From 05838262aa7bc508c4f379413e07ec2cc6caae8e Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Thu, 6 Oct 2022 15:24:18 +1030 Subject: [PATCH 1/2] cisco_*: remove duplicate fields --- packages/cisco_asa/changelog.yml | 5 +++++ packages/cisco_asa/data_stream/log/fields/ecs.yml | 4 ---- packages/cisco_asa/manifest.yml | 2 +- packages/cisco_ftd/changelog.yml | 5 +++++ packages/cisco_ftd/data_stream/log/fields/ecs.yml | 4 ---- packages/cisco_ftd/manifest.yml | 2 +- packages/cisco_ios/changelog.yml | 5 +++++ packages/cisco_ios/data_stream/log/fields/ecs.yml | 2 -- packages/cisco_ios/manifest.yml | 2 +- packages/cisco_ise/changelog.yml | 5 +++++ packages/cisco_ise/data_stream/log/fields/agent.yml | 9 --------- packages/cisco_ise/data_stream/log/fields/fields.yml | 2 -- packages/cisco_ise/manifest.yml | 2 +- packages/cisco_meraki/changelog.yml | 5 +++++ .../cisco_meraki/data_stream/events/fields/agent.yml | 5 ----- packages/cisco_meraki/data_stream/events/fields/ecs.yml | 4 ---- packages/cisco_meraki/data_stream/log/fields/agent.yml | 5 ----- packages/cisco_meraki/data_stream/log/fields/ecs.yml | 4 ---- packages/cisco_meraki/manifest.yml | 2 +- packages/cisco_nexus/changelog.yml | 5 +++++ packages/cisco_nexus/data_stream/log/fields/agent.yml | 5 ----- packages/cisco_nexus/data_stream/log/fields/ecs.yml | 2 -- packages/cisco_nexus/manifest.yml | 2 +- packages/cisco_secure_email_gateway/changelog.yml | 5 +++++ .../data_stream/log/fields/agent.yml | 3 --- packages/cisco_secure_email_gateway/manifest.yml | 2 +- packages/cisco_secure_endpoint/changelog.yml | 5 +++++ .../data_stream/event/fields/agent.yml | 5 ----- .../data_stream/event/fields/ecs.yml | 2 -- packages/cisco_secure_endpoint/manifest.yml | 2 +- 30 files changed, 48 insertions(+), 64 deletions(-) diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml index 39a900a281e..00395b26cb0 100644 --- a/packages/cisco_asa/changelog.yml +++ b/packages/cisco_asa/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.7.7" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "2.7.6" changes: - description: Remove duplicate field. diff --git a/packages/cisco_asa/data_stream/log/fields/ecs.yml b/packages/cisco_asa/data_stream/log/fields/ecs.yml index 85a480d2e71..a405431823d 100644 --- a/packages/cisco_asa/data_stream/log/fields/ecs.yml +++ b/packages/cisco_asa/data_stream/log/fields/ecs.yml @@ -48,8 +48,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -136,8 +134,6 @@ name: related.ip - external: ecs name: related.user -- external: ecs - name: server.domain - external: ecs name: source.address - external: ecs diff --git a/packages/cisco_asa/manifest.yml b/packages/cisco_asa/manifest.yml index a190079981d..d013d523a2e 100644 --- a/packages/cisco_asa/manifest.yml +++ b/packages/cisco_asa/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_asa title: Cisco ASA -version: "2.7.6" +version: "2.7.7" license: basic description: Collect logs from Cisco ASA with Elastic Agent. type: integration diff --git a/packages/cisco_ftd/changelog.yml b/packages/cisco_ftd/changelog.yml index e7495eb70e7..ee9fb65fb94 100644 --- a/packages/cisco_ftd/changelog.yml +++ b/packages/cisco_ftd/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.4.5" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "2.4.4" changes: - description: Remove duplicate field. diff --git a/packages/cisco_ftd/data_stream/log/fields/ecs.yml b/packages/cisco_ftd/data_stream/log/fields/ecs.yml index 45aee295091..dd7b2be7102 100644 --- a/packages/cisco_ftd/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ftd/data_stream/log/fields/ecs.yml @@ -56,8 +56,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -162,8 +160,6 @@ name: related.ip - external: ecs name: related.user -- external: ecs - name: server.domain - external: ecs name: service.id - external: ecs diff --git a/packages/cisco_ftd/manifest.yml b/packages/cisco_ftd/manifest.yml index 82c0f59b0bf..9a866a59c15 100644 --- a/packages/cisco_ftd/manifest.yml +++ b/packages/cisco_ftd/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ftd title: Cisco FTD -version: "2.4.4" +version: "2.4.5" license: basic description: Collect logs from Cisco FTD with Elastic Agent. type: integration diff --git a/packages/cisco_ios/changelog.yml b/packages/cisco_ios/changelog.yml index 6950368d1ad..1acc2a7e8ca 100644 --- a/packages/cisco_ios/changelog.yml +++ b/packages/cisco_ios/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.9.3" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "1.9.2" changes: - description: Remove duplicate field. diff --git a/packages/cisco_ios/data_stream/log/fields/ecs.yml b/packages/cisco_ios/data_stream/log/fields/ecs.yml index 088f3c8ef1b..4d7d01ae941 100644 --- a/packages/cisco_ios/data_stream/log/fields/ecs.yml +++ b/packages/cisco_ios/data_stream/log/fields/ecs.yml @@ -34,8 +34,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs diff --git a/packages/cisco_ios/manifest.yml