689,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9740,7 +9740,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9790,7 +9790,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9841,7 +9841,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9892,7 +9892,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9936,7 +9936,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -9987,7 +9987,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10038,7 +10038,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10089,7 +10089,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10140,7 +10140,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10191,7 +10191,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10241,7 +10241,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10292,7 +10292,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10343,7 +10343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10394,7 +10394,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10445,7 +10445,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10496,7 +10496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10547,7 +10547,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10597,7 +10597,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10648,7 +10648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10699,7 +10699,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10750,7 +10750,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10794,7 +10794,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10845,7 +10845,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10896,7 +10896,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10947,7 +10947,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -10998,7 +10998,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11049,7 +11049,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11100,7 +11100,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11151,7 +11151,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11195,7 +11195,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11246,7 +11246,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11297,7 +11297,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11348,7 +11348,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11399,7 +11399,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11443,7 +11443,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11493,7 +11493,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11544,7 +11544,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11595,7 +11595,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11646,7 +11646,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11690,7 +11690,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11741,7 +11741,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11792,7 +11792,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11843,7 +11843,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11894,7 +11894,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11944,7 +11944,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -11994,7 +11994,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12038,7 +12038,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12089,7 +12089,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12140,7 +12140,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12191,7 +12191,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12242,7 +12242,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12293,7 +12293,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12343,7 +12343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12394,7 +12394,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12445,7 +12445,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12495,7 +12495,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12545,7 +12545,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12596,7 +12596,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12647,7 +12647,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12691,7 +12691,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12735,7 +12735,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12786,7 +12786,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12837,7 +12837,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12887,7 +12887,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12938,7 +12938,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -12989,7 +12989,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13040,7 +13040,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13091,7 +13091,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13142,7 +13142,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13193,7 +13193,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13244,7 +13244,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13288,7 +13288,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13339,7 +13339,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13389,7 +13389,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13440,7 +13440,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13491,7 +13491,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13541,7 +13541,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13592,7 +13592,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13642,7 +13642,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13693,7 +13693,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13744,7 +13744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13794,7 +13794,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13845,7 +13845,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13896,7 +13896,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13946,7 +13946,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -13997,7 +13997,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14048,7 +14048,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14098,7 +14098,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14148,7 +14148,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14198,7 +14198,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14249,7 +14249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14299,7 +14299,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14349,7 +14349,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14399,7 +14399,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14450,7 +14450,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14501,7 +14501,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14551,7 +14551,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14602,7 +14602,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14646,7 +14646,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14696,7 +14696,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14747,7 +14747,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14791,7 +14791,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14835,7 +14835,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14879,7 +14879,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14929,7 +14929,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -14980,7 +14980,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15030,7 +15030,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15081,7 +15081,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15125,7 +15125,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15176,7 +15176,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15227,7 +15227,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15278,7 +15278,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15329,7 +15329,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15380,7 +15380,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15431,7 +15431,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15482,7 +15482,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15533,7 +15533,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15584,7 +15584,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15628,7 +15628,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15679,7 +15679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15730,7 +15730,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15781,7 +15781,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15832,7 +15832,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15883,7 +15883,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15933,7 +15933,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -15984,7 +15984,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16035,7 +16035,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16086,7 +16086,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16130,7 +16130,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16181,7 +16181,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16232,7 +16232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16283,7 +16283,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16327,7 +16327,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16371,7 +16371,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16422,7 +16422,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16473,7 +16473,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16524,7 +16524,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16575,7 +16575,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16626,7 +16626,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16677,7 +16677,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16728,7 +16728,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16779,7 +16779,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16823,7 +16823,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16874,7 +16874,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16925,7 +16925,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -16976,7 +16976,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17026,7 +17026,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17076,7 +17076,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17120,7 +17120,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17171,7 +17171,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17215,7 +17215,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17266,7 +17266,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17316,7 +17316,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17366,7 +17366,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17417,7 +17417,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17467,7 +17467,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17518,7 +17518,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17569,7 +17569,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17619,7 +17619,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17670,7 +17670,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17720,7 +17720,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17771,7 +17771,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17821,7 +17821,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17871,7 +17871,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17921,7 +17921,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -17965,7 +17965,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18015,7 +18015,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18065,7 +18065,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18115,7 +18115,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18166,7 +18166,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18217,7 +18217,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18268,7 +18268,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18319,7 +18319,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18370,7 +18370,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18414,7 +18414,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18458,7 +18458,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18508,7 +18508,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18558,7 +18558,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18608,7 +18608,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18652,7 +18652,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18702,7 +18702,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18746,7 +18746,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18796,7 +18796,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18847,7 +18847,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18897,7 +18897,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18941,7 +18941,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -18985,7 +18985,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19036,7 +19036,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19087,7 +19087,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19137,7 +19137,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19187,7 +19187,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19237,7 +19237,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19281,7 +19281,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19331,7 +19331,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19381,7 +19381,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19431,7 +19431,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19482,7 +19482,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19533,7 +19533,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19583,7 +19583,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19634,7 +19634,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19685,7 +19685,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19736,7 +19736,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19780,7 +19780,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19831,7 +19831,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19882,7 +19882,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19932,7 +19932,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -19982,7 +19982,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20026,7 +20026,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20076,7 +20076,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20127,7 +20127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20178,7 +20178,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20228,7 +20228,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20272,7 +20272,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20322,7 +20322,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20373,7 +20373,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20423,7 +20423,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20474,7 +20474,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20525,7 +20525,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20576,7 +20576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20620,7 +20620,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20670,7 +20670,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20721,7 +20721,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20771,7 +20771,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20822,7 +20822,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20873,7 +20873,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20923,7 +20923,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -20973,7 +20973,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21023,7 +21023,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21074,7 +21074,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21124,7 +21124,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21175,7 +21175,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21226,7 +21226,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21277,7 +21277,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21328,7 +21328,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21379,7 +21379,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21423,7 +21423,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21474,7 +21474,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21525,7 +21525,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21576,7 +21576,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21627,7 +21627,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21677,7 +21677,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21727,7 +21727,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21778,7 +21778,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21822,7 +21822,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21873,7 +21873,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21923,7 +21923,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -21974,7 +21974,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22025,7 +22025,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22075,7 +22075,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22119,7 +22119,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22170,7 +22170,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22221,7 +22221,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22265,7 +22265,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22309,7 +22309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22359,7 +22359,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22409,7 +22409,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22460,7 +22460,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22510,7 +22510,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22560,7 +22560,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22604,7 +22604,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22648,7 +22648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22698,7 +22698,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22748,7 +22748,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22798,7 +22798,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22848,7 +22848,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22898,7 +22898,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22942,7 +22942,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -22993,7 +22993,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23044,7 +23044,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23095,7 +23095,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23139,7 +23139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23190,7 +23190,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23241,7 +23241,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23292,7 +23292,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23343,7 +23343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23394,7 +23394,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23445,7 +23445,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23495,7 +23495,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23545,7 +23545,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23596,7 +23596,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23647,7 +23647,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23698,7 +23698,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23749,7 +23749,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23800,7 +23800,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23850,7 +23850,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23901,7 +23901,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -23952,7 +23952,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24003,7 +24003,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24053,7 +24053,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24103,7 +24103,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24154,7 +24154,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24198,7 +24198,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24249,7 +24249,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24300,7 +24300,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24351,7 +24351,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24402,7 +24402,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24453,7 +24453,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24504,7 +24504,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24555,7 +24555,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24605,7 +24605,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24656,7 +24656,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24707,7 +24707,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24758,7 +24758,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24809,7 +24809,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24853,7 +24853,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24904,7 +24904,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -24955,7 +24955,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25005,7 +25005,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25056,7 +25056,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25107,7 +25107,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25158,7 +25158,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25209,7 +25209,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25260,7 +25260,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25311,7 +25311,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25355,7 +25355,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25406,7 +25406,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25457,7 +25457,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25508,7 +25508,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25559,7 +25559,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25610,7 +25610,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25654,7 +25654,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25705,7 +25705,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25756,7 +25756,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25800,7 +25800,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25851,7 +25851,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25902,7 +25902,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -25953,7 +25953,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26004,7 +26004,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26055,7 +26055,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26099,7 +26099,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26150,7 +26150,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26201,7 +26201,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26252,7 +26252,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26303,7 +26303,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26354,7 +26354,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26405,7 +26405,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26456,7 +26456,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26507,7 +26507,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26558,7 +26558,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26609,7 +26609,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26660,7 +26660,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26711,7 +26711,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26762,7 +26762,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26813,7 +26813,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26864,7 +26864,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26914,7 +26914,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -26965,7 +26965,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27009,7 +27009,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27053,7 +27053,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27104,7 +27104,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27155,7 +27155,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27206,7 +27206,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27257,7 +27257,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27308,7 +27308,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27359,7 +27359,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27410,7 +27410,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27461,7 +27461,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27512,7 +27512,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27563,7 +27563,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27614,7 +27614,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27664,7 +27664,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27715,7 +27715,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27766,7 +27766,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27817,7 +27817,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27868,7 +27868,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27919,7 +27919,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -27970,7 +27970,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28021,7 +28021,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28071,7 +28071,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28122,7 +28122,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28173,7 +28173,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28224,7 +28224,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28275,7 +28275,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28326,7 +28326,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28377,7 +28377,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28427,7 +28427,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28478,7 +28478,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28529,7 +28529,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28580,7 +28580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28631,7 +28631,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28682,7 +28682,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28733,7 +28733,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28784,7 +28784,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28835,7 +28835,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28879,7 +28879,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28930,7 +28930,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -28981,7 +28981,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29032,7 +29032,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29076,7 +29076,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29127,7 +29127,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29171,7 +29171,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29222,7 +29222,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29273,7 +29273,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29324,7 +29324,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29375,7 +29375,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29426,7 +29426,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29477,7 +29477,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29528,7 +29528,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29578,7 +29578,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29629,7 +29629,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29680,7 +29680,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29731,7 +29731,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29781,7 +29781,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29825,7 +29825,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29869,7 +29869,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29913,7 +29913,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -29964,7 +29964,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30015,7 +30015,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30065,7 +30065,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30116,7 +30116,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30160,7 +30160,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30211,7 +30211,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30255,7 +30255,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30306,7 +30306,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30357,7 +30357,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30401,7 +30401,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30452,7 +30452,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30496,7 +30496,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30546,7 +30546,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30597,7 +30597,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30648,7 +30648,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30692,7 +30692,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30743,7 +30743,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30794,7 +30794,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30845,7 +30845,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30896,7 +30896,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30947,7 +30947,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -30998,7 +30998,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31049,7 +31049,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31099,7 +31099,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31150,7 +31150,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31200,7 +31200,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31251,7 +31251,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31302,7 +31302,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31353,7 +31353,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31404,7 +31404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31454,7 +31454,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31505,7 +31505,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31549,7 +31549,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31600,7 +31600,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31651,7 +31651,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31701,7 +31701,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31752,7 +31752,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31803,7 +31803,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31853,7 +31853,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -31904,7 +31904,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", diff --git a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml index 389c25d9cdb..1074d0d4736 100644 --- a/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/limo/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: #################### - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - set: field: event.kind value: enrichment @@ -84,6 +84,7 @@ processors: field: _tmp.threattype target_field: threat.indicator.type ignore_missing: true + if: ctx._tmp?.threattype != null && ['autonomous-system', 'artifact', 'directory', 'domain-name', 'email-addr', 'file', 'ipv4-addr', 'ipv6-addr', 'mac-addr', 'mutex', 'port', 'process', 'software', 'url', 'user-account', 'windows-registry-key', 'x509-certificate'].contains(ctx._tmp.threattype) - rename: field: _tmp.threatvalue target_field: threat.indicator.ip @@ -109,10 +110,6 @@ processors: target_field: threat.indicator.url.domain ignore_missing: true if: ctx.threat?.indicator?.type == 'domain-name' - - set: - field: threat.indicator.type - value: unknown - if: ctx.threat?.indicator?.type == null - foreach: field: anomali.limo.labels ignore_missing: true diff --git a/packages/ti_anomali/data_stream/limo/sample_event.json b/packages/ti_anomali/data_stream/limo/sample_event.json index f1c6e043266..452b3be9b9b 100644 --- a/packages/ti_anomali/data_stream/limo/sample_event.json +++ b/packages/ti_anomali/data_stream/limo/sample_event.json @@ -1,11 +1,11 @@ { "@timestamp": "2017-01-20T00:00:00.000Z", "agent": { - "ephemeral_id": "29217578-e780-4c3e-912d-0f35ce981fb4", - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "ephemeral_id": "5cec6801-c545-4f74-be69-0fd865dc1788", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.3.2" }, "anomali": { "limo": { @@ -23,19 +23,19 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "snapshot": false, - "version": "8.0.0" + "version": "8.3.2" }, "event": { "agent_id_status": "verified", "category": "threat", - "created": "2022-04-11T08:51:02.140Z", + "created": "2022-08-01T15:40:11.538Z", "dataset": "ti_anomali.limo", - "ingested": "2022-04-11T08:51:03Z", + "ingested": "2022-08-01T15:40:12Z", "kind": "enrichment", "original": "{\"created\":\"2017-01-20T00:00:00.000Z\",\"definition\":{\"tlp\":\"green\"},\"definition_type\":\"tlp\",\"id\":\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\",\"type\":\"marking-definition\"}", "type": "indicator" @@ -47,10 +47,5 @@ "preserve_original_event", "forwarded", "anomali-limo" - ], - "threat": { - "indicator": { - "type": "unknown" - } - } + ] } \ No newline at end of file diff --git a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json index 5b611f712cf..d0e48a24c91 100644 --- a/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json +++ b/packages/ti_anomali/data_stream/threatstream/_dev/test/pipeline/test-anomali-threatstream.json-expected.json @@ -21,7 +21,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -52,7 +52,7 @@ "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -85,7 +85,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -116,7 +116,7 @@ "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -147,7 +147,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -179,7 +179,7 @@ "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -209,7 +209,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -232,7 +232,7 @@ "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -263,7 +263,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -282,7 +282,7 @@ "name": "Spectrum" } }, - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-08T12:28:50.000Z", "geo": { "country_iso_code": "US", @@ -295,7 +295,7 @@ "last_seen": "2020-10-09T18:49:37.