diff --git a/packages/citrix_waf/changelog.yml b/packages/citrix_waf/changelog.yml index f0e6be5ce24..b2476cc3134 100644 --- a/packages/citrix_waf/changelog.yml +++ b/packages/citrix_waf/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.1.2" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4401 - version: "1.1.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/citrix_waf/data_stream/log/fields/base-fields.yml b/packages/citrix_waf/data_stream/log/fields/base-fields.yml index 2184dbfabc7..17e13a82914 100644 --- a/packages/citrix_waf/data_stream/log/fields/base-fields.yml +++ b/packages/citrix_waf/data_stream/log/fields/base-fields.yml @@ -15,6 +15,3 @@ type: constant_keyword description: Event dataset value: citrix_waf.log -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/citrix_waf/data_stream/log/fields/ecs.yml b/packages/citrix_waf/data_stream/log/fields/ecs.yml index c5f5dd09932..8901b903d0b 100644 --- a/packages/citrix_waf/data_stream/log/fields/ecs.yml +++ b/packages/citrix_waf/data_stream/log/fields/ecs.yml @@ -30,8 +30,6 @@ name: event.code - external: ecs name: event.created -- external: ecs - name: event.created - external: ecs name: event.duration - external: ecs @@ -116,8 +114,6 @@ name: related.ip - external: ecs name: related.user -- external: ecs - name: server.domain - external: ecs name: source.address - external: ecs diff --git a/packages/citrix_waf/docs/README.md b/packages/citrix_waf/docs/README.md index 2d2ef7150b0..9fdaff8a29b 100644 --- a/packages/citrix_waf/docs/README.md +++ b/packages/citrix_waf/docs/README.md @@ -163,7 +163,7 @@ An example event for `log` looks as following: | Field | Description | Type | |---|---|---| -| @timestamp | Event timestamp. | date | +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | | citrix.cef_format | Whether the logging is in Citrix CEF format. | boolean | | citrix.cef_version | The CEF format version used in the logs. | keyword | | citrix.default_class | Whether the event class was the default. | boolean | diff --git a/packages/citrix_waf/manifest.yml b/packages/citrix_waf/manifest.yml index 7b320dfcd52..5fc162ab87e 100644 --- a/packages/citrix_waf/manifest.yml +++ b/packages/citrix_waf/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: citrix_waf title: "Citrix Web App Firewall" -version: 1.1.1 +version: 1.1.2 license: basic description: Ingest events from Citrix Systems Web App Firewall. type: integration diff --git a/packages/cloudflare/changelog.yml b/packages/cloudflare/changelog.yml index 67c13e2079a..76b12772ca6 100644 --- a/packages/cloudflare/changelog.yml +++ b/packages/cloudflare/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "2.2.4" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4401 - version: "2.2.3" changes: - description: Use ECS geo.location definition. diff --git a/packages/cloudflare/data_stream/logpull/fields/ecs.yml b/packages/cloudflare/data_stream/logpull/fields/ecs.yml index a85f3623a0d..84dce957ea0 100644 --- a/packages/cloudflare/data_stream/logpull/fields/ecs.yml +++ b/packages/cloudflare/data_stream/logpull/fields/ecs.yml @@ -12,8 +12,6 @@ external: ecs - name: client.geo.continent_name external: ecs -- name: client.geo.country_iso_code - external: ecs - name: client.geo.region_iso_code external: ecs - name: client.geo.location diff --git a/packages/cloudflare/manifest.yml b/packages/cloudflare/manifest.yml index 87d860d9197..cce82a04855 100644 --- a/packages/cloudflare/manifest.yml +++ b/packages/cloudflare/manifest.yml @@ -1,6 +1,6 @@ name: cloudflare title: Cloudflare -version: 2.2.3 +version: 2.2.4 release: ga description: Collect logs from Cloudflare with Elastic Agent. type: integration diff --git a/packages/cyberark_pta/changelog.yml b/packages/cyberark_pta/changelog.yml index 0d1732cddca..aa8c14cef7a 100644 --- a/packages/cyberark_pta/changelog.yml +++ b/packages/cyberark_pta/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.1.2" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4401 - version: "0.1.1" changes: - description: Remove duplicate field. diff --git a/packages/cyberark_pta/data_stream/events/fields/cef.yml b/packages/cyberark_pta/data_stream/events/fields/cef.yml index db1dc69d846..25d4c7006c6 100644 --- a/packages/cyberark_pta/data_stream/events/fields/cef.yml +++ b/packages/cyberark_pta/data_stream/events/fields/cef.yml @@ -212,18 +212,6 @@ - name: deviceCustomDate2Label type: keyword description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. - - name: deviceCustomIPv6Address2 - type: ip - description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. - - name: deviceCustomIPv6Address2Label - type: keyword - description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. - - name: deviceCustomIPv6Address3 - type: ip - description: One of four IPv6 address fields available to map fields that do not apply to any other in this dictionary. - - name: deviceCustomIPv6Address3Label - type: keyword - description: All custom fields have a corresponding label field. Each of these fields is a string and describes the purpose of the custom field. - name: deviceCustomNumber1 type: long description: One of