b/packages/cisco_ios/manifest.yml index 0e9c370074f..6858fc444c0 100644 --- a/packages/cisco_ios/manifest.yml +++ b/packages/cisco_ios/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ios title: Cisco IOS -version: "1.9.2" +version: "1.9.3" license: basic description: Collect logs from Cisco IOS with Elastic Agent. type: integration diff --git a/packages/cisco_ise/changelog.yml b/packages/cisco_ise/changelog.yml index 77eb2af47e7..2775d365066 100644 --- a/packages/cisco_ise/changelog.yml +++ b/packages/cisco_ise/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.1" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "1.1.0" changes: - description: Allow non-numeric task ID fields to be ingested diff --git a/packages/cisco_ise/data_stream/log/fields/agent.yml b/packages/cisco_ise/data_stream/log/fields/agent.yml index 6e1bac042bc..98d2f9f38d5 100644 --- a/packages/cisco_ise/data_stream/log/fields/agent.yml +++ b/packages/cisco_ise/data_stream/log/fields/agent.yml @@ -97,20 +97,11 @@ description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/cisco_ise/data_stream/log/fields/fields.yml b/packages/cisco_ise/data_stream/log/fields/fields.yml index 9964fba442b..7e171113db9 100644 --- a/packages/cisco_ise/data_stream/log/fields/fields.yml +++ b/packages/cisco_ise/data_stream/log/fields/fields.yml @@ -739,8 +739,6 @@ type: keyword - name: step_latency type: keyword - - name: state - type: keyword - name: status type: keyword - name: sysstats diff --git a/packages/cisco_ise/manifest.yml b/packages/cisco_ise/manifest.yml index f18f4835bdc..7c2bb606200 100644 --- a/packages/cisco_ise/manifest.yml +++ b/packages/cisco_ise/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_ise title: Cisco ISE -version: "1.1.0" +version: "1.1.1" license: basic description: Collect logs from Cisco ISE with Elastic Agent. type: integration diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml index cab9355dd46..1a6f2bae75b 100644 --- a/packages/cisco_meraki/changelog.yml +++ b/packages/cisco_meraki/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.2.2" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "1.2.1" changes: - description: Remove duplicate field. diff --git a/packages/cisco_meraki/data_stream/events/fields/agent.yml b/packages/cisco_meraki/data_stream/events/fields/agent.yml index 90bd07fa045..4c4f4b2d93a 100644 --- a/packages/cisco_meraki/data_stream/events/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/events/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/cisco_meraki/data_stream/events/fields/ecs.yml b/packages/cisco_meraki/data_stream/events/fields/ecs.yml index 5b5bd8d67a9..124f81c6c37 100644 --- a/packages/cisco_meraki/data_stream/events/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/events/fields/ecs.yml @@ -276,10 +276,6 @@ name: threat.indicator.file.name - external: ecs name: threat.indicator.file.hash.sha256 -- external: ecs - name: network.direction -- external: ecs - name: network.protocol - external: ecs name: client.geo.city_name - external: ecs diff --git a/packages/cisco_meraki/data_stream/log/fields/agent.yml b/packages/cisco_meraki/data_stream/log/fields/agent.yml index 90bd07fa045..4c4f4b2d93a 100644 --- a/packages/cisco_meraki/data_stream/log/fields/agent.yml +++ b/packages/cisco_meraki/data_stream/log/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/cisco_meraki/data_stream/log/fields/ecs.yml b/packages/cisco_meraki/data_stream/log/fields/ecs.yml index b2066432b80..8ff7be5c5b2 100644 --- a/packages/cisco_meraki/data_stream/log/fields/ecs.yml +++ b/packages/cisco_meraki/data_stream/log/fields/ecs.yml @@ -274,10 +274,6 @@ name: threat.indicator.file.name - external: ecs name: threat.indicator.file.hash.sha256 -- external: ecs - name: network.direction -- external: ecs - name: network.protocol - external: ecs name: client.geo.city_name - external: ecs diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml index 239f7341bdd..7b69eed3446 100644 --- a/packages/cisco_meraki/manifest.yml +++ b/packages/cisco_meraki/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_meraki title: Cisco Meraki -version: 1.2.1 +version: 1.2.2 license: basic description: Collect logs from Cisco Meraki with Elastic Agent. type: integration diff --git a/packages/cisco_nexus/changelog.yml b/packages/cisco_nexus/changelog.yml index 9bd0ad0b6c7..151b57b2ba9 100644 --- a/packages/cisco_nexus/changelog.yml +++ b/packages/cisco_nexus/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.7.3" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "0.7.2" changes: - description: Remove duplicate field. diff --git a/packages/cisco_nexus/data_stream/log/fields/agent.yml b/packages/cisco_nexus/data_stream/log/fields/agent.yml index 38bb8dcec56..e0f9e38998f 100644 --- a/packages/cisco_nexus/data_stream/log/fields/agent.yml +++ b/packages/cisco_nexus/data_stream/log/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/cisco_nexus/data_stream/log/fields/ecs.yml