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -326,7 +326,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -345,7 +345,7 @@ "name": "Spectrum" } }, - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-08T12:29:01.000Z", "geo": { "country_iso_code": "US", @@ -358,7 +358,7 @@ "last_seen": "2020-10-09T18:49:37.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -389,7 +389,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -417,7 +417,7 @@ "last_seen": "2020-10-09T18:14:43.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -448,7 +448,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -461,7 +461,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "7c35943c3766f8c179ddb4c0e2696038d52570d6" @@ -471,7 +471,7 @@ "last_seen": "2020-10-09T18:30:10.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -501,7 +501,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -515,7 +515,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:30:13.000Z", "geo": { "country_iso_code": "US" @@ -524,7 +524,7 @@ "last_seen": "2020-10-09T18:30:13.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -563,7 +563,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -587,7 +587,7 @@ "last_seen": "2020-10-09T18:30:13.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -624,7 +624,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -639,7 +639,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "3b6f673714486028704f740165066f0d" @@ -649,7 +649,7 @@ "last_seen": "2020-10-09T18:30:22.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -679,7 +679,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -703,7 +703,7 @@ "last_seen": "2020-10-09T18:30:23.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -734,7 +734,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -757,7 +757,7 @@ "last_seen": "2020-10-09T18:30:30.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -794,7 +794,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -809,7 +809,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "1a2da983aa33710365b90e5ae3962f6f" @@ -819,7 +819,7 @@ "last_seen": "2020-10-09T18:30:37.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -850,7 +850,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -874,7 +874,7 @@ "last_seen": "2020-10-09T18:30:40.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -903,7 +903,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -928,7 +928,7 @@ "last_seen": "2020-10-09T18:30:45.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -958,7 +958,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -983,7 +983,7 @@ "last_seen": "2020-10-09T18:30:54.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1014,7 +1014,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1038,7 +1038,7 @@ "last_seen": "2020-10-09T18:30:59.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1069,7 +1069,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1093,7 +1093,7 @@ "last_seen": "2020-10-09T18:31:10.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1124,7 +1124,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1138,7 +1138,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "229659ffd5f19ba1d3720a676fdd069f50baf6e3" @@ -1148,7 +1148,7 @@ "last_seen": "2020-10-09T18:31:16.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1178,7 +1178,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1202,7 +1202,7 @@ "last_seen": "2020-10-09T18:31:22.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1232,7 +1232,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1250,7 +1250,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "e4b28e2e5ad154fc3527d6d73e4f4d1e" @@ -1260,7 +1260,7 @@ "last_seen": "2020-10-09T18:31:27.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1289,7 +1289,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1303,7 +1303,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "022616d9dd4c539641fe54dc38b8a0f98e1e68ba" @@ -1313,7 +1313,7 @@ "last_seen": "2020-10-09T18:31:29.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1343,7 +1343,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1366,7 +1366,7 @@ "last_seen": "2020-10-09T18:31:34.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1404,7 +1404,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1429,7 +1429,7 @@ "last_seen": "2020-10-09T18:31:36.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1460,7 +1460,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1484,7 +1484,7 @@ "last_seen": "2020-10-09T18:31:39.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1515,7 +1515,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1530,7 +1530,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "a33de82fbb3f1d6e88b8413db977fd49" @@ -1540,7 +1540,7 @@ "last_seen": "2020-10-09T18:31:43.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1569,7 +1569,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1592,7 +1592,7 @@ "last_seen": "2020-10-09T18:31:49.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1621,7 +1621,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1635,7 +1635,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:31:49.000Z", "geo": { "country_iso_code": "US" @@ -1644,7 +1644,7 @@ "last_seen": "2020-10-09T18:31:49.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1682,7 +1682,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1696,7 +1696,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:31:58.000Z", "geo": { "country_iso_code": "US" @@ -1705,7 +1705,7 @@ "last_seen": "2020-10-09T18:31:58.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1744,7 +1744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1768,7 +1768,7 @@ "last_seen": "2020-10-09T18:32:02.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1799,7 +1799,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1814,7 +1814,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha256": "5892116f215ee0488f1d1bdb77c673d554a031ca3ee656ae4534a7fb813a2763" @@ -1824,7 +1824,7 @@ "last_seen": "2020-10-09T18:32:03.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1855,7 +1855,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1879,7 +1879,7 @@ "last_seen": "2020-10-09T18:32:04.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -1910,7 +1910,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1934,7 +1934,7 @@ "last_seen": "2020-10-09T18:32:08.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -1963,7 +1963,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -1977,7 +1977,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "a11a8b6678ecedc084e50a61a56ded956a6048e3" @@ -1987,7 +1987,7 @@ "last_seen": "2020-10-09T18:32:11.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2018,7 +2018,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2032,7 +2032,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "26cda8b8e115ed400e37b721a6282703" @@ -2042,7 +2042,7 @@ "last_seen": "2020-10-09T18:32:19.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2073,7 +2073,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2096,7 +2096,7 @@ "last_seen": "2020-10-09T18:32:30.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2126,7 +2126,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2140,7 +2140,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "99bfd327fecf681fd26fe322ef932e5d" @@ -2150,7 +2150,7 @@ "last_seen": "2020-10-09T18:32:35.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2180,7 +2180,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2203,7 +2203,7 @@ "last_seen": "2020-10-09T18:33:10.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2240,7 +2240,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2254,7 +2254,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha256": "92adf0584d6f1cf8410d4c0972685c50060f222ca90d0bb36fba269bfde055c6" @@ -2264,7 +2264,7 @@ "last_seen": "2020-10-09T18:33:13.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2293,7 +2293,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2317,7 +2317,7 @@ "last_seen": "2020-10-09T18:33:14.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2348,7 +2348,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2362,7 +2362,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "a289518f648f178b2c83e133b6f0dc47f6b4760e" @@ -2372,7 +2372,7 @@ "last_seen": "2020-10-09T18:33:14.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2403,7 +2403,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2426,7 +2426,7 @@ "last_seen": "2020-10-09T18:33:22.