three number fields available to map fields that do not apply to any other in this dictionary. Use sparingly and seek a more specific, dictionary supplied field when possible. diff --git a/packages/cyberark_pta/manifest.yml b/packages/cyberark_pta/manifest.yml index c312a39badd..204f9c7a43a 100644 --- a/packages/cyberark_pta/manifest.yml +++ b/packages/cyberark_pta/manifest.yml @@ -1,6 +1,6 @@ name: cyberark_pta title: Cyberark Privileged Threat Analytics -version: 0.1.1 +version: 0.1.2 release: beta license: basic description: Collect security logs from Cyberark PTA integration. diff --git a/packages/cylance/changelog.yml b/packages/cylance/changelog.yml index 01717d91e9a..07e13dff067 100644 --- a/packages/cylance/changelog.yml +++ b/packages/cylance/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.10.2" + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4401 - version: "0.10.1" changes: - description: Use ECS geo.location definition. diff --git a/packages/cylance/data_stream/protect/fields/base-fields.yml b/packages/cylance/data_stream/protect/fields/base-fields.yml index f7a828b7532..0e6d6970311 100644 --- a/packages/cylance/data_stream/protect/fields/base-fields.yml +++ b/packages/cylance/data_stream/protect/fields/base-fields.yml @@ -15,9 +15,6 @@ type: constant_keyword description: Event dataset value: cylance.protect -- name: '@timestamp' - type: date - description: Event timestamp. - name: container.id description: Unique container id. ignore_above: 1024 diff --git a/packages/cylance/data_stream/protect/fields/ecs.yml b/packages/cylance/data_stream/protect/fields/ecs.yml index fd1b4594e68..5d22b129aef 100644 --- a/packages/cylance/data_stream/protect/fields/ecs.yml +++ b/packages/cylance/data_stream/protect/fields/ecs.yml @@ -202,8 +202,6 @@ name: source.subdomain - external: ecs name: source.top_level_domain -- external: ecs - name: tags - external: ecs name: url.domain - external: ecs diff --git a/packages/cylance/manifest.yml b/packages/cylance/manifest.yml index a20b8d1d3e0..3802ad08e45 100644 --- a/packages/cylance/manifest.yml +++ b/packages/cylance/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: cylance title: CylanceProtect Logs -version: "0.10.1" +version: "0.10.2" description: Collect logs from CylanceProtect devices with Elastic Agent. categories: ["security"] release: experimental diff --git a/packages/darktrace/changelog.yml b/packages/darktrace/changelog.yml index b2fd6055c2f..7cc05faccb8 100644 --- a/packages/darktrace/changelog.yml +++ b/packages/darktrace/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: '0.1.2' + changes: + - description: Remove duplicate fields. + type: bugfix + link: https://github.com/elastic/integrations/pull/4401 - version: '0.1.1' changes: - description: Fix documentation diff --git a/packages/darktrace/data_stream/ai_analyst_alert/fields/agent.yml b/packages/darktrace/data_stream/ai_analyst_alert/fields/agent.yml index 10023a11743..47d5be58da9 100644 --- a/packages/darktrace/data_stream/ai_analyst_alert/fields/agent.yml +++ b/packages/darktrace/data_stream/ai_analyst_alert/fields/agent.yml @@ -97,30 +97,11 @@ description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword ignore_above: 1024 description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - name: os.family level: extended type: keyword diff --git a/packages/darktrace/data_stream/model_breach_alert/fields/agent.yml b/packages/darktrace/data_stream/model_breach_alert/fields/agent.yml index 1f754679d06..2ad539b9eb2 100644 --- a/packages/darktrace/data_stream/model_breach_alert/fields/agent.yml +++ b/packages/darktrace/data_stream/model_breach_alert/fields/agent.yml @@ -97,20 +97,6 @@ description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword @@ -156,11 +142,6 @@ ignore_above: 1024 description: Operating system version as a raw string. example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - name: containerized type: boolean description: >- diff --git a/packages/darktrace/data_stream/system_status_alert/fields/agent.yml b/packages/darktrace/data_stream/system_status_alert/fields/agent.yml index 10023a11743..feb71b5a75f 100644 --- a/packages/darktrace/data_stream/system_status_alert/fields/agent.yml +++ b/packages/darktrace/data_stream/system_status_alert/fields/agent.yml @@ -97,20 +97,11 @@ description: 'Name of the domain of which the host is a member. For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' example: CONTOSO default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. It normally contains what the `hostname` command returns on the host machine.' - name: id level: core type: keyword ignore_above: 1024 description: 'Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - name: mac level: core type: keyword diff --git a/packages/darktrace/manifest.yml b/packages/darktrace/manifest.yml index 7f78b5491db..48fc51dafe2 100644 --- a/packages/darktrace/manifest.yml +++ b/packages/darktrace/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: darktrace title: Darktrace -version: 0.1.1 +version: 0.1.2 license: basic description: Collect logs from Darktrace with Elastic Agent. type: integration