b/packages/cisco_nexus/data_stream/log/fields/ecs.yml index fd1b4594e68..5d22b129aef 100644 --- a/packages/cisco_nexus/data_stream/log/fields/ecs.yml +++ b/packages/cisco_nexus/data_stream/log/fields/ecs.yml @@ -202,8 +202,6 @@ name: source.subdomain - external: ecs name: source.top_level_domain -- external: ecs - name: tags - external: ecs name: url.domain - external: ecs diff --git a/packages/cisco_nexus/manifest.yml b/packages/cisco_nexus/manifest.yml index bd7e06caa1e..53d32265e97 100644 --- a/packages/cisco_nexus/manifest.yml +++ b/packages/cisco_nexus/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_nexus title: Cisco Nexus -version: "0.7.2" +version: "0.7.3" license: basic description: Collect logs from Cisco Nexus with Elastic Agent. type: integration diff --git a/packages/cisco_secure_email_gateway/changelog.yml b/packages/cisco_secure_email_gateway/changelog.yml index 88f525838c4..ffa68c9a61c 100644 --- a/packages/cisco_secure_email_gateway/changelog.yml +++ b/packages/cisco_secure_email_gateway/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.0.1" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "1.0.0" changes: - description: Make GA diff --git a/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml b/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml index 6e1bac042bc..57c63446e2a 100644 --- a/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml +++ b/packages/cisco_secure_email_gateway/data_stream/log/fields/agent.yml @@ -178,9 +178,6 @@ description: > OS codename, if any. -- name: input.type - type: keyword - description: Input type - name: log.offset type: long description: Log offset diff --git a/packages/cisco_secure_email_gateway/manifest.yml b/packages/cisco_secure_email_gateway/manifest.yml index 487c281dc65..614abb46b48 100644 --- a/packages/cisco_secure_email_gateway/manifest.yml +++ b/packages/cisco_secure_email_gateway/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_email_gateway title: Cisco Secure Email Gateway -version: "1.0.0" +version: "1.0.1" license: basic description: Collect logs from Cisco Secure Email Gateway with Elastic Agent. type: integration diff --git a/packages/cisco_secure_endpoint/changelog.yml b/packages/cisco_secure_endpoint/changelog.yml index 182c36f2bd6..e01348b25b7 100644 --- a/packages/cisco_secure_endpoint/changelog.yml +++ b/packages/cisco_secure_endpoint/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.6.2" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4400 - version: "2.6.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml index da4e652c53b..9dfc8d1aebc 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/agent.yml @@ -62,11 +62,6 @@ These fields help correlate data based containers from any runtime.' type: group fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - name: image.name level: extended type: keyword diff --git a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml index 158a2e541db..a24c239de8f 100644 --- a/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml +++ b/packages/cisco_secure_endpoint/data_stream/event/fields/ecs.yml @@ -24,8 +24,6 @@ name: event.category - external: ecs name: event.id -- external: ecs - name: event.code - external: ecs name: event.timezone - name: related.ip diff --git a/packages/cisco_secure_endpoint/manifest.yml b/packages/cisco_secure_endpoint/manifest.yml index 58ba10d1a4d..566dc9ad8e1 100644 --- a/packages/cisco_secure_endpoint/manifest.yml +++ b/packages/cisco_secure_endpoint/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cisco_secure_endpoint title: Cisco Secure Endpoint -version: 2.6.1 +version: 2.6.2 license: basic description: Collect logs from Cisco Secure Endpoint (AMP) with Elastic Agent. type: integration From b77dc34d5c9139eb29495d0551722b6fc868c338 Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Tue, 11 Oct 2022 17:57:20 +1030 Subject: [PATCH 2/2] address pr comment --- packages/cisco_nexus/data_stream/log/fields/base-fields.yml | 5 ----- packages/cisco_nexus/data_stream/log/fields/ecs.yml | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml index c0bd69c3bbe..d78668f34fe 100644 --- a/packages/cisco_nexus/data_stream/log/fields/base-fields.yml +++ b/packages/cisco_nexus/data_stream/log/fields/base-fields.yml @@ -36,8 +36,3 @@ - name: log.offset description: Offset of the entry in the log file. type: long -- name: tags - description: List of keywords used to tag each event. - example: '["production", "env2"]' - ignore_above: 1024 - type: keyword diff --git a/packages/cisco_nexus/data_stream/log/fields/ecs.yml b/packages/cisco_nexus/data_stream/log/fields/ecs.yml index 5d22b129aef..fd1b4594e68 100644 --- a/packages/cisco_nexus/data_stream/log/fields/ecs.yml +++ b/packages/cisco_nexus/data_stream/log/fields/ecs.yml @@ -202,6 +202,8 @@ name: source.subdomain - external: ecs name: source.top_level_domain +- external: ecs + name: tags - external: ecs name: url.domain - external: ecs