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2465,7 +2465,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2490,7 +2490,7 @@ "last_seen": "2020-10-09T18:33:24.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2520,7 +2520,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2543,7 +2543,7 @@ "last_seen": "2020-10-09T18:33:26.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2580,7 +2580,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2603,7 +2603,7 @@ "last_seen": "2020-10-09T18:33:27.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2641,7 +2641,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2666,7 +2666,7 @@ "last_seen": "2020-10-09T18:33:29.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2695,7 +2695,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2709,7 +2709,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "b4be20bbc8bf84ba80e969898eaa448f" @@ -2719,7 +2719,7 @@ "last_seen": "2020-10-09T18:33:43.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2749,7 +2749,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2764,7 +2764,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha256": "f7a040538a50c4e369fcf3a07f0d777888c1b249c5397ed40d18c7a3ac2ed7bb" @@ -2774,7 +2774,7 @@ "last_seen": "2020-10-09T18:33:45.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2804,7 +2804,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2828,7 +2828,7 @@ "last_seen": "2020-10-09T18:33:45.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2859,7 +2859,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2882,7 +2882,7 @@ "last_seen": "2020-10-09T18:33:48.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -2919,7 +2919,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2943,7 +2943,7 @@ "last_seen": "2020-10-09T18:33:51.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -2973,7 +2973,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -2996,7 +2996,7 @@ "last_seen": "2020-10-09T18:33:57.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3026,7 +3026,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3040,7 +3040,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:34:00.000Z", "geo": { "country_iso_code": "DE" @@ -3049,7 +3049,7 @@ "last_seen": "2020-10-09T18:34:00.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3078,7 +3078,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3101,7 +3101,7 @@ "last_seen": "2020-10-09T18:34:00.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3139,7 +3139,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3162,7 +3162,7 @@ "last_seen": "2020-10-09T18:34:00.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3192,7 +3192,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3217,7 +3217,7 @@ "last_seen": "2020-10-09T18:34:02.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3246,7 +3246,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3271,7 +3271,7 @@ "last_seen": "2020-10-09T18:34:05.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3301,7 +3301,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3325,7 +3325,7 @@ "last_seen": "2020-10-09T18:34:11.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3355,7 +3355,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3379,7 +3379,7 @@ "last_seen": "2020-10-09T18:34:12.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3410,7 +3410,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3433,7 +3433,7 @@ "last_seen": "2020-10-09T18:34:17.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3470,7 +3470,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3495,7 +3495,7 @@ "last_seen": "2020-10-09T18:34:20.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3525,7 +3525,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3540,7 +3540,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "13ad68519f27420c676bfd2bd030c47b" @@ -3550,7 +3550,7 @@ "last_seen": "2020-10-09T18:34:20.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3579,7 +3579,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3604,7 +3604,7 @@ "last_seen": "2020-10-09T18:34:32.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3634,7 +3634,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3658,7 +3658,7 @@ "last_seen": "2020-10-09T18:34:32.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3689,7 +3689,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3703,7 +3703,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "67f4fa89bb700e56a287d39c94b8fbf1c79dc470" @@ -3713,7 +3713,7 @@ "last_seen": "2020-10-09T18:34:39.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3744,7 +3744,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3769,7 +3769,7 @@ "last_seen": "2020-10-09T18:34:40.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -3798,7 +3798,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3821,7 +3821,7 @@ "last_seen": "2020-10-09T18:34:41.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3851,7 +3851,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3874,7 +3874,7 @@ "last_seen": "2020-10-09T18:34:43.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3912,7 +3912,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3936,7 +3936,7 @@ "last_seen": "2020-10-09T18:34:48.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -3965,7 +3965,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -3979,7 +3979,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "sha1": "84fd84234cd1ba8b3a5ec4e19a58b214fa49f575" @@ -3989,7 +3989,7 @@ "last_seen": "2020-10-09T18:34:53.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4018,7 +4018,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4042,7 +4042,7 @@ "last_seen": "2020-10-09T18:34:53.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -4072,7 +4072,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4086,7 +4086,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:34:54.000Z", "geo": { "country_iso_code": "US" @@ -4095,7 +4095,7 @@ "last_seen": "2020-10-09T18:34:54.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -4132,7 +4132,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4156,7 +4156,7 @@ "last_seen": "2020-10-09T18:34:55.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4186,7 +4186,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4210,7 +4210,7 @@ "last_seen": "2020-10-09T18:35:01.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4239,7 +4239,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4263,7 +4263,7 @@ "last_seen": "2020-10-09T18:35:01.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4294,7 +4294,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4317,7 +4317,7 @@ "last_seen": "2020-10-09T18:35:04.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4354,7 +4354,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4369,7 +4369,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "8198999c0484c6a70b28a9176aa7b6ca" @@ -4379,7 +4379,7 @@ "last_seen": "2020-10-09T18:35:06.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -4410,7 +4410,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4424,7 +4424,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "file": { "hash": { "md5": "11040c6082a858edf1fc8ea2b5974c0b" @@ -4434,7 +4434,7 @@ "last_seen": "2020-10-09T18:35:22.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4464,7 +4464,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4492,7 +4492,7 @@ "last_seen": "2020-10-09T18:44:01.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4531,7 +4531,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4554,7 +4554,7 @@ "last_seen": "2020-10-09T18:44:04.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4592,7 +4592,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4607,12 +4607,12 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:19.000Z", "last_seen": "2020-10-09T18:44:19.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4644,7 +4644,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4663,7 +4663,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:27.000Z", "geo": { "country_iso_code": "RU" @@ -4672,7 +4672,7 @@ "last_seen": "2020-10-09T18:44:27.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -4702,7 +4702,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4716,7 +4716,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:35.000Z", "geo": { "country_iso_code": "US" @@ -4725,7 +4725,7 @@ "last_seen": "2020-10-09T18:44:35.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4763,7 +4763,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4786,7 +4786,7 @@ "last_seen": "2020-10-09T18:44:36.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4825,7 +4825,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4853,7 +4853,7 @@ "last_seen": "2020-10-09T18:44:37.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4892,7 +4892,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4906,7 +4906,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:45.000Z", "geo": { "country_iso_code": "US" @@ -4915,7 +4915,7 @@ "last_seen": "2020-10-09T18:44:45.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -4953,7 +4953,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -4972,7 +4972,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:47.000Z", "geo": { "country_iso_code": "CN" @@ -4981,7 +4981,7 @@ "last_seen": "2020-10-09T18:44:47.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -5010,7 +5010,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5028,7 +5028,7 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:50.000Z", "geo": { "country_iso_code": "HK" @@ -5037,7 +5037,7 @@ "last_seen": "2020-10-09T18:44:50.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5069,7 +5069,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5087,12 +5087,12 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2020-10-09T18:44:50.000Z", "last_seen": "2020-10-09T18:44:50.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5130,7 +5130,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5153,7 +5153,7 @@ "last_seen": "2020-10-09T18:44:54.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5190,7 +5190,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5213,7 +5213,7 @@ "last_seen": "2020-10-09T18:44:58.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -5250,7 +5250,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5278,7 +5278,7 @@ "last_seen": "2020-10-09T18:45:05.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5309,7 +5309,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5341,7 +5341,7 @@ "last_seen": "2021-04-19T08:57:46.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -5369,7 +5369,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5388,7 +5388,7 @@ "last_seen": "2021-04-29T16:02:17.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5418,7 +5418,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5437,7 +5437,7 @@ "last_seen": "2021-04-29T16:02:23.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -5465,7 +5465,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5478,13 +5478,13 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2021-04-29T16:02:24.000Z", "ip": "2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6", "last_seen": "2021-04-29T16:02:24.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5514,7 +5514,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5527,13 +5527,13 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2021-04-29T16:02:25.000Z", "ip": "192.168.113.116", "last_seen": "2021-04-29T16:02:25.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Phony generated indicator", @@ -5562,7 +5562,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5581,7 +5581,7 @@ "last_seen": "2021-04-29T16:02:25.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", @@ -5611,7 +5611,7 @@ } }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "event": { "category": "threat", @@ -5625,13 +5625,13 @@ ], "threat": { "indicator": { - "confidence": "Med", + "confidence": "Medium", "first_seen": "2021-04-29T16:02:26.000Z", "ip": "192.168.113.197", "last_seen": "2021-04-29T16:02:26.000Z", "marking": { "tlp": [ - "Amber" + "AMBER" ] }, "provider": "Phony generated indicator", diff --git a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml index a55390d7876..19669f17bfe 100644 --- a/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml +++ b/packages/ti_anomali/data_stream/threatstream/elasticsearch/ingest_pipeline/default.yml @@ -6,7 +6,7 @@ processors: # - set: field: ecs.version - value: "8.3.0" + value: '8.4.0' - fingerprint: fields: - event.dataset @@ -190,11 +190,11 @@ processors: # - append: field: threat.indicator.marking.tlp - value: Amber + value: AMBER if: 'ctx.json?.classification == "private"' - append: field: threat.indicator.marking.tlp - value: White + value: WHITE if: 'ctx.json?.classification == "public"' # @@ -216,7 +216,7 @@ processors: return; } if (value >= 30.0 && value <= 69.0) { - ctx["threatintel_indicator_confidence"] = "Med"; + ctx["threatintel_indicator_confidence"] = "Medium"; return; } if (value >= 70 && value <= 100) { diff --git a/packages/ti_anomali/data_stream/threatstream/sample_event.json b/packages/ti_anomali/data_stream/threatstream/sample_event.json index 4103ee4ef76..3f9e65e6f4a 100644 --- a/packages/ti_anomali/data_stream/threatstream/sample_event.json +++ b/packages/ti_anomali/data_stream/threatstream/sample_event.json @@ -1,32 +1,29 @@ { - "@timestamp": "2022-04-11T08:52:31.294Z", + "@timestamp": "2022-08-01T15:43:02.944Z", "agent": { - "ephemeral_id": "b49fcac4-6f07-4c25-8505-3306c6f56ca0", - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "ephemeral_id": "633e6483-2625-491c-9640-b4e480191a49", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.3.2" }, "anomali": { "threatstream": { "classification": "public", - "confidence": 56, - "detail2": "imported by user 723", - "id": "1785659799", - "import_session_id": "244", - "itype": "mal_md5", - "md5": "6466e2", - "resource_uri": "/api/v1/intelligence/P44706407813/", - "severity": "very-high", - "source_feed_id": "3759", + "confidence": 20, + "detail2": "imported by user 184", + "id": "3135167627", + "import_session_id": "1400", + "itype": "mal_domain", + "resource_uri": "/api/v1/intelligence/P46279656657/", + "severity": "high", + "source_feed_id": "3143", "state": "active", "trusted_circle_ids": [ - "439", - "942", - "801" + "122" ], - "update_id": "3898969521", - "value_type": "md5" + "update_id": "3786618776", + "value_type": "domain" } }, "data_stream": { @@ -35,21 +32,21 @@ "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "snapshot": false, - "version": "8.0.0" + "version": "8.3.2" }, "event": { "agent_id_status": "verified", "category": "threat", "dataset": "ti_anomali.threatstream", - "ingested": "2022-04-11T08:52:32Z", + "ingested": "2022-08-01T15:43:03Z", "kind": "enrichment", - "original": "{\"classification\":\"public\",\"confidence\":56,\"date_first\":\"2020-10-08T12:22:16\",\"date_last\":\"2020-10-08T12:24:42\",\"detail2\":\"imported by user 723\",\"id\":1785659799,\"import_session_id\":244,\"itype\":\"mal_md5\",\"md5\":\"6466e2\",\"resource_uri\":\"/api/v1/intelligence/P44706407813/\",\"severity\":\"very-high\",\"source\":\"Default Organization\",\"source_feed_id\":3759,\"state\":\"active\",\"trusted_circle_ids\":\"439,942,801\",\"update_id\":3898969521,\"value_type\":\"md5\"}", - "severity": 9, + "original": "{\"classification\":\"public\",\"confidence\":20,\"country\":\"FR\",\"date_first\":\"2020-10-08T12:21:50\",\"date_last\":\"2020-10-08T12:24:42\",\"detail2\":\"imported by user 184\",\"domain\":\"d4xgfj.example.net\",\"id\":3135167627,\"import_session_id\":1400,\"itype\":\"mal_domain\",\"lat\":-49.1,\"lon\":94.4,\"org\":\"OVH Hosting\",\"resource_uri\":\"/api/v1/intelligence/P46279656657/\",\"severity\":\"high\",\"source\":\"Default Organization\",\"source_feed_id\":3143,\"srcip\":\"89.160.20.156\",\"state\":\"active\",\"trusted_circle_ids\":\"122\",\"update_id\":3786618776,\"value_type\":\"domain\"}", + "severity": 7, "type": "indicator" }, "input": { @@ -62,16 +59,32 @@ ], "threat": { "indicator": { - "confidence": "Med", - "first_seen": "2020-10-08T12:22:16.000Z", + "as": { + "organization": { + "name": "OVH Hosting" + } + }, + "confidence": "Low", + "first_seen": "2020-10-08T12:21:50.000Z", + "geo": { + "country_iso_code": "FR", + "location": { + "lat": -49.1, + "lon": 94.4 + } + }, + "ip": "89.160.20.156", "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Default Organization", - "type": "file" + "type": "domain-name", + "url": { + "domain": "d4xgfj.example.net" + } } } } \ No newline at end of file diff --git a/packages/ti_anomali/docs/README.md b/packages/ti_anomali/docs/README.md index af422e1c6f9..fd00b8e8fec 100644 --- a/packages/ti_anomali/docs/README.md +++ b/packages/ti_anomali/docs/README.md @@ -21,11 +21,11 @@ An example event for `limo` looks as following: { "@timestamp": "2017-01-20T00:00:00.000Z", "agent": { - "ephemeral_id": "29217578-e780-4c3e-912d-0f35ce981fb4", - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "ephemeral_id": "5cec6801-c545-4f74-be69-0fd865dc1788", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.3.2" }, "anomali": { "limo": { @@ -43,19 +43,19 @@ An example event for `limo` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "snapshot": false, - "version": "8.0.0" + "version": "8.3.2" }, "event": { "agent_id_status": "verified", "category": "threat", - "created": "2022-04-11T08:51:02.140Z", + "created": "2022-08-01T15:40:11.538Z", "dataset": "ti_anomali.limo", - "ingested": "2022-04-11T08:51:03Z", + "ingested": "2022-08-01T15:40:12Z", "kind": "enrichment", "original": "{\"created\":\"2017-01-20T00:00:00.000Z\",\"definition\":{\"tlp\":\"green\"},\"definition_type\":\"tlp\",\"id\":\"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da\",\"type\":\"marking-definition\"}", "type": "indicator" @@ -67,12 +67,7 @@ An example event for `limo` looks as following: "preserve_original_event", "forwarded", "anomali-limo" - ], - "threat": { - "indicator": { - "type": "unknown" - } - } + ] } ``` @@ -150,7 +145,7 @@ An example event for `limo` looks as following: | threat.indicator.first_seen | The date and time when intelligence source first reported sighting this indicator. | date | | threat.indicator.ip | Identifies a threat indicator as an IP address (irrespective of direction). | ip | | threat.indicator.provider | The name of the indicator's provider. | keyword | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | | threat.indicator.url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | threat.indicator.url.extension | The field contains the file extension from the original request url, excluding the leading dot. The file extension is only set if it exists, as not every url has a file extension. The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). | keyword | | threat.indicator.url.full | If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. | wildcard | @@ -177,34 +172,31 @@ An example event for `threatstream` looks as following: ```json { - "@timestamp": "2022-04-11T08:52:31.294Z", + "@timestamp": "2022-08-01T15:43:02.944Z", "agent": { - "ephemeral_id": "b49fcac4-6f07-4c25-8505-3306c6f56ca0", - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "ephemeral_id": "633e6483-2625-491c-9640-b4e480191a49", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "name": "docker-fleet-agent", "type": "filebeat", - "version": "8.0.0" + "version": "8.3.2" }, "anomali": { "threatstream": { "classification": "public", - "confidence": 56, - "detail2": "imported by user 723", - "id": "1785659799", - "import_session_id": "244", - "itype": "mal_md5", - "md5": "6466e2", - "resource_uri": "/api/v1/intelligence/P44706407813/", - "severity": "very-high", - "source_feed_id": "3759", + "confidence": 20, + "detail2": "imported by user 184", + "id": "3135167627", + "import_session_id": "1400", + "itype": "mal_domain", + "resource_uri": "/api/v1/intelligence/P46279656657/", + "severity": "high", + "source_feed_id": "3143", "state": "active", "trusted_circle_ids": [ - "439", - "942", - "801" + "122" ], - "update_id": "3898969521", - "value_type": "md5" + "update_id": "3786618776", + "value_type": "domain" } }, "data_stream": { @@ -213,21 +205,21 @@ An example event for `threatstream` looks as following: "type": "logs" }, "ecs": { - "version": "8.3.0" + "version": "8.4.0" }, "elastic_agent": { - "id": "6b916c32-9ec1-4b93-a910-81540b3df79b", + "id": "83b444a9-8a29-4729-964a-a91e7b770094", "snapshot": false, - "version": "8.0.0" + "version": "8.3.2" }, "event": { "agent_id_status": "verified", "category": "threat", "dataset": "ti_anomali.threatstream", - "ingested": "2022-04-11T08:52:32Z", + "ingested": "2022-08-01T15:43:03Z", "kind": "enrichment", - "original": "{\"classification\":\"public\",\"confidence\":56,\"date_first\":\"2020-10-08T12:22:16\",\"date_last\":\"2020-10-08T12:24:42\",\"detail2\":\"imported by user 723\",\"id\":1785659799,\"import_session_id\":244,\"itype\":\"mal_md5\",\"md5\":\"6466e2\",\"resource_uri\":\"/api/v1/intelligence/P44706407813/\",\"severity\":\"very-high\",\"source\":\"Default Organization\",\"source_feed_id\":3759,\"state\":\"active\",\"trusted_circle_ids\":\"439,942,801\",\"update_id\":3898969521,\"value_type\":\"md5\"}", - "severity": 9, + "original": "{\"classification\":\"public\",\"confidence\":20,\"country\":\"FR\",\"date_first\":\"2020-10-08T12:21:50\",\"date_last\":\"2020-10-08T12:24:42\",\"detail2\":\"imported by user 184\",\"domain\":\"d4xgfj.example.net\",\"id\":3135167627,\"import_session_id\":1400,\"itype\":\"mal_domain\",\"lat\":-49.1,\"lon\":94.4,\"org\":\"OVH Hosting\",\"resource_uri\":\"/api/v1/intelligence/P46279656657/\",\"severity\":\"high\",\"source\":\"Default Organization\",\"source_feed_id\":3143,\"srcip\":\"89.160.20.156\",\"state\":\"active\",\"trusted_circle_ids\":\"122\",\"update_id\":3786618776,\"value_type\":\"domain\"}", + "severity": 7, "type": "indicator" }, "input": { @@ -240,16 +232,32 @@ An example event for `threatstream` looks as following: ], "threat": { "indicator": { - "confidence": "Med", - "first_seen": "2020-10-08T12:22:16.000Z", + "as": { + "organization": { + "name": "OVH Hosting" + } + }, + "confidence": "Low", + "first_seen": "2020-10-08T12:21:50.000Z", + "geo": { + "country_iso_code": "FR", + "location": { + "lat": -49.1, + "lon": 94.4 + } + }, + "ip": "89.160.20.156", "last_seen": "2020-10-08T12:24:42.000Z", "marking": { "tlp": [ - "White" + "WHITE" ] }, "provider": "Default Organization", - "type": "file" + "type": "domain-name", + "url": { + "domain": "d4xgfj.example.net" + } } } } @@ -332,7 +340,7 @@ An example event for `threatstream` looks as following: | threat.indicator.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | | threat.indicator.as.organization.name | Organization name. | keyword | | threat.indicator.as.organization.name.text | Multi-field of `threat.indicator.as.organization.name`. | match_only_text | -| threat.indicator.confidence | Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields. Expected values are: \* Not Specified \* None \* Low \* Medium \* High | keyword | +| threat.indicator.confidence | Identifies the vendor-neutral confidence rating using the None/Low/Medium/High scale defined in Appendix A of the STIX 2.1 framework. Vendor-specific confidence scales may be added as custom fields. | keyword | | threat.indicator.email.address | Identifies a threat indicator as an email address (irrespective of direction). | keyword | | threat.indicator.file.hash.md5 | MD5 hash. | keyword | | threat.indicator.file.hash.sha1 | SHA1 hash. | keyword | @@ -343,9 +351,9 @@ An example event for `threatstream` looks as following: | threat.indicator.geo.location | Longitude and latitude. | geo_point | | threat.indicator.ip | Identifies a threat indicator as an IP address (irrespective of direction). | ip | | threat.indicator.last_seen | The date and time when intelligence source last reported sighting this indicator. | date | -| threat.indicator.marking.tlp | Traffic Light Protocol sharing markings. Recommended values are: \* WHITE \* GREEN \* AMBER \* RED | keyword | +| threat.indicator.marking.tlp | Traffic Light Protocol sharing markings. | keyword | | threat.indicator.provider | The name of the indicator's provider. | keyword | -| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. Recommended values: \* autonomous-system \* artifact \* directory \* domain-name \* email-addr \* file \* ipv4-addr \* ipv6-addr \* mac-addr \* mutex \* port \* process \* software \* url \* user-account \* windows-registry-key \* x509-certificate | keyword | +| threat.indicator.type | Type of indicator as represented by Cyber Observable in STIX 2.0. | keyword | | threat.indicator.url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | | threat.indicator.url.extension | The field contains the file extension from the original request url, excluding the leading dot. The file extension is only set if it exists, as not every url has a file extension. The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). | keyword | | threat.indicator.url.full | If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. | wildcard | diff --git a/packages/ti_anomali/manifest.yml b/packages/ti_anomali/manifest.yml index 0e15bf6c575..d15ee473baa 100644 --- a/packages/ti_anomali/manifest.yml +++ b/packages/ti_anomali/manifest.yml @@ -1,6 +1,6 @@ name: ti_anomali title: Anomali -version: "1.5.1" +version: "1.6.0" release: ga description: Ingest threat intelligence indicators from Anomali with Elastic Agent